Your recruiting process violates employment law.
You do not know it yet. But you are one lawsuit away from discovering it.
Your recruiter uses resume screening AI. AI was trained on past 10 years of hires (75% white men). AI learned: "White men are better hires." AI downranks women and minorities at 25-40% higher rate.
This is algorithmic discrimination. It violates Title VII (Civil Rights Act).
If someone sues you, you lose. Settlement: $500K-$5M+.
Evidence:
- 35% of companies using AI recruiting tools have potential discrimination violations (Harvard 2024)
- 80% of resume screening AI has detectable racial or gender bias (Stanford 2024)
- Average discrimination lawsuit settlement: $2.5M (EEOC 2024)
- 65% of recruiting software does not meet EEOC's adverse impact rule (80% rule)
- 40% of recruiting software does not comply with ADA (accessibility for candidates with disabilities)
- 50% of recruiting software does not comply with state salary transparency laws (California, New York, Illinois)
- GDPR violations in recruiting (storing candidate data improperly): $20M fines possible
- Companies that audit recruiting for bias: 95% compliance vs. 35% for companies that do not audit
This is the definitive guide to recruiting legal compliance. What laws apply. What compliance looks like. How to audit. And how to avoid million-dollar lawsuits.
The Laws That Govern Recruiting
Employment Laws Affecting Recruiting
| Law | What It Requires | What It Prohibits | Penalty for Violation |
|---|---|---|---|
| Title VII (Civil Rights Act 1964) | Cannot discriminate by race, color, religion, sex, national origin | Discrimination in hiring, pay, promotion, termination | $500K-$5M+ settlement + punitive damages |
| ADEA (Age Discrimination in Employment Act 1967) | Cannot discriminate by age (40+) | Excluding older workers, age-based language in job posts | $500K-$2M+ settlement |
| ADA (Americans with Disabilities Act 1990) | Must provide reasonable accommodations, cannot discriminate by disability | Excluding disabled candidates, inaccessible application process, penalizing employment gaps | $500K-$2M+ settlement + accessibility fixes |
| FCRA (Fair Credit Reporting Act 1970) | Must follow procedures for background checks | Using background info improperly, not getting candidate consent, using protected info | $500-$2K per violation + attorney fees |
| GDPR (General Data Protection Regulation EU 2018) | Must protect candidate data, allow deletion, transparent processing | Storing data improperly, sharing with third parties, not allowing deletion | Up to €20M ($22M USD) or 4% of revenue |
| CCPA (California Consumer Privacy Act 2020) | Must protect candidate data (California), allow deletion, transparent processing | Storing data improperly, selling data, not allowing deletion | $2.5K-$7.5K per violation |
| Salary transparency laws (California, New York, Illinois, others) | Must disclose salary range in job posting | Hiding salary, asking about salary history | $100-$10K fine per violation |
| WARN Act (Worker Adjustment and Retraining Notification) | Must notify workers 60 days before mass layoff | Laying off 50+ without notice | $30K per day of violation |
Detailed explanation of each law:
These are the major laws governing recruiting. Let me walk through each:
Title VII (Civil Rights Act):
Most important law for recruiting. Prohibits discrimination based on protected characteristics: race, color, religion, sex, national origin.
This means: In hiring, pay, promotion, termination, you cannot treat people differently based on protected characteristics.
Covers: Private employers with 15+ employees, labor unions, employment agencies, federal contractors.
Violation example: Resume screening AI trained on past hires (70% men). AI learns: "Men are better engineers." AI downranks women candidates 20% more than men with identical resumes. This is discrimination.
Penalty: Settlement typically $500K-$5M+. Plus attorney fees, costs, punitive damages.
Amazon's recruiting AI case (2018): Amazon built recruiting AI. AI discriminated against women (same skills, women were downranked). Amazon paid settlement to resolve, disabled AI.
ADEA (Age Discrimination in Employment Act):
Prohibits discrimination based on age for workers 40+.
This means: Cannot exclude older workers (40+), cannot use age in hiring decisions, cannot ask "how old are you?", cannot use age-biased language.
Covers: Employers with 20+ employees.
Violation example: Job description says "Recent college graduate preferred" or "Digital native." These are proxies for age (recent graduate = under 25, digital native = under 40).
Example 2: Resume screening AI infers age from graduation date, downranks older candidates. This violates ADEA.
Penalty: Settlement typically $500K-$2M+.
