
Your tool ranks people. Fine. But can you prove it does not rank unfairly? If you cannot, the risk is already inside your hiring flow.
Point cle : Compliance is not about loving process. It is about proving fairness, human oversight, and auditability when AI touches hiring decisions.
NYC Law 144 and the EU AI Act do not ask the same question. Yet they hit the same nerve. Can you explain how your tool works? Can you show what it did? Can you show who watched it? That is where NYC Law 144 AI hiring compliance starts. Not in the vendor demo. Not in the sales deck. In proof.
If your process uses scoring, ranking, screening, or recommendation, you are in a sensitive zone. A tool can be fast. A tool can be neat. A tool can still carry bias from past data. The recruitment tests page shows how structured assessment can support a clearer process. But structure is not enough on its own. You still need governance, review, and records.
The goal is simple. Stop hidden discrimination from entering hiring through software. New York City Local Law 144 requires an annual bias audit for automated employment decision tools. The city also requires notice to candidates and published audit information. The law applies when the tool is used for hiring or promotion decisions in New York City. That is not a small detail. That is the trigger.
The EU AI Act takes a wider view. It classifies certain hiring systems as high-risk. That means more control, more documentation, and more human oversight. The European Parliament adopted the final text in 2024. The timeline matters. Key obligations begin to apply in phases, including from 2 August 2026 for many high-risk use cases. Source: AI Act tracker.
Ask yourself one blunt question. If an applicant asked why they were screened out, could you answer with evidence? Most teams cannot. They have a vendor name. They have a dashboard. They do not have a clean audit trail. That is why the conversation belongs with the DRH, the DPO, and legal counsel. Not only with IT.
This is also about trust. People notice when a system decides too much, too soon. A candidate feels it in seconds. That feeling affects reputation, acceptance rate, and time to hire. In the UK and US market, employers face rising scrutiny over automated screening. According to the U.S. Equal Employment Opportunity Commission, AI tools can create discriminatory outcomes if they are not validated and monitored. Source: EEOC.
NYC Law 144 is not a vague ethics note. It is a concrete rule. If an automated employment decision tool is used in New York City, the employer must obtain an independent bias audit. The audit must be done at least once every year. The employer also needs to give notice to candidates and employees. The notice must tell them that the tool is in use. It must also tell them which job qualifications and characteristics the tool uses.
That means your process needs evidence before the process starts. Not after a complaint. Not after a candidate challenges a decision. You need a vendor record, an audit report, a notice workflow, and a human review step. Source: New York City Department of Consumer and Worker Protection.
Think about a real case. A recruiter opens 200 applications on Monday morning. The tool ranks them in seconds. One profile looks strong on paper. Another profile gets pushed down. Why? Was it experience? Education? A keyword pattern? Or a biased proxy? If you cannot explain that logic, your process is weak.
Now think about onboarding of the tool itself. Who approved it? Who tested it? Who owns the audit file? If the answer is “no one clearly,” then the control model is broken. Good compliance begins with ownership. Then documentation. Then review.
The EU AI Act treats certain hiring tools as high-risk systems. That matters because hiring affects access to work, income, and social mobility. The law expects risk management, data governance, logging, technical documentation, transparency, and human oversight. In other words, it expects discipline. Not vague promises.
The AI Act also raises the bar on vendor choice. You cannot hide behind the supplier if your team decides how the system is used. If you configure thresholds badly, the problem is yours too. If you ignore warnings, the problem is yours too. That is why legal, HR, and procurement need a shared file. Source: European Commission AI policy.
High-risk means controlled. That is the key distinction. You can still use AI in hiring. You just need stronger process discipline. The system should support decisions. It should not replace them. A recruiter still needs to look at context. A manager still needs to review. A DPO still needs traceability.
The law also pushes better data quality. That means fewer junk inputs, fewer proxy variables, and fewer blind spots. It also means testing across groups before launch. If the model behaves differently by age, gender, disability proxy, or education route, you need to know it early.
Would you be comfortable showing the system log to a regulator tomorrow? If the answer is no, the implementation is not ready. You do not need perfection. You need control. You need to know where the model was trained, what it scores, who sees the result, and who can override it.
