How can we help?

Choose the option that best fits what you need

Talk to an Expert

Have questions about screening policies, compliance, or turnaround times? Our team can help

Get a Quote

Tell us about your screening needs and receive clear pricing and next steps within one business day.

Start Screening Services

Set up background checks, drug testing, and credential verification for your hiring process

Get My Background Check

Request a copy of your report, check the status, or dispute information

KRESS Inc Logo
Chat Login

5 AI Hiring Laws That Could Catch Your Company Off Guard

Jump to Topic

AI adoption in HR nearly doubled over the past year, from 26% to 43% of organizations, according to SHRM, and recruiting is the most common place teams put it to work. If your company is among them, one question needs a fast answer: which of these laws apply to you?

As of early 2026, at least five major jurisdictions regulate how employers use AI in hiring decisions. These laws are active, enforceable, and in some cases already generating penalties: in New York City alone, a single non-compliant hiring tool can rack up tens of thousands in penalties within a month under Local Law 144.

The challenge isn't that these laws exist. It's that they're all different.

getty-images-td_-z8tkxsu-unsplash.jpg

The Five Laws You Need to Know

Illinois (Effective January 1, 2026)

Illinois amended its Human Rights Act through HB 3773, effective January 1, 2026, adding AI rules alongside its 2020 Artificial Intelligence Video Interview Act. It applies to virtually all Illinois employers (anyone with at least one employee for 20 or more calendar weeks). If you use AI in any employment decision, from hiring to promotions to discipline, you must notify employees before the tool is used and ensure it does not cause discriminatory impact based on protected characteristics.

For AI-analyzed video interviews, the Artificial Intelligence Video Interview Act (AIVIA) requires employers to tell candidates before the interview that AI may be used, explain how it works and the characteristics it evaluates, and obtain the candidate's consent. AIVIA carries no monetary penalty of its own. The teeth are in HB 3773, which routes AI-driven employment discrimination through the Illinois Human Rights Act: claims are filed with the Illinois Department of Human Rights and adjudicated by the Human Rights Commission, with remedies including civil penalties, actual damages, back pay, and attorneys' fees. There is no new standalone private right of action, but a claimant who completes the IDHR process can take the case to state court.

What this means for you:

  • If you use any AI tool in hiring, promotions, or discipline for Illinois roles, you need a notification process in place now.
  • For video interviews, build notice and consent into your workflow before any AI-analyzed interview.
  • The exposure is real: an IHRA finding can bring civil penalties, back pay, and attorneys' fees, multiplied across every affected applicant.

Colorado (Repealed and replaced; new law effective January 1, 2027)

Colorado's original AI Act never took effect. It drew a constitutional challenge from xAI in April 2026, the U.S. Department of Justice intervened, and on April 27, 2026 a federal judge stayed enforcement. The legislature then repealed and replaced it: Governor Polis signed SB 26-189 into law on May 14, 2026.

The replacement is significantly narrower. It drops the original "high-risk AI" framework for "automated decision-making technology" that materially influences a consequential decision, and centers on disclosure obligations, consumer notice and rights after an adverse outcome, and Attorney General enforcement under the Colorado Consumer Protection Act. The original impact-assessment and public-disclosure mandates are gone. The new framework takes effect January 1, 2027.

What this means for you:

  • The pressure is off for now: nothing takes effect in Colorado until January 1, 2027, and the original law's heaviest requirements are off the table.
  • Don't build a program around SB 24-205; it has been repealed. If you already started one, you can scale it back.
  • The new obligations (notice, disclosure, and consumer rights) are lighter but still coming. Watch the rulemaking that will define how SB 26-189 is implemented.

California (Effective October 1, 2025)

California's FEHA amendments target Automated Decision Systems used in employment. They cover employers with five or more employees, extend liability to vendors and staffing agencies, and require retaining all ADS-related data for at least four years (inputs, outputs, scoring criteria, and audit results).

California does not mandate a specific bias audit format, but documenting regular bias testing creates an evidentiary record that supports your defense if a discrimination claim arises. There is no statutory candidate-notification requirement, but the recordkeeping obligations mean you need documentation infrastructure in place.

