The Hiring Algorithm: What HireVue's 750 Enterprise Clients Haven't Filed Since NYC Local Law 144 Took Effect
HireVue is deployed at 750+ enterprises. Eightfold.ai, Paradox, Workday AI, SAP SuccessFactors, and Oracle HCM have all embedded AI screening into standard ATS workflows. NYC Local Law 144 became effective July 5, 2023 — requiring annual independent bias audits, public posting of audit results, and candidate notices for any automated employment decision tool used in hiring or promotion. One year after the law took effect, approximately one in four employers using AI hiring tools had filed. The EEOC's May 2023 technical assistance guidance explicitly states that AI hiring tools producing adverse impact on protected classes may violate Title VII, the ADA, and the ADEA without discriminatory intent. The governance questions every CHRO and talent acquisition leader has not resolved: which of your screening tools are automated employment decision tools under applicable law, what your organization owes the candidates those tools have already processed, and what happens when your vendor updates their model and the audit on file is stale.
Key Numbers
Background
Enterprise AI hiring tools have moved from pilot programs to standard platform features. HireVue's asynchronous video interview product — which records candidates answering preset questions and scores them on verbal content, facial movement, tone of voice, and behavioral signals — is deployed at more than 750 enterprise clients. The tool claims to reduce recruiter screening time by more than 90% on initial assessment. Eightfold.ai applies large language models to résumé and work history data to infer skills, predict role fit, and rank candidates before a recruiter reviews a single application; the platform is deployed at Rolls-Royce, Vodafone, Zurich Insurance, and scores of other global enterprises. Paradox built Olivia — a conversational AI that handles initial candidate questions, scheduling, and basic screening for high-volume recruiting at McDonald's, Nestlé, Unilever, and others — which processes more candidates per day than most enterprise HR teams could review manually in a month. And every major HCM platform vendor has embedded AI scoring into standard features: Workday Skills Cloud infers candidate skills from résumés and matches them to job profiles; SAP SuccessFactors Recruiting AI ranks applicants within the standard recruiter queue; Oracle HCM Candidate Experience uses AI to score candidate responses and predict quality of hire. An enterprise running any of these platforms on standard terms almost certainly has automated employment decision tools in production and has not classified or audited them as such.
The regulatory landscape arrived while most enterprises were still characterizing these tools as productivity software. NYC Local Law 144, which became effective July 5, 2023 and applies to any employer using an automated employment decision tool in hiring or promotion decisions affecting workers in New York City, introduced the first enforceable U.S. bias audit requirement for AI hiring tools. The law defines “automated employment decision tool” broadly — any computational tool that substantially assists or replaces discretionary decision-making qualifies, which encompasses AI résumé scoring, automated video interview analysis, and skills-inference ranking. The compliance obligations have three components: an annual independent bias audit conducted by a qualified third party, with results published on the employer's website at least ten business days before use; a notice to candidates and employees at least ten business days before the tool is used, disclosing that an AEDT is in use and identifying the job qualification criteria and characteristics the tool evaluates; and an accommodation process for candidates who request an alternative selection process. Fines for non-compliance are assessed per candidate or employee affected per day. At enterprise hiring volumes — hundreds to thousands of NYC-area candidates processed per year — uncured non-compliance accumulates significant liability quickly.
The compliance gap is large and well-documented. Analysis of NYC-area employers identified as using AI hiring tools one year after the law's effective date found that approximately one in four had published a compliant bias audit. The rest fell into three categories: employers who knew about the law and had not yet run the audit, employers who knew about the requirement but had assessed their tool as not meeting the AEDT definition (often incorrectly), and employers who had not been informed by their ATS vendors that an AI scoring feature embedded in the platform they already licensed was covered by the law. The third category is the largest. Enterprise HR technology procurement teams evaluated the overall platform; the AI scoring feature was a line item in a release note, not a separate procurement decision. The vendor contract does not include the bias audit as a deliverable. Legal did not review the AI feature separately. Compliance is no one's explicit responsibility.
Illinois enacted the Artificial Intelligence Video Interview Act, effective January 1, 2020, which requires employers using AI to analyze video interviews to notify candidates before the interview that AI will be used, obtain affirmative consent, provide information about the AI tool's characteristics to candidates who request it, and delete candidate video data within thirty days of request. Illinois also requires that employers share candidate videos only with vendors whose AI analyzes them — no internal sharing of AI-analyzed interview recordings beyond the screening function. The Chicago Algorithmic Hiring Act, effective May 2025, extends similar requirements to algorithmic screening tools in the city with an employer-size threshold that captures most enterprise recruiting operations. Maryland and Washington state have enacted consent requirements for video interview AI analysis. California has a pending bill that would extend NYC-style bias audit requirements statewide. Most enterprise HR teams have compliance documentation for the ATS platform as a whole; none of these jurisdictional requirements are typically tracked at the AI feature level within that platform.
