ICO recruitment guidance puts AI hiring compliance regulations under a global spotlight
UK regulators have moved first with detailed expectations for AI hiring compliance regulations in recruitment. In March 2024, the Information Commissioner's Office (ICO) opened a public consultation on new guidance for automated decision making in hiring, after finding that many employers quietly shifted from decision support to fully automated employment decisions. For workforce planners, that shift turns experimental artificial intelligence tools into regulated systems that carry high risk under data protection and employment law.
The ICO reports that a significant share of hiring tools now make a solely automated decision about shortlisting or rejection, with no meaningful human oversight in the hiring process. Vendors such as HireVue and Pymetrics have already reworked or withdrawn automated scoring features in response to regulatory pressure and discrimination concerns, underscoring how quickly algorithmic screening can cross into fully automated employment decisions. HireVue, for example, announced in January 2021 that it would retire its standalone facial analysis component from video interview assessments, while Pymetrics agreed in a 2022 settlement with the U.S. Department of Labor to validate and monitor its algorithmic assessments for adverse impact. Under UK law, those automated employment systems trigger strict regulations on transparency, bias audits, impact assessments, and the right for candidates to request human review of any employment decision. The draft guidance, published on the ICO consultation hub in March 2024, signals that regulators see AI driven hiring decisions as high risk uses of artificial intelligence, comparable to credit scoring or access to essential services, because the impact on livelihoods and civil rights is immediate and often irreversible.
For US employers, the ICO's move is a preview of where AI hiring compliance regulations are heading, even if local law currently looks fragmented. States already treat automated decision tools used in employment decisions as regulated high risk systems, especially when they influence pay, promotion, or termination decisions. New York City’s Local Law 144, which took effect in July 2023 and is published in the New York City Administrative Code, defines “automated employment decision tools” and sets conditions for their use, while Colorado’s SB 24-205, signed in May 2024 and available on the Colorado General Assembly bill tracker, establishes duties for deployers of high risk AI systems. HR leaders who still view AI hiring tools as simple efficiency aids, rather than regulated automated decision systems, are underestimating both legal risk and the operational impact on workforce planning.
From DUAA style safeguards to a US patchwork of AI employment laws
Regulators are converging on a model where AI hiring compliance regulations do not ban automated employment outright, but instead give candidates a right to challenge any automated decision with strong safeguards. This shift, often described as moving from prohibition with exceptions to a right of challenge with safeguards, mirrors the approach in the EU's Digital Services and AI frameworks and now shapes thinking at the ICO. In practice, it means employers can use automated decision systems in hiring, yet they must prove human oversight, document human review, and show that employment decisions are not solely determined by opaque algorithms.
In the United States, that philosophy is emerging through a patchwork of state and local law rather than a single federal law, which complicates workforce planning. New York City already requires employers that use automated employment decision tools for hiring decisions or promotions to conduct annual bias audits, publish summary results, and give candidates notice plus an alternative selection method under Local Law 144, as set out in the law’s text and the Department of Consumer and Worker Protection rules. Colorado's AI Act (SB 24-205) treats many hiring tools as high risk systems and requires employers to perform impact assessments, monitor for disparate impact, and maintain detailed data on model performance across protected groups, as described in the bill summary and statutory language.
California is moving on a parallel track, pairing AI hiring compliance regulations with existing employment and civil rights laws that already require four year retention of automated decision data related to hiring and promotion. For HR leaders managing multi state employment, this means the strictest local law often becomes the de facto standard for all hiring tools and systems. Given SHRM's 2023 survey finding that 57 percent of HR professionals in states with AI employment laws are unaware those laws exist, a result reported in SHRM’s 2023 “State of AI in HR” research brief, the compliance gap is now a strategic workforce risk, not just a legal technicality, and it sits alongside other regulatory issues such as sick leave rules that already shape staffing models, as shown in this analysis of Arizona sick leave law for workforce planners.
What HR leaders should do now: audit, document, and govern AI in recruitment
For workforce planners, AI hiring compliance regulations are no longer a future concern but a present constraint on how you design the hiring process and allocate headcount. A practical starting point is a full inventory of every tool and system that influences employment decisions, from résumé screening software and video interview scoring to scheduling tools that affect hours and therefore pay. Treat each automated decision or automated employment feature as high risk until bias testing, bias audits, and impact assessments show that disparate impact is understood, mitigated, and monitored over time.
Next, document where human oversight and human review genuinely shape hiring decisions, rather than rubber stamping an algorithmic recommendation. Regulators in jurisdictions from New York City to California are clear that employers must be able to explain how data flows through hiring tools, how each automated decision is logged, and how candidates can trigger a fresh employment decision by a human when they challenge an outcome. That level of documentation aligns with broader workforce governance practices, such as maintaining auditable records for scheduling, pay equity, and part time work rules in California, which are explored in this guide to the minimum hours for part time work in California.
Finally, build AI governance into mainstream workforce planning, not as a side project owned only by Legal or IT. Cross functional teams should review AI hiring tools against civil rights laws, local law on automated decision systems, and internal risk appetite, using structured frameworks similar to those used for market adjustment raises and pay equity, as outlined in this piece on the impact of market adjustment raises on workforce planning. As a practical checklist, HR leaders should track at least four metrics: percentage of roles using automated screening, completion rates for bias audits and impact assessments, time to respond to candidate requests for human review, and the share of hiring decisions where documented human judgment overrides an algorithmic recommendation. The direction of travel is clear for employers that rely on artificial intelligence in recruitment and broader employment decisions, and the organisations that treat AI hiring compliance regulations as a core part of workforce strategy will be better positioned when regulators in Colorado, California, and beyond tighten enforcement.