NYC Local Law 144 requires annual independent bias audits for any automated tool influencing employment decisions. California, Illinois, and New York City mandate candidate disclosure when AI plays a role in hiring. These seven governance rules cover what your recruiting team needs to stay compliant, auditable, and protected from litigation.
TL;DR: AI hiring governance comes down to mapping your tools, disclosing their use, auditing for bias on a fixed schedule, holding vendors accountable for model transparency, and logging every automated decision so you can defend it. Skipping any step exposes you to EEOC enforcement, state-level penalties, and class-action suits like those pending against Workday and Eightfold AI.
Map every AI touchpoint before you automate anything else
Most recruiting teams add automation tools one at a time. A resume screener here, an interview scheduler there, a chatbot for candidate Q&A. Within 18 months, you end up with 5 to 8 tools touching hiring decisions and nobody holding a complete inventory. That’s where recruitment automation compliance breaks down.
Build a single registry listing every AI-influenced step in your hiring funnel. For each tool, document the vendor name, the data inputs it consumes, the decision it affects (screen-in, screen-out, rank, schedule), and which candidate populations it touches. The EEOC’s initiative on AI and algorithmic fairness makes clear that the agency expects employers to know exactly which tools influence decisions. EEOC Chair Charlotte A. Burrows stated when announcing the initiative that its focus would be ensuring emerging hiring tools “comply with federal civil rights laws that the agency enforces.”
And 79% of workers say they expect to know when AI is involved in evaluating them. Your registry is the foundation for meeting that expectation.
Assign a named owner to every automated decision
Accountability in AI hiring governance means one person’s name is attached to each automated decision point. Not a department. A person who can explain why the tool was selected, how it was configured, and what oversight it receives.
The Brookings Institution recommends “developing a regular and thorough audit of the data collected for the algorithmic operation, along with responses from developers, civil society, and others impacted by the algorithm” to detect and deter biases. That audit needs an owner. When lawsuits arrive, courts don’t accept “the algorithm did it.” The cases against Workday and Eightfold AI, analyzed by Veris Insights, center on a direct question: who is responsible when an AI tool discriminates? Courts are signaling the answer is both the vendor and the employer who deployed the tool.
Set up a cross-functional governance committee led by your CHRO or Chief Legal Officer. This group meets quarterly. It reviews tool performance, flags incidents, and makes go/no-go decisions on new AI deployments. Each tool in your registry should list one committee member as its named owner, with that person’s sign-off required before any configuration change goes live.
Disclose AI usage to candidates at every stage
Three major U.S. jurisdictions already require employers to tell candidates when AI is part of evaluation. Illinois’s Artificial Intelligence Video Interview Act requires written notice before any AI analysis of video interviews, plus candidate consent. NYC Local Law 144 requires employers to publish bias audit summaries on their website at least 10 days before using an automated employment decision tool on candidates.
Don’t wait for your state to catch up. Build disclosure language into your company job portal application flow now. Specify which stages use automation, what data the tool analyzes, and how it influences decisions. Offer candidates an alternative evaluation method if they ask for one. This protects you legally and builds trust: candidates who understand the process are far less likely to file complaints or challenge outcomes.
Tip: Add a plain-language paragraph to your application page explaining AI involvement. For example: “We use automated tools to help screen resumes and schedule interviews. A human recruiter reviews all recommendations before any hiring decision is made.” Adjust the specifics to match your actual workflow.
Run bias audits every quarter, even without a legal mandate
NYC Local Law 144 sets a floor of 1 annual independent audit for automated employment decision tools. Treat it as a floor. Quarterly testing catches algorithmic drift faster and gives you 4 data points per year instead of 1.
Each audit should test for disparate impact across protected groups: race, gender, age, disability status, and national origin. The EEOC enforces federal laws covering all of these categories. Research from Iowa State University on automated resume screening bias found that suppressing demographic signals in training data doesn’t eliminate bias. The model finds proxy variables (ZIP code, school name, employment gaps) that correlate with protected characteristics. Bias becomes invisible in the data while remaining present in outcomes.
Run the four-fifths rule on your screening results every quarter. If any group’s selection rate falls below 80% of the highest-performing group’s rate, flag the tool for immediate review. Document the results, the methodology, and any corrective actions. This documentation becomes your ATS audit trail, and it’s the first thing regulators and attorneys request.
Require vendors to open their model logic
Your vendor contract is your first line of defense. Too many recruiting teams sign agreements that treat the AI model as a black box. When the EEOC or a plaintiff’s attorney asks how your screening tool ranks candidates, “we don’t know, it’s proprietary” won’t hold up.