The EEOC guidance completes the regulatory architecture. The agency's May 2023 technical assistance document confirmed that AI hiring tools producing adverse impact on protected classes — higher screening-out rates for candidates based on race, sex, national origin, disability status, or age — can violate Title VII, the ADA, and the ADEA without any intent to discriminate. The document specifically identified video interview analysis, résumé screening AI, and automated candidate scoring as tools where adverse impact analysis is appropriate. It also addressed the employer liability question directly: an employer cannot transfer liability for adverse impact to the AI vendor by arguing that the algorithm, not the employer, made the selection decision. The selection decision is the employer's. The algorithm is a tool the employer chose to rely on. The EEOC's technical assistance document is not a regulation — but it describes the agency's enforcement posture, and federal courts evaluate adverse impact claims under the same legal standards whether the selection tool is a written test or an AI system.
Decision Required
Your talent acquisition team is running AI screening tools at enterprise scale. Candidates in New York City, Illinois, and an expanding list of jurisdictions are subject to decisions these tools are substantially influencing. The decision before your CHRO and employment law counsel has three governance questions embedded in it that the standard HR technology procurement process was not designed to surface.
Which of your screening tools are automated employment decision tools under NYC Local Law 144 and comparable laws — and have you conducted the required annual bias audit for each? The definition is broader than most HR technology teams assume. An AI scoring feature built into a standard ATS platform, an automated video interview analyzer, and a skills-inference ranking tool are all candidates for AEDT classification. The bias audit is not an optional governance best practice. It is a legal compliance obligation with per-candidate daily fines for employers hiring in New York City.
What does your organization owe the candidates your AI tools have already processed — and does your candidate notice workflow reflect the current requirements? NYC Local Law 144 requires notice to candidates before use, not after. Candidates who were processed without the required notice before your compliance program was in place are candidates who received a benefit your current practice was legally obligated to provide. Your employment law counsel needs to assess the retroactive exposure separately from the prospective compliance program.
When your AI hiring vendor updates their model — which every vendor operating a production machine learning system does continuously — does that update require re-validation of your bias audit on file? The audit you filed last year reflects the model's bias characteristics as of the audit date. If your vendor updated the model since then (and they almost certainly did), the audit is stale. Most enterprise AI hiring contracts do not include model change notification provisions, and no vendor proactively informs enterprise clients that a model update has invalidated their compliance documentation.
Options
The current practice at most enterprises with AI hiring tools. The vendor contract governs the relationship; the vendor's EEO compliance representations are treated as sufficient; the bias audit obligation is either not known or not tracked. The governance gap: vendor compliance representations describe the vendor's internal testing, not an independent audit meeting NYC Local Law 144 requirements. The employer's legal obligation to conduct and publish an independent annual bias audit is not dischargeable by vendor documentation. DCWP enforcement guidance issued in 2024 clarified that reliance on vendor-provided materials does not constitute a compliant independent audit. This option defers the compliance exposure rather than resolving it — and the exposure accumulates with each additional candidate processed.
The compliant path. Engage an independent auditor qualified under NYC Local Law 144 to conduct the annual bias audit for each tool meeting the AEDT definition — the audit tests for adverse impact using the four-fifths rule across race, sex, and intersectional categories. Publish results on the company website at least ten business days before use. Build the candidate notice workflow into the ATS process: candidates are notified before the AEDT is applied, with disclosure of the evaluation criteria and a process to request an alternative. Add model change notification and re-audit triggers to every AI hiring vendor contract at the next renewal — the vendor must notify you within thirty days of any model update that could affect scoring behavior, with the re-audit decision left to the employer. The cost of an independent bias audit for a single tool is typically $15,000–$50,000 depending on scope and data availability. The cost of an EEOC adverse impact investigation, conciliation, or class settlement is orders of magnitude higher.
Rather than auditing the full current AI screening stack, restructure the hiring process to use AI only at stages where candidates have already applied and the tool's role is clearly disclosed. Remove AI scoring from the application review and résumé screening stages — where AEDT classification is most clear and adverse impact risk is highest — and apply AI only to standardized assessments presented to candidates who have already passed an initial human review. This approach reduces the AEDT compliance surface and puts AI use at a point in the process where candidates have more context. The limitation: it does not address the retroactive exposure from candidates already processed under the prior workflow, it does not eliminate AEDT requirements for the remaining AI use, and it sacrifices the efficiency gain that justified AI adoption in the first screening stages.