Bias rarely arrives with a loud warning. It slips in quietly. Past hires shape the data. Past data shapes the model. Then the model repeats the past. That is the danger. A tool can learn that one type of CV looks “better” because it copied old hiring habits. It can also overvalue certain schools, career paths, or phrases.
That is why bias testing matters before launch and after launch. The test is not cosmetic. It is a real control. In the UK and US, employers are being pushed to show fairness, not just claim it. A 2024 Deloitte analysis on trust in AI found that trust depends heavily on transparency and governance. Source: Deloitte 2024.
Start with the basics. Ask for the audit report. Ask for the model logic summary. Ask for the data categories used. Ask for the human override process. If the vendor cannot answer in plain English, slow down. A clean process is better than a fast risk.
Then test on real cases. Not only on polished sample profiles. Use recent applicant data, but remove identifying detail where needed. Compare results by group. Look for big score jumps that do not make sense. Then document what you found.
Structured assessment helps when a team wants more consistency. It reduces guesswork. It gives hiring managers a clearer basis for feedback. It also helps create records you can defend. That is useful when you need to explain why one person moved forward and another did not. The goal is not to let a tool decide everything. The goal is to create a process that can stand up to scrutiny.
If you want a clearer view of how assessment supports recruitment governance, read the Sigmund test platform page. It shows how a structured testing approach can fit into a controlled workflow. You still need policy, but the testing layer can improve consistency and traceability.
Many teams work with a vendor but never own the evidence. That is a mistake. Own the records. Own the notices. Own the review cadence. If the tool touches selection, your team needs a clear file that a DPO or lawyer can read without guessing. The best system is not the smartest one. It is the one you can explain.
Attention : A vendor demo is not proof of compliance. If you cannot produce the audit, the notice, and the oversight record, your process is exposed.
Review structured HR assessments now
Read the next step in the series in HR news and guidance.
Point cle : Human supervision is not a name on an org chart. It is a real control point. If nobody can stop, review, or explain an automated decision, the process is weak.
The legal point is simple. A human must be able to intervene. Not later. Not after a complaint. Now. That is the heart of Article 14 in the European AI Act, and it is also the practical lesson from NYC Local Law 144. If your team cannot show who reviews the result, when they review it, and what they can change, your process is exposed.
Ask yourself one hard question. If the CEO asked for the last ten hiring decisions, could the HR team explain each one in plain English? If not, the process is too opaque. In the NYC rules, an independent bias audit is required at least once every 12 months, and notice must be given at least 10 business days before use. Source: Deloitte US.
Pick the exact moment where a person steps in. Before shortlist? Before interview? Before rejection? Be precise. Vague supervision fails in practice. A recruiter cannot coach what they cannot see. A manager cannot defend what they cannot explain.
People trust what they can trace. That is why logs matter. If a tool ranks a candidate low because of a keyword pattern, the reviewer should be able to override that result and note the reason. The New York State Office of the State Comptroller reported that enforcement has been ineffective and that many employers missed required audits in the prior 12 months. That is not a small flaw. It is a warning.
Use a short internal record. Date. Tool name. Reviewer name. Decision. Reason. If this feels heavy, ask why. Is the process too fast to govern? Then it is too fast to trust.
Do not wait for the next renewal cycle. Review the tools today. Re-read the contracts today. Recheck technical integrations today. If data flows into the system without a human review point, the risk grows quietly. NYC Local Law 144 requires an annual independent bias audit and public disclosure of a summary. The first violation can carry a penalty of 375 dollars. Later violations can reach 1,500 dollars. Source: the final regulations summarized by Littler.
What does a strong audit process look like in practice? It starts with evidence. Not opinion. Not vendor promises. Real output data. Real decision records. Real sampling. If a tool screens 2,000 applicants a year, the employer should know how the score behaves across groups and stages. That is basic governance, not decoration.
Your file should hold the facts that matter. Keep the audit summary. Keep the candidate notice. Keep the vendor contract. Keep the annual review date. Keep the escalation path. This is not bureaucracy for its own sake. It is the only way to answer a complaint with proof.
“If you cannot show the control, you do not truly have the control.”
The notice should say what the tool does, when it is used, and how a person can request help. Write it like you would speak to a candidate on the phone. Short lines. Clear steps. No legal fog. That is where trust starts.
