AI Policy for Recruiting Teams

An AI policy for recruiting teams is the documented set of rules governing how TA staff and hiring managers use AI-driven tools — which tools are authorized, for which stages of the hiring process, with what candidate data, with what human oversight, and with what candidate disclosure. Absent a written policy, recruiting teams default to ad-hoc tool adoption that creates undisclosed bias-audit obligations under NYC Local Law 144, potential EEOC disparate-impact liability, and a patchwork of vendor data-handling arrangements nobody has reviewed. A working policy closes those gaps before a candidate files a complaint or a regulator asks for documentation.

What an AI recruiting policy must cover

Six required elements:

Authorized tools. A named list of AI tools approved for use in hiring, mapped to the stages where each tool is permitted (sourcing, resume screening, scheduling, assessment, interview scoring). Default-deny for any unevaluated tool — recruiters cannot trial new tools on live candidates without authorization.
AEDT classification. Which tools qualify as Automated Employment Decision Tools (AEDTs) under NYC Local Law 144’s definition — any computational process that substantially assists or replaces discretionary decision-making in hiring. This classification determines which tools require annual bias audits and candidate notification.
Bias audit obligations. For each AEDT in use: whether a bias audit has been completed within the past 12 months, who conducted it, and where the public summary is posted. Teams using vendors’ tools must confirm that the vendor has completed the required audit and that the employer has a copy of the results.
Candidate notification. When and how candidates are notified that an AI tool will be used to evaluate them. NYC Local Law 144 requires at least 10 business days’ notice before the tool is used, including notice of what qualifications the tool will assess and what data it collects. The policy specifies the channel (job posting, email, career site) and timing.
Human oversight requirements. Which AI outputs are advisory (surface candidates for human review) vs. decision-triggering (auto-advance or auto-reject). The policy should specify that final hiring decisions require a human decision-maker, not only an AI score.
Vendor due diligence. Pre-authorization checklist for new tools: data processing agreement reviewed, bias-audit results obtained, training data documentation requested, no-training contractual guarantee for candidate PII where applicable.

AEDT classification — what’s covered, what isn’t

Under NYC Local Law 144 (Final Rule, April 6, 2023; enforcement effective July 5, 2023):

Covered (if used for NYC-resident candidates or employees): resume screening tools that score or rank candidates, video interview analysis platforms that score facial expression or speech, chatbot-based pre-screening that disqualifies candidates based on responses, candidate matching algorithms that recommend or rank candidates, and internal promotion scoring systems.

Not covered: tools that merely transcribe, translate, schedule, or capture data without scoring or recommending; standard spreadsheet calculations; email filters; ATS workflow automation that routes applications without scoring them.

The key test is whether the tool issues a simplified output (score, rank, classification, recommendation) that a decision-maker relies on substantially. If a recruiter reviews an AI-generated shortlist and the shortlist drives the decision, the tool is an AEDT. “The AI just suggests — humans decide” does not exempt the tool if the human decision consistently follows the AI output without meaningful independent review.

Consult counsel for specific tool classification in ambiguous cases, particularly where vendor documentation is unclear on whether the tool’s output constitutes a “simplified output” under the Final Rule’s definition.

Bias audit requirements under NYC LL 144

For each covered AEDT, employers must:

Commission an annual bias audit from an independent auditor (no financial interest in the employer or vendor; no prior involvement with the tool’s development, use, or distribution).
The audit must calculate selection rates for race/ethnicity and sex categories, and impact ratios comparing the most-selected category against each other category. The audit must also report the number of individuals with unknown race/ethnicity and sex excluded from calculations.
Publish the audit summary on the employer’s public-facing website before using the tool for NYC candidates, and keep it accessible for at least three years.
The audit must be completed within 12 months of the tool’s use; annual re-audit is required.

Vendor-supplied audits: A vendor may conduct or commission the bias audit, and the employer may rely on it — but the employer is still obligated to verify the audit was conducted by a genuinely independent auditor, that the audit covers the specific tool configuration used (not a generic version), and that the results are publicly posted as required. Many vendors publish a single compliance document; confirm it covers your specific use case and data inputs.

Penalties: First violation up to $500; subsequent violations $500–$1,500 per violation (each day of non-compliance is a separate violation).

Candidate notification — the operational requirement

NYC Local Law 144 requires employers to notify candidates at least 10 business days before the AEDT is used. The notice must:

State that an AEDT will be used to evaluate them.
Identify the job qualifications and characteristics the tool will assess.
State the data types collected, their sources, and how long they will be retained.
Provide an opportunity for candidates to request an alternative selection process or accommodation (where one exists).

Where to put it: The notice may appear in the job posting, on the company’s careers website in a clear and conspicuous location, or via direct email to the candidate. A buried footnote in application terms does not satisfy the notice requirement.

Operational implication: If a team deploys an AI resume screener after applications close and candidates have already applied, they may be unable to provide the required 10-business-day advance notice. The policy should require that notification is included in the original job posting when an AEDT will be used in that hiring process.

Vendor due diligence checklist

Before authorizing any new AI tool for use in hiring:

Tool classified as AEDT or non-AEDT (documented rationale)
Bias audit results obtained from vendor (independent auditor, dated within 12 months)
Audit covers the specific tool features used for hiring (not a generic product audit)
Data processing agreement (DPA) executed — candidate PII handling, data retention, no-training-on-candidate-data clause
Vendor contact confirmed for LL144 compliance questions
Public posting requirement: employer’s website or vendor’s — documented which party posts
Training on tool completed by TA staff before go-live

The policy template

Copy, edit to your organization, and have counsel review before deployment.