The comprehensive approach: before the next major hiring push, conduct an inventory of every AI or algorithmic tool in the talent acquisition workflow — from sourcing to offer — and classify each against the AEDT definition under NYC Law 144, Illinois AI Video Interview Act, Chicago Algorithmic Hiring Act, and EEOC adverse impact standards. For each classified AEDT, run an internal disparate impact analysis using historical hiring data; commission an independent audit for any tool showing adverse impact patterns; build the candidate notice and alternative-process workflow before any further use; and audit every vendor contract for model change notification provisions. This is the governance-complete path but requires 60–90 days to execute properly and may require pausing use of tools pending audit results. Right for organizations that discover during the inventory that AI scoring is more embedded in their hiring process than HR leadership understood.
Recommendation
Commission the independent bias audit before the next NYC-area hiring cycle. This is not a discretionary governance improvement. It is a legal compliance obligation that has been in effect since July 2023. The audit methodology is straightforward — any industrial-organizational psychologist or HR compliance firm with experience in adverse impact analysis can execute it against the four-fifths rule framework NYC Law 144 requires. The output is a published document on your company website. The cost is $15,000–$50,000 per tool. Do this before the next open requisition, not after the first enforcement inquiry.
Build the candidate notice workflow into your ATS. NYC Law 144 requires notice to candidates at least ten business days before an AEDT is applied, including identification of the tool and the evaluation criteria. This is an ATS configuration change and a form letter — it is not a complex technical implementation. The same workflow, adjusted for state-specific requirements, satisfies Illinois, Chicago, and Maryland requirements. Building it once covers the current regulatory exposure across all U.S. jurisdictions with enacted requirements. It also positions you for the California and New York state bills that are advancing in 2026.
Add model change notification and re-audit provisions to every AI hiring vendor contract at the next renewal. The provision has three elements: the vendor must notify the employer within thirty days of any model update, scoring algorithm change, or training data refresh that could affect candidate scoring; the employer retains the right to re-audit at the vendor's cost if a model change affects bias characteristics; and the vendor must provide sufficient technical documentation for the auditor to characterize the model's decision process. Most vendors will accept this language — they are running audited tools and have the documentation. If a vendor declines to include model change notification provisions, that refusal is information about how they manage model governance, and it belongs in your vendor risk assessment.
Conduct the retroactive exposure assessment with employment counsel. Candidates who were processed by an unaudited AEDT in NYC after July 5, 2023 without the required notice were processed in violation of Law 144. The exposure depends on the volume of affected candidates, the duration of non-compliance, whether adverse impact is present in historical data, and how DCWP enforcement proceeds. Your counsel needs to assess this before you file the audit — because the audit results are public, and a bias finding in the prospective audit will generate questions about the retrospective period.
Enjoying this brief? The next one ships Tuesday.
One enterprise AI deployment, dissected weekly. Free during beta · No credit card · Unsubscribe anytime
Risks
The NYC Department of Consumer and Worker Protection issued enforcement guidance in 2024 clarifying that non-compliance with Law 144 — missing bias audit, missing publication, missing candidate notice — is subject to fines of up to $500 per candidate or employee per day of non-compliance. An enterprise processing 1,000 NYC-area candidates per year without a compliant bias audit for 18 months has accumulated potential exposure of up to $27M in theoretical maximum fines before any enforcement action is considered. Enforcement has been graduated and focused on repeat non-compliance in early cases, but the fine structure is designed to be material at enterprise scale hiring volumes. DCWP has indicated it will prioritize employers identified through candidate complaints and sector audits.
The EEOC's May 2023 guidance confirmed that adverse impact on protected classes from AI hiring tools can violate Title VII, the ADA, and the ADEA regardless of discriminatory intent. The guidance specifically addressed the employer liability question: the employer's selection decision remains the employer's legal responsibility, and reliance on an AI tool that produces adverse impact does not shift liability to the vendor. Facial expression analysis has documented race and disability disparities in multiple academic studies — tools trained on data from populations that skew white and non-disabled exhibit systematic performance differences for other groups. The EEOC guidance, combined with the New York City Human Rights Law, creates a multi-agency enforcement environment for AI hiring adverse impact claims that was not present when most enterprise deployments were approved.