What this means for you:

  • This one is already live. If you hire in California and use any automated screening or scoring, your recordkeeping must be airtight: four years of inputs, outputs, and criteria for every decision.
  • If you're not retaining this today, you're already out of compliance. Documented bias testing also strengthens your defense if a claim comes. Start there.

New York City (Effective since 2023, enforcement ramping up in 2026)

Local Law 144 has been on the books since 2023, but a December 2025 State Comptroller audit found major enforcement gaps: in a review of 32 companies, the DCWP had identified only one violation while the Comptroller found 17 potential ones. In response, NYC has committed to proactive investigations in 2026.

The law requires an independent bias audit before any automated employment decision tool is used and annually after. Candidates must get at least 10 business days' notice, including what the tool evaluates and how to request an accommodation or alternative. Penalties run $500 to $1,500 per day per violation, and because each day counts as a separate violation, a single non-compliant tool can rack up tens of thousands within a month.

What this means for you:

  • If you've treated Local Law 144 as loosely enforced, that window is closing. NYC is now investigating proactively, not waiting for complaints.
  • Check whether your ATS or screening tools qualify as automated employment decision tools.
  • If they do, you need a current bias audit on file and a 10-day candidate notification process. Without them, you're accumulating daily penalties.

Texas (Effective January 1, 2026)

Texas took a lighter approach with TRAIGA. It bans intentional discrimination through AI but does not recognize disparate impact as a standalone basis for liability. The Texas Attorney General enforces it on a tiered scale: curable violations run $10,000 to $12,000, uncurable ones reach $80,000 to $200,000, and ongoing violations accrue $2,000 to $40,000 per day. Most violations come with a 60-day cure period. Unlike Illinois and NYC, TRAIGA provides no private right of action.

What this means for you:

  • Texas is the least restrictive of the five, and AG-only enforcement means no private lawsuits. The 60-day cure period gives you a buffer, but only if you can show good-faith efforts.
  • If you already meet Illinois or NYC requirements, you're likely covered for Texas. If it's your only exposure, the bar is lower, but "lighter" doesn't mean "optional."

The Federal Wild Card

On December 11, 2025, the President signed the "Ensuring a National Policy Framework for Artificial Intelligence" executive order, directing the Attorney General to form an AI Litigation Task Force to challenge state AI laws seen as inconsistent with U.S. AI leadership and minimal regulatory burden.

The order asserts broad federal authority over state regulation but did not specifically exempt employer AI tools from potential preemption. Until the courts resolve it, follow state laws now and monitor federal developments.

What this means for you:

  • Don't wait for federal preemption to settle. State laws are enforceable today, and any federal challenge will take years.
  • Build around the strictest state requirements you're subject to. If preemption narrows the field later, you'll be ahead; if it doesn't, you'll be protected.

Does Your Background Screening Process Qualify?

Do standard background check tools count as "automated employment decision tools"? It depends on use: if a tool uses AI or algorithms to score, rank, filter, or recommend candidates, it likely qualifies; if it simply retrieves records for human review, it likely does not. The line is blurry and regulators read it broadly, so if your process involves any automated scoring, treat it as covered. (More on when an AI hiring score becomes a consumer report.)

What to Do Now

The compliance steps are consistent even when specifics vary. Audit every AI-powered tool in your hiring workflow and map each against the laws where you hire. Add candidate notification, build in human review before any adverse decision, set recordkeeping to California's four-year standard (the longest, and safest benchmark), and commission annual bias audits. For a jurisdiction-by-jurisdiction breakdown, see our state-by-state compliance guide.

If that sounds like a lot of work, it is. That's why a screening partner that builds compliance into its process matters. KRESS Employment Screening's compliance partner service tracks regulatory changes and translates them into actionable updates for your team, and our automated adverse action tool ensures every adverse decision follows the correct notice, timing, and documentation for your state. Not sure your current process is FCRA compliant? When the rules differ by zip code, a compliance-first screening partner isn't a luxury, it's a necessity.

Interested in reading more?

Join our Newsletter

Sign up for our monthly roundup of HR resources and news