Contracts should require vendors to provide documentation of model inputs, training data sources, and decision weighting. They should share bias audit results conducted on their end. And they should accept contractual liability for discriminatory outcomes traced to their model’s design. SupportFinity’s approach offers a benchmark: their AI recommendations include explainability features providing auditable reasoning for every decision, supporting EEOC compliance documentation.
A 2023 paper published on arXiv examining bias in LLM-based candidate screening found that large language models introduce “additional bias and fairness issues” beyond what traditional screening methods create. As AI hiring tools grow more complex, vendor transparency becomes proportionally more critical. If a vendor refuses to explain how their model works, that tells you the risk you’d be accepting.
If a vendor refuses to explain how their model ranks candidates, that refusal tells you everything about the risk you’re accepting.
Log every automated screening decision with a retrievable audit trail
Automated workflows create audit trails by default, but only when you configure them correctly. Every screen-in, screen-out, rank change, and recommendation your AI tools generate should be logged with a timestamp, the candidate ID, the input data used, and the output decision. Platforms with built-in audit capabilities automatically record and timestamp every change, ensuring organizations are always inspection-ready according to federal standards.
For I-9 and E-Verify compliance, tools like Paycom send automatic reminders 90 days before work authorizations expire and sync data without duplicate entry, maintaining encrypted, centralized storage. Apply the same rigor to your screening and interview tools.
Your ATS audit trail should answer 5 questions for any given candidate: (1) What data did the tool receive? (2) What decision did it output? (3) What criteria drove that decision? (4) Did a human review it? (5) What was the final outcome? If your system can’t answer all five, you have a logging gap. As we’ve detailed in our coverage of employer liability for AI hiring tools, that gap becomes your legal exposure in court.
Train recruiters to override and document every exception
Human-in-the-loop oversight means nothing if recruiters don’t know how to exercise it. Train every recruiter who touches AI-influenced decisions on three things: how to interpret the tool’s output, when to override it, and how to document the override in your system of record.
Harvard research shows that ATS platforms filter out millions of qualified workers before a human ever sees their application. When recruiters do review AI recommendations, they need the training and confidence to push back. A recruiter who rubber-stamps every automated recommendation isn’t providing oversight. They’re creating a paper trail that looks like oversight but wouldn’t survive legal scrutiny.
Build override documentation directly into your ATS workflow. When a recruiter disagrees with an AI recommendation, they select a reason code (e.g., “relevant experience missed by keyword match,” “false positive on qualification filter”) and add a one-sentence explanation. This creates the automated screening accountability record regulators expect. Run quarterly training sessions that include real examples of algorithmic errors your team has caught. That reinforces the value of human judgment and gives your organization defensible proof that the loop is real.
| Governance Area | Minimum Frequency | Owner | Key Documentation |
|---|---|---|---|
| AI touchpoint mapping | Semi-annual | Governance committee | Tool registry with vendor, data inputs, decision type |
| Bias audit | Quarterly | Named tool owner | Four-fifths rule results, methodology, corrective actions |
| Candidate disclosure | Every application | Recruiting ops | Disclosure language on portal, consent records |
| Vendor transparency review | Annual (at contract renewal) | Legal + recruiting | Model documentation, vendor audit results, liability clauses |
| ATS audit trail check | Monthly | Recruiting ops | Log completeness for all 5 audit trail questions |
| Recruiter override training | Quarterly | L&D + recruiting | Attendance records, override reason-code usage rates |
When These Rules Aren’t Enough
These seven rules cover the operational backbone of AI hiring governance. They’ll keep you ahead of current EEOC and AI recruiting enforcement and ahead of most state-level regulations. But the legal landscape is moving fast. The 2023 AI Executive Order directed multiple federal agencies to evaluate AI use in their operations, and a National AI Talent Surge brought AI specialists into government to accelerate regulatory capacity.
New rules are coming. The EU AI Act already classifies employment-related AI as “high risk,” and U.S. federal legislation is tracking a similar direction. Your governance framework needs a built-in review trigger: every time a new regulation passes or a major enforcement action drops, your committee reconvenes within 30 days to assess the impact on your tools and processes.
The organizations that treat governance as a living process, updating registries, retraining teams, and renegotiating vendor contracts as the rules evolve, are the ones that won’t be scrambling when the next Local Law 144 arrives in their jurisdiction. Building that structure now is the whole point. The specific rules will keep changing. The structure holds.