Every production machine learning system is updated continuously — new training data, reweighted features, architecture changes, fine-tuning. An AI hiring tool that passed an independent bias audit in Q1 2025 has likely been updated several times since then. The bias characteristics of the updated model are different from the audited model, but the employer has no way of knowing this without a model change notification provision in the vendor contract, which most enterprise agreements do not include. An employer who published an audit in 2024 may be operating under the belief that their compliance documentation is current when the tool they audited and the tool they are running are materially different systems. If an EEOC adverse impact investigation examines the current model's performance, the 2024 audit may not be relevant to the question at hand.
The Illinois Artificial Intelligence Video Interview Act requires employers using AI to analyze video interviews to provide candidates with a deletion right — the candidate can request that the employer delete their video data within thirty days. Most enterprise workflows do not have a deletion request process for candidate video data. HireVue and other platforms retain video data according to the employer's data retention settings, which are typically set at deployment and rarely revisited. A candidate in Illinois who requests deletion and receives no response is a candidate whose statutory right has been violated. Illinois also restricts sharing of AI-analyzed video recordings to vendors whose AI analyzes them — internal sharing of interview recordings beyond the screening function is prohibited. Most enterprise recruiting workflows were not designed with either restriction in mind.
The most common compliance gap is not an employer that knowingly deployed a standalone AI screening tool and failed to audit it. It is an employer whose ATS platform — Workday, SAP SuccessFactors, Oracle HCM — added AI scoring to a feature the employer was already using, and no one at the employer evaluated the new feature as an automated employment decision tool requiring an independent bias audit. Platform vendors market AI scoring as productivity improvements; they do not proactively advise enterprise clients that the new feature triggers independent regulatory compliance obligations. The employer's HR technology team accepted the feature update; the employer's legal team was not asked to review it. The result is a compliance gap that began accumulating with the feature update date, not the Law 144 effective date.
Questions Your Team Should Be Answering
These are the questions that distinguish organizations that get this right from those that do not. If your team cannot answer them, that is your first deliverable.
- 1.
Has your organization conducted an inventory of AI and algorithmic tools used in hiring and promotion decisions affecting workers in New York City — and for each tool meeting the AEDT definition, has an independent bias audit been conducted and published on your company website?
- 2.
Does your candidate notice workflow for NYC-area candidates include disclosure that an AEDT is being used, identification of the evaluation criteria, and a process for requesting an alternative selection process — and is this notice provided at least ten business days before the tool is applied?
- 3.
Do your AI hiring vendor contracts include model change notification provisions — and does a model update by your vendor trigger a re-evaluation of the bias audit on file?
- 4.
Has your CHRO or employment law counsel assessed which AI scoring features embedded in your current ATS platform meet the AEDT definition under NYC Local Law 144, Illinois AI Video Interview Act, and Chicago Algorithmic Hiring Act — or has AI compliance review been applied only to standalone tools, not embedded platform features?
- 5.
Does your organization have a process for handling candidate video deletion requests under the Illinois AI Video Interview Act — and when was data retention for candidate video recordings last reviewed against Illinois's 30-day deletion requirement?
- 6.
What is the retroactive exposure assessment for candidates processed by unaudited AEDTs in New York City after July 5, 2023 without the required candidate notice — and has that assessment been completed by employment law counsel before your next bias audit publication?
If this memo belongs in your next executive meeting or board pack, send it along. One click opens a pre-drafted email — edit or send as-is.
The ATO Bottleneck: What Federal Agencies Discover When AI Procurement Meets the Authorization Process
Federal agencies are deploying AI tools across procurement, benefits processing, and workforce operations — but the ATO process was written for static systems. FedRAMP authorizes cloud infrastructure, not AI behavior. Most frontier AI APIs lack FedRAMP authorization, and most federal ATOs are stale by the time the model updates.
Read memo →The Algorithmic Underwriting Audit: What NAIC AI Requirements Mean for Every Insurer Using AI in Pricing and Claims
State insurance regulators have moved. The NAIC Model Bulletin on AI has been adopted in 38+ states. Colorado mandates external algorithmic audits for life insurance AI. California CDI has challenged AI-generated property risk scores. Most carriers have deployed AI in claims and underwriting without building the governance documentation regulators are now requiring.
Read memo →The SR 11-7 Blind Spot: What Banks Discover When AI Hits Model Risk Management
Banks are deploying AI in credit underwriting, fraud detection, compliance monitoring, and customer service — but SR 11-7, the OCC/Fed model risk framework, was written in 2011 for statistical models. The validation gap for third-party LLM APIs, the model version change management problem, and what bank examiners are beginning to ask.
Read memo →