Assistant icon
Can I help you? What type of test are you looking for?

Luke SIGMUND Consultant

×
Assistant avatar
Can I help you? What type of test are you looking for?
HR and Psychometrics Blog
HUMAN RESOURCES BLOG & EXPERTISE

HR and Psychometrics Blog

Optimize your recruitment processes
Master psychometric tests
Modernize your skills assessments
Revolutionize annual appraisals
Leverage aptitude tests
Best HR & management practices

AI Recruitment Tools Compliance: NYC Law 144 and the AI Act Explained

Jun 26, 2026, 18:18 by Sam Martin
NYC Law 144 and the EU's AI Act impose stringent compliance regulations on AI recruitment tools, ensuring transparency and fairness in hiring practices while addressing potential biases in automated decision-making. Companies must adapt to these evolving legal frameworks to avoid penalties and protect candidate rights.
NYC Law 144 and the EU AI Act can expose your hiring process. Learn the core rules, then review your tools and reduce risk now.

Your tool ranks people. Fine. But can you prove it does not rank unfairly? If you cannot, the risk is already inside your hiring flow.

Psychometric tests for workplace diversity 2026.

Point cle : Compliance is not about loving process. It is about proving fairness, human oversight, and auditability when AI touches hiring decisions.

NYC Law 144 and AI Act compliance in hiring

NYC Law 144 and the EU AI Act do not ask the same question. Yet they hit the same nerve. Can you explain how your tool works? Can you show what it did? Can you show who watched it? That is where NYC Law 144 AI hiring compliance starts. Not in the vendor demo. Not in the sales deck. In proof.

If your process uses scoring, ranking, screening, or recommendation, you are in a sensitive zone. A tool can be fast. A tool can be neat. A tool can still carry bias from past data. The recruitment tests page shows how structured assessment can support a clearer process. But structure is not enough on its own. You still need governance, review, and records.

What the rules are trying to stop

The goal is simple. Stop hidden discrimination from entering hiring through software. New York City Local Law 144 requires an annual bias audit for automated employment decision tools. The city also requires notice to candidates and published audit information. The law applies when the tool is used for hiring or promotion decisions in New York City. That is not a small detail. That is the trigger.

The EU AI Act takes a wider view. It classifies certain hiring systems as high-risk. That means more control, more documentation, and more human oversight. The European Parliament adopted the final text in 2024. The timeline matters. Key obligations begin to apply in phases, including from 2 August 2026 for many high-risk use cases. Source: AI Act tracker.

Why HR should care now

Ask yourself one blunt question. If an applicant asked why they were screened out, could you answer with evidence? Most teams cannot. They have a vendor name. They have a dashboard. They do not have a clean audit trail. That is why the conversation belongs with the DRH, the DPO, and legal counsel. Not only with IT.

This is also about trust. People notice when a system decides too much, too soon. A candidate feels it in seconds. That feeling affects reputation, acceptance rate, and time to hire. In the UK and US market, employers face rising scrutiny over automated screening. According to the U.S. Equal Employment Opportunity Commission, AI tools can create discriminatory outcomes if they are not validated and monitored. Source: EEOC.

What NYC Law 144 requires from hiring tools

NYC Law 144 is not a vague ethics note. It is a concrete rule. If an automated employment decision tool is used in New York City, the employer must obtain an independent bias audit. The audit must be done at least once every year. The employer also needs to give notice to candidates and employees. The notice must tell them that the tool is in use. It must also tell them which job qualifications and characteristics the tool uses.

That means your process needs evidence before the process starts. Not after a complaint. Not after a candidate challenges a decision. You need a vendor record, an audit report, a notice workflow, and a human review step. Source: New York City Department of Consumer and Worker Protection.

The core obligations in plain English

  • Annual audit for bias in the tool.
  • Candidate notice before the tool is used.
  • Public posting of audit summary details.
  • Human oversight in the hiring workflow.