[Company Name] — AI Use Policy for Talent Acquisition

Version: [Version Number] — Last reviewed: [Date]

1. Purpose

This policy governs how [Company Name] (“Company”) uses automated and AI-assisted tools in its recruiting and hiring processes. It establishes rules for tool authorization, candidate notification, bias audit obligations, and human oversight.

2. Scope

Applies to all employees involved in talent acquisition — recruiters, recruiting coordinators, hiring managers, and People Ops staff — and to all AI-assisted tools used to source, screen, schedule, assess, or evaluate candidates or employees for open roles.

3. Authorized tools and use cases

Only tools listed in Appendix A (“Approved AI Tools”) may be used for hiring decisions. Tools not on this list may not be trialed on live candidates without prior approval from [TA Ops / People Ops leader].

Tool	Permitted stages	AEDT classification	Bias audit completed
[Tool name]	[Sourcing / Screening / Assessment / Scheduling]	[AEDT / Non-AEDT]	[Yes — [date] / No — required before use]

4. AEDT definition and classification

A tool is classified as an AEDT if it issues a score, ranking, classification, or recommendation derived from machine learning, statistical modeling, data analytics, or AI that substantially assists or replaces discretionary decision-making in hiring. All AEDT classifications are documented in Appendix A with the rationale for each determination. Classification is reviewed annually or when tool configuration changes materially.

5. Bias audit obligations

All tools classified as AEDTs must be audited annually by an independent auditor. The audit must calculate selection rates and impact ratios by race/ethnicity and sex. Audit results must be published on [company website URL / careers page] before the tool is used for NYC candidates. [TA Ops / People Ops] maintains audit records for a minimum of three years.

For vendor-supplied tools: [TA Ops / People Ops] confirms annually that the vendor’s bias audit covers the specific product configuration in use, was conducted by a genuinely independent auditor, and that results are publicly posted as required.

6. Candidate notification

Candidates must receive written notice at least 10 business days before any AEDT is used to evaluate them. This notice must state: (a) that an AEDT will be used; (b) what qualifications or characteristics the tool assesses; (c) what data is collected, how it is sourced, and how long it is retained; (d) that candidates may request an alternative selection process or accommodation.

Standard notification language appears in Appendix B. Notification is included in job postings for roles where an AEDT will be used.

7. Human oversight requirements

AI outputs are advisory inputs to human decision-makers. No candidate may be automatically rejected from a hiring process based solely on an AI score or recommendation without human review. Hiring managers may not advance or reject candidates based on an AI score alone without reviewing the underlying information the score is based on. Final offers of employment require human authorization.

8. Data handling

Candidate data submitted for AI evaluation is processed per the Company’s [Privacy Policy / HR Data Policy]. Candidate data is not used to train vendor AI models without explicit candidate consent. The Company executes data processing agreements with all AI tool vendors before candidate data is processed.

9. Jurisdictional compliance

The Company operates in multiple jurisdictions with varying AI-in-hiring requirements. NYC Local Law 144 applies to any candidate or employee located in New York City. Illinois AI Video Interview Act (AIVIA) applies to any candidate interviewing for roles based in Illinois, requiring disclosure and consent before AI-analyzed video interviews. Additional jurisdictional requirements may apply; TA Ops maintains a compliance calendar. Consult counsel before deploying a new AEDT for candidates in a jurisdiction where requirements are uncertain.

10. Exceptions and accommodations

Candidates may request an alternative selection process in lieu of AEDT evaluation. Requests must be directed to [recruiting contact / email]. The Company will determine on a case-by-case basis whether an alternative process is available. The Company does not retaliate against candidates for requesting an alternative process.

11. Training

All TA staff complete AI hiring policy training before access to any AEDT. Annual refresher required. Training records maintained by [HR / People Ops].

12. Policy violations

Unauthorized use of non-approved AI tools in hiring, failure to notify candidates as required, or use of AI output as the sole basis for hiring decisions without human review are policy violations subject to [Company disciplinary process]. Violations involving candidates in regulated jurisdictions must be reported to [Legal / Compliance] within [X] business days.

13. Policy review

This policy is reviewed annually, or immediately upon: a material change to any authorized AEDT; a new bias audit result that reveals disparate impact outside acceptable thresholds; a change in applicable law in any jurisdiction where the Company hires; or a formal complaint from a candidate or employee.

Appendix A: Approved AI Tools (maintained separately — link to internal system)

Appendix B: Standard Candidate AEDT Notification Language (maintained separately)

Common pitfalls

Relying on vendor compliance alone. The vendor’s LL144 compliance page satisfies the vendor’s obligations, not the employer’s. The employer independently owes the obligation to post audit results and notify candidates.

Treating “AI assists” as non-AEDT. If the AI output is a score that drives 90% of shortlisting decisions in practice, the tool substantially assists decision-making regardless of whether a human technically makes the final call. The operational reality matters, not the process description.

One-time notification buried in terms. The 10-business-day advance notice requirement is per-candidate, per-AEDT use. A blanket disclosure in the company’s general privacy policy does not satisfy it.

Policy without audit trail. The policy must be documented, versioned, and acknowledged by TA staff. “We tell people not to use unapproved tools” is not a policy; it is an expectation that creates liability rather than reducing it.

NYC Local Law 144 — what the law requires and how recruiting teams comply
AI screening bias — how bias enters AI hiring tools and how to audit for it
AI resume screening — the specific tool category most often triggering AEDT obligations
Structured interviewing — human evaluation framework that pairs with AI screening
Eightfold — talent intelligence platform with built-in bias-audit infrastructure

Edit this page on GitHub