This is where many teams slip. They buy a tool. They train users once. Then they forget the process. Do not do that. A compliant workflow needs routine care. Think onboarding, feedback, and coaching. The same logic applies here. People need repetition. The process needs owners. The evidence needs a home.
According to the NYC framework, notice must come before use. According to the audit rule, review must happen every 12 months. According to the state audit, weak enforcement can leave gaps in practice. Those numbers matter because they force rhythm. Without rhythm, compliance becomes a memory game. And memory fails under pressure.
Use a short calendar. Each month, ask four things. Is the tool still active? Has the vendor changed the model? Has the review log been filled in? Has any candidate asked for an explanation? Simple questions reveal broken systems.
The reviewer is the control point. That person needs more than tool training. They need judgment. They need soft skills. They need the confidence to say no to an automated result. If the manager treats the score like truth, the process is already broken.
For an internal benchmark, compare how many decisions were accepted without comment against how many were questioned. If the answer is almost all of them, ask why. Is the tool helping, or is it quietly steering people?
Do not rely on sales language. Read the contract. If the vendor cannot support an annual bias audit, the product is a problem. If the vendor refuses to explain model changes, the product is a problem. If the vendor cannot help with notice language, the process becomes harder than it needs to be.
This is where legal, HR, and IT need the same page. The legal team wants risk control. HR wants fairness. IT wants stable integrations. All three want proof. That is the point. A good contract should make evidence easy to collect and hard to lose.
Keep the list short. Ask for audit support. Ask for change logs. Ask for notice support. Ask for data retention details. Ask for a named contact. If the vendor hesitates, take that seriously. Vendors shape the daily reality of compliance.
A tool should not sit alone. Link it to onboarding, performance review, and talent planning. If the same data shape feeds multiple stages, the risk can spread. That is why one clean governance model is better than five separate habits. The HR team should know where the data came from, who touched it, and why it was used.
Good assessment is not about hiding people behind a score. It is about getting stronger evidence. SIGMUND gives you objective tests that help you compare candidates in a cleaner way. That matters when you need a process you can explain to leadership, to candidates, and to auditors.
If you want a wider view of people data and talent evaluation, explore SIGMUND HR assessments. If you want more context on how hiring tools are used in practice, read SIGMUND HR news. Those pages can help you build a process that is more consistent and easier to defend.
Assessment data should support human judgment. It should not replace it. That is the cleanest way to reduce bias, improve consistency, and keep the process understandable. A test result is a signal. It is not a verdict.
Ask one final question. Can your team explain the decision without hiding behind the tool? If yes, you are closer to real supervision. If not, the next audit will be harder than it should be.
Discover SIGMUND assessment tests — objective, science-based, immediately actionable.
Discover the testsNYC Local Law 144 regulates automated employment decision tools used in hiring and promotions. It requires a bias audit, public notice, and clear candidate disclosures. If your tool scores, ranks, or screens applicants, you must show it was tested for unfair impact before use.
The EU AI Act classifies many hiring systems as high-risk because they affect access to work. That means stronger duties for documentation, oversight, transparency, and risk control. If your recruitment software influences decisions, you need evidence that it is monitored and explainable.
You can prove it with a documented bias audit, test results, and repeated monitoring across protected groups. Keep records of inputs, scoring logic, and outcomes. If the system changes or retrains, run a new review. One audit is not enough for ongoing compliance.
Human supervision means a real person can review, pause, override, and explain the automated output before a decision is finalized. A name on an org chart is not enough. The reviewer must have authority, training, and access to the data and logic behind the result.
Automation follows fixed rules, while AI uses data-driven models that can learn patterns and rank candidates dynamically. In hiring, AI usually creates greater compliance risk because it may be harder to explain and audit. That is why documentation, testing, and oversight matter more.
Review AI hiring tools at least every 12 months, and sooner if the model, data, job criteria, or vendor changes. You should also review after any complaint, audit finding, or performance drift. Ongoing monitoring is essential because fairness can change over time.
Can you prove your hiring process is fair, auditable, and truly under human control when AI is involved?
10 questions · ~2 minutes
Discover our comprehensive range of scientifically validated psychometric tests