What this means in daily HR work

Think about a real case. A recruiter opens 200 applications on Monday morning. The tool ranks them in seconds. One profile looks strong on paper. Another profile gets pushed down. Why? Was it experience? Education? A keyword pattern? Or a biased proxy? If you cannot explain that logic, your process is weak.

Now think about onboarding of the tool itself. Who approved it? Who tested it? Who owns the audit file? If the answer is “no one clearly,” then the control model is broken. Good compliance begins with ownership. Then documentation. Then review.

How the EU AI Act changes recruitment screening

The EU AI Act treats certain hiring tools as high-risk systems. That matters because hiring affects access to work, income, and social mobility. The law expects risk management, data governance, logging, technical documentation, transparency, and human oversight. In other words, it expects discipline. Not vague promises.

The AI Act also raises the bar on vendor choice. You cannot hide behind the supplier if your team decides how the system is used. If you configure thresholds badly, the problem is yours too. If you ignore warnings, the problem is yours too. That is why legal, HR, and procurement need a shared file. Source: European Commission AI policy.

High-risk does not mean forbidden

High-risk means controlled. That is the key distinction. You can still use AI in hiring. You just need stronger process discipline. The system should support decisions. It should not replace them. A recruiter still needs to look at context. A manager still needs to review. A DPO still needs traceability.

The law also pushes better data quality. That means fewer junk inputs, fewer proxy variables, and fewer blind spots. It also means testing across groups before launch. If the model behaves differently by age, gender, disability proxy, or education route, you need to know it early.

A simple question for your team

Would you be comfortable showing the system log to a regulator tomorrow? If the answer is no, the implementation is not ready. You do not need perfection. You need control. You need to know where the model was trained, what it scores, who sees the result, and who can override it.

Where bias enters the hiring process

Bias rarely arrives with a loud warning. It slips in quietly. Past hires shape the data. Past data shapes the model. Then the model repeats the past. That is the danger. A tool can learn that one type of CV looks “better” because it copied old hiring habits. It can also overvalue certain schools, career paths, or phrases.

That is why bias testing matters before launch and after launch. The test is not cosmetic. It is a real control. In the UK and US, employers are being pushed to show fairness, not just claim it. A 2024 Deloitte analysis on trust in AI found that trust depends heavily on transparency and governance. Source: Deloitte 2024.

Common bias points in screening

  • Proxy data that mirrors protected traits.
  • Historic hiring patterns that repeat old choices.
  • Keyword filters that favor one type of CV language.
  • Ranking logic that hides the reasons behind the score.

What HR can do on day one

Start with the basics. Ask for the audit report. Ask for the model logic summary. Ask for the data categories used. Ask for the human override process. If the vendor cannot answer in plain English, slow down. A clean process is better than a fast risk.

Then test on real cases. Not only on polished sample profiles. Use recent applicant data, but remove identifying detail where needed. Compare results by group. Look for big score jumps that do not make sense. Then document what you found.

Why Sigmund tests can support safer hiring

Structured assessment helps when a team wants more consistency. It reduces guesswork. It gives hiring managers a clearer basis for feedback. It also helps create records you can defend. That is useful when you need to explain why one person moved forward and another did not. The goal is not to let a tool decide everything. The goal is to create a process that can stand up to scrutiny.

If you want a clearer view of how assessment supports recruitment governance, read the Sigmund test platform page. It shows how a structured testing approach can fit into a controlled workflow. You still need policy, but the testing layer can improve consistency and traceability.

What a safer setup looks like

  1. Define the hiring stage where AI is used.
  2. Keep human review in the loop.
  3. Store the audit and validation files.
  4. Tell candidates when the tool is used.
  5. Review the system on a set schedule.

One practical benchmark

Many teams work with a vendor but never own the evidence. That is a mistake. Own the records. Own the notices. Own the review cadence. If the tool touches selection, your team needs a clear file that a DPO or lawyer can read without guessing. The best system is not the smartest one. It is the one you can explain.

