Does NYC Local Law 144 apply to my company if we're not based in NYC?

LL144 applies to any employer or employment agency using an AEDT for hiring or promotion decisions for roles based in New York City — regardless of where the employer is headquartered. If you hire for NYC-based roles and use AI in screening, it likely applies.

What counts as an 'automated employment decision tool' under these laws?

Generally, any AI, machine learning, or algorithmic tool that substantially assists or replaces human decision-making in hiring. This includes resume screening algorithms, candidate scoring systems, AI-analyzed video interviews, and skills assessment platforms with AI-driven rankings.

How often do bias audits need to be conducted?

NYC LL144 requires annual independent bias audits. The EU AI Act requires ongoing risk monitoring. Best practice is to conduct formal audits annually and continuous monitoring quarterly, especially when the AI tool is updated or retrained.

AI Hiring Compliance in 2026: NYC Local Law 144, EU AI Act, and What's Coming Next

If your organization uses AI in any part of the hiring process — resume screening, candidate scoring, interview scheduling, or assessment — you're now operating in a regulatory environment that didn't exist two years ago. The rules are real, the penalties are meaningful, and the pace of new legislation is accelerating.

This guide covers the three most impactful regulations affecting AI hiring tools in 2026, what they require, and a practical compliance checklist for mid-market HR teams.

NYC Local Law 144: The First Mover

New York City's Local Law 144, effective since July 2023 and actively enforced since 2024, was the first U.S. law specifically regulating automated employment decision tools (AEDTs). It applies to any employer or employment agency using an AI tool that "substantially assists or replaces discretionary decision-making" in hiring or promotion in New York City.

Key Requirements

Annual bias audit: Any AEDT must undergo an independent bias audit examining impact ratios across race/ethnicity and sex categories, conducted by an independent auditor, published on the employer's website.
Candidate notice: Candidates must be notified at least 10 business days before an AEDT is used, told what job qualifications and characteristics the tool assesses, and given the option to request an alternative selection process or accommodation.
Penalties: $500 for a first violation, $500–$1,500 for each subsequent violation. Each day an AEDT is used in violation constitutes a separate offense — meaning non-compliance can cost $1,500 per day.

What This Means in Practice

If you use any AI tool to screen, rank, or score candidates for NYC-based roles, you need a published bias audit and a candidate notification process. Many HR teams have discovered that their ATS vendor's "AI features" technically qualify as AEDTs — even basic resume-parsing algorithms that rank candidates by "fit score."

The EU AI Act: High-Risk Classification

The European Union's AI Act, which entered into force in August 2024 with phased compliance deadlines through 2026, takes a risk-based approach. AI systems used in "employment, workers management and access to self-employment" are classified as high-risk under Article 6 and Annex III.

Key Requirements for High-Risk AI in Hiring

Risk management system: Continuous identification, analysis, and mitigation of risks throughout the AI system lifecycle.
Data governance: Training data must be relevant, representative, and free from errors. Bias in training data must be identified and addressed.
Technical documentation: Detailed documentation of the system's purpose, functionality, limitations, and performance metrics — available to regulatory authorities on request.
Human oversight: The system must be designed to allow effective human oversight, including the ability to override or reverse AI decisions.
Transparency: Users (employers) must be informed that they're interacting with an AI system. Candidates must be informed when AI is used in hiring decisions affecting them.
Accuracy and robustness: Systems must achieve appropriate levels of accuracy, reliability, and cybersecurity.

Penalties

Fines for non-compliance range up to €35 million or 7% of global annual turnover, whichever is higher. While enforcement is still ramping up, the penalty structure signals how seriously the EU takes this.

U.S. State-Level Legislation: The Emerging Patchwork

Beyond NYC, several U.S. states have enacted or proposed AI hiring regulations:

Colorado AI Act (SB 24-205): Effective February 2026, requires employers using AI in "consequential decisions" (including hiring) to conduct impact assessments, provide notice to candidates, and implement risk management programs.
Illinois AI Video Interview Act: Already in effect, requires consent before AI analysis of video interviews and mandates data deletion upon request.
California: Multiple bills under consideration that would require bias testing, transparency reports, and candidate consent for AI hiring tools.
Maryland: Banned the use of facial recognition in job interviews without candidate consent.

The pattern is clear: state-level AI hiring regulation is expanding, and the requirements are converging around bias auditing, transparency, and human oversight.

Compliance Checklist for HR Leaders

Regardless of which specific regulations apply to your organization, the following steps represent best practice for any company using AI in hiring:

1. Inventory Your AI Tools

Map every tool in your hiring process that uses AI, machine learning, or algorithmic scoring — including features within your ATS that you may not think of as "AI." This includes resume parsing with ranking, candidate scoring, automated screening questions, video interview analysis, and skills assessment platforms.

2. Classify by Regulatory Exposure

Determine which regulations apply based on where your candidates and operations are located. NYC LL144 applies to NYC-based roles. The EU AI Act applies if you hire in the EU or offer services to EU residents. State laws apply based on candidate location, not just company headquarters.

3. Conduct (or Commission) Bias Audits

Even where not legally required, bias auditing is rapidly becoming a baseline expectation. Work with your AI vendors to understand what auditing they've already done, request audit reports, and fill gaps with independent assessments.

4. Implement Candidate Notification

Create a standard notification process that informs candidates when AI is used in their evaluation. This is already required in NYC and the EU, and is the direction all regulation is heading. Building it now avoids scrambling later.

5. Ensure Human Override Capability

Every AI-driven hiring decision should have a clear path for human review and override. If your AI tool surfaces candidates or filters applications, a human should be reviewing the output before any candidate is rejected. Document this process.

6. Document Everything

Maintain records of your AI tools, their purposes, bias audit results, candidate notifications, and human review processes. Regulatory audits will look for this documentation.

How Aurevity HR Approaches Compliance

Aurevity HR is designed with regulatory compliance as a foundational principle, not a bolted-on feature. Every workflow includes configurable human review gates — meaning no candidate is advanced or rejected without human oversight. The system provides transparency into how candidates are surfaced, with source-cited reasoning that hiring teams can audit.

This approach — human-reviewed, policy-grounded, and transparent — isn't just good compliance practice. It's how AI hiring tools should work, regulation or not.