Attention : A vendor demo is not proof of compliance. If you cannot produce the audit, the notice, and the oversight record, your process is exposed.

Review structured HR assessments now

Read the next step in the series in HR news and guidance.

What human supervision really means under AI hiring law

AI recruitment tools compliance with NYC law and AI Act.

Point cle : Human supervision is not a name on an org chart. It is a real control point. If nobody can stop, review, or explain an automated decision, the process is weak.

The legal point is simple. A human must be able to intervene. Not later. Not after a complaint. Now. That is the heart of Article 14 in the European AI Act, and it is also the practical lesson from NYC Local Law 144. If your team cannot show who reviews the result, when they review it, and what they can change, your process is exposed.

Ask yourself one hard question. If the CEO asked for the last ten hiring decisions, could the HR team explain each one in plain English? If not, the process is too opaque. In the NYC rules, an independent bias audit is required at least once every 12 months, and notice must be given at least 10 business days before use. Source: Deloitte US.

Set the human review point

Pick the exact moment where a person steps in. Before shortlist? Before interview? Before rejection? Be precise. Vague supervision fails in practice. A recruiter cannot coach what they cannot see. A manager cannot defend what they cannot explain.

  • Name one human owner for each automated stage.
  • Write the review rule in one sentence.
  • Record who can override the tool.

Document the override path

People trust what they can trace. That is why logs matter. If a tool ranks a candidate low because of a keyword pattern, the reviewer should be able to override that result and note the reason. The New York State Office of the State Comptroller reported that enforcement has been ineffective and that many employers missed required audits in the prior 12 months. That is not a small flaw. It is a warning.

Use a short internal record. Date. Tool name. Reviewer name. Decision. Reason. If this feels heavy, ask why. Is the process too fast to govern? Then it is too fast to trust.

Bias audit, notice, and records: what to do next

Do not wait for the next renewal cycle. Review the tools today. Re-read the contracts today. Recheck technical integrations today. If data flows into the system without a human review point, the risk grows quietly. NYC Local Law 144 requires an annual independent bias audit and public disclosure of a summary. The first violation can carry a penalty of 375 dollars. Later violations can reach 1,500 dollars. Source: the final regulations summarized by Littler.

What does a strong audit process look like in practice? It starts with evidence. Not opinion. Not vendor promises. Real output data. Real decision records. Real sampling. If a tool screens 2,000 applicants a year, the employer should know how the score behaves across groups and stages. That is basic governance, not decoration.

Build a compliance file

Your file should hold the facts that matter. Keep the audit summary. Keep the candidate notice. Keep the vendor contract. Keep the annual review date. Keep the escalation path. This is not bureaucracy for its own sake. It is the only way to answer a complaint with proof.

“If you cannot show the control, you do not truly have the control.”

Use a plain-English notice

The notice should say what the tool does, when it is used, and how a person can request help. Write it like you would speak to a candidate on the phone. Short lines. Clear steps. No legal fog. That is where trust starts.

  • Tell people when the tool is used.
  • Say how to request a human review.
  • Publish the audit summary where people can find it.

How HR teams should run the process day to day

This is where many teams slip. They buy a tool. They train users once. Then they forget the process. Do not do that. A compliant workflow needs routine care. Think onboarding, feedback, and coaching. The same logic applies here. People need repetition. The process needs owners. The evidence needs a home.

According to the NYC framework, notice must come before use. According to the audit rule, review must happen every 12 months. According to the state audit, weak enforcement can leave gaps in practice. Those numbers matter because they force rhythm. Without rhythm, compliance becomes a memory game. And memory fails under pressure.

Run a monthly control routine

Use a short calendar. Each month, ask four things. Is the tool still active? Has the vendor changed the model? Has the review log been filled in? Has any candidate asked for an explanation? Simple questions reveal broken systems.

  • Review tool access rights.
  • Re-read the notice text.
  • Sample recent decisions.

Train the reviewer, not only the recruiter

The reviewer is the control point. That person needs more than tool training. They need judgment. They need soft skills. They need the confidence to say no to an automated result. If the manager treats the score like truth, the process is already broken.

For an internal benchmark, compare how many decisions were accepted without comment against how many were questioned. If the answer is almost all of them, ask why. Is the tool helping, or is it quietly steering people?

What a good vendor contract should say

Do not rely on sales language. Read the contract. If the vendor cannot support an annual bias audit, the product is a problem. If the vendor refuses to explain model changes, the product is a problem. If the vendor cannot help with notice language, the process becomes harder than it needs to be.

This is where legal, HR, and IT need the same page. The legal team wants risk control. HR wants fairness. IT wants stable integrations. All three want proof. That is the point. A good contract should make evidence easy to collect and hard to lose.

Ask for these clauses

Keep the list short. Ask for audit support. Ask for change logs. Ask for notice support. Ask for data retention details. Ask for a named contact. If the vendor hesitates, take that seriously. Vendors shape the daily reality of compliance.

  • Independent audit support in writing.
  • Model change notification.
  • Data retention and deletion terms.

Tie the tool to your wider talent process

A tool should not sit alone. Link it to onboarding, performance review, and talent planning. If the same data shape feeds multiple stages, the risk can spread. That is why one clean governance model is better than five separate habits. The HR team should know where the data came from, who touched it, and why it was used.

Where SIGMUND fits in a compliant hiring process

Good assessment is not about hiding people behind a score. It is about getting stronger evidence. SIGMUND gives you objective tests that help you compare candidates in a cleaner way. That matters when you need a process you can explain to leadership, to candidates, and to auditors.

If you want a wider view of people data and talent evaluation, explore SIGMUND HR assessments. If you want more context on how hiring tools are used in practice, read SIGMUND HR news. Those pages can help you build a process that is more consistent and easier to defend.

Use assessments as one control, not the whole answer

Assessment data should support human judgment. It should not replace it. That is the cleanest way to reduce bias, improve consistency, and keep the process understandable. A test result is a signal. It is not a verdict.

Ask one final question. Can your team explain the decision without hiding behind the tool? If yes, you are closer to real supervision. If not, the next audit will be harder than it should be.

Ready to transform your hiring process?

Discover SIGMUND assessment tests — objective, science-based, immediately actionable.

Discover the tests

Frequently Asked Questions

NYC Local Law 144 regulates automated employment decision tools used in hiring and promotions. It requires a bias audit, public notice, and clear candidate disclosures. If your tool scores, ranks, or screens applicants, you must show it was tested for unfair impact before use.

The EU AI Act classifies many hiring systems as high-risk because they affect access to work. That means stronger duties for documentation, oversight, transparency, and risk control. If your recruitment software influences decisions, you need evidence that it is monitored and explainable.

You can prove it with a documented bias audit, test results, and repeated monitoring across protected groups. Keep records of inputs, scoring logic, and outcomes. If the system changes or retrains, run a new review. One audit is not enough for ongoing compliance.

Human supervision means a real person can review, pause, override, and explain the automated output before a decision is finalized. A name on an org chart is not enough. The reviewer must have authority, training, and access to the data and logic behind the result.

Automation follows fixed rules, while AI uses data-driven models that can learn patterns and rank candidates dynamically. In hiring, AI usually creates greater compliance risk because it may be harder to explain and audit. That is why documentation, testing, and oversight matter more.

Review AI hiring tools at least every 12 months, and sooner if the model, data, job criteria, or vendor changes. You should also review after any complaint, audit finding, or performance drift. Ongoing monitoring is essential because fairness can change over time.

Test Your Mastery of AI Hiring Compliance in Practice

Can you prove your hiring process is fair, auditable, and truly under human control when AI is involved?

10 questions · ~2 minutes

📚 Related articles

Explore the SIGMUND Test Catalog

Discover our comprehensive range of scientifically validated psychometric tests