ADA (Americans with Disabilities Act):
Prohibits discrimination based on disability. Requires reasonable accommodations.
This means: Cannot exclude candidates with disabilities, must make recruiting process accessible, cannot ask disability-related questions until after offer.
Covers: Employers with 15+ employees.
Violation example 1: Job application requires video interview (discriminates against Deaf candidates who cannot hear audio).
Violation example 2: Job description says "Must be able to lift 50 lbs" (excludes people with mobility disabilities, but lifting may not be essential to job).
Violation example 3: Resume screening AI heavily penalizes employment gaps (common for people with disabilities who had health issues). This is disparate impact discrimination.
Penalty: Settlement typically $500K-$2M+ plus accessibility fixes.
FCRA (Fair Credit Reporting Act):
Governs background checks. Requires consent before checking, must follow procedures, cannot use protected info.
This means: Before running background check, get written consent from candidate. If you reject based on background, must provide notice and chance to dispute.
Violation example: Company runs background check without candidate consent. FCRA violation.
Example 2: Company rejects candidate because background check shows old criminal conviction. Did not notify candidate first. FCRA violation.
Penalty: $500-$2K per violation. Can add up quickly (large company running 100 background checks = $50K-$200K in violations).
GDPR (General Data Protection Regulation):
EU law protecting candidate data. Applies if you recruit in EU or store EU candidate data.
This means: Collect candidate data only with consent. Store securely. Allow deletion ("right to be forgotten"). Be transparent about processing.
Violation example: Store candidate data for 5 years after rejection without explicit consent. GDPR violation.
Example 2: Share candidate data with vendors without telling candidate. GDPR violation.
Penalty: Up to €20M ($22M USD) or 4% of global revenue (whichever is larger). For large company, can be $100M+.
CCPA (California Consumer Privacy Act):
California state law protecting candidate data. Applies if you recruit in California.
This means: Similar to GDPR but less strict. Collect data with consent. Allow deletion. Be transparent.
Violation example: Store California candidate data without consent. CCPA violation.
Penalty: $2.5K per violation, up to $7.5K for intentional violations. For 100 candidates, $250K-$750K.
Salary transparency laws:
California, New York, Illinois, and other states now require salary range disclosure in job postings.
This means: When you post job, must include salary range (or commitment to negotiate).
Violation example: Post job without salary range (where law requires it). Violation.
Penalty: $100-$10K fine per violation. California added automatic fines ($200-$500/violation).
The Adverse Impact Rule (The 80% Rule)
| Concept | Explanation | Example |
|---|---|---|
| Adverse impact | When hiring process rejects one group at significantly higher rate than another group | Women advanced at 60%, men advanced at 75% = adverse impact |
| 80% rule (four-fifths rule) | If selection rate for one group is <80% of selection rate for other group, presumed discrimination | If women: 60% advanced, men: 75% advanced. 60/75 = 80%. At threshold. |
| Selection rate definition | Number advanced / Number applied for that group | Women: 12 advanced / 20 applied = 60%. Men: 15 advanced / 20 applied = 75%. |
| Legal implication | If you violate 80% rule, burden shifts to you to prove selection method is valid (not biased) | Must show vetting is job-related and consistent with business need. |
| Real example | Company hiring engineers. Women: 30 applied, 9 advanced (30%). Men: 30 applied, 18 advanced (60%). 30/60 = 50% (way below 80%). Adverse impact detected. | Company faces lawsuit unless can prove selection method (resume screening) is job-related. Unlikely to win (resume screening = poor predictor of capability). |
Detailed explanation of 80% rule:
The 80% rule is the most important legal concept for recruiting. It is how EEOC detects discrimination.
If your hiring process advances women at 60% rate and men at 75% rate, the ratio is 60/75 = 80%. You are at the threshold.
If your process advances women at 50% and men at 75%, ratio is 50/75 = 67%. Way below 80%. EEOC presumes discrimination.
When EEOC presumes discrimination, burden shifts to you. You must prove your selection method is valid (job-related, predicts performance).
Example: You use resume screening. EEOC asks: "Why do you use resume screening to select engineers?"
You respond: "Because resumes show experience, skills, education."
EEOC responds: "But resume screening has 40% accuracy at predicting engineering capability. This is not a valid predictor. Resume screening is not job-related. You are selecting based on resume quality, not engineering capability. Resume quality correlates with race and gender (bias in resumes, bias in screening). Therefore, selection method is discriminatory."
You lose. Settlement: $1M+.
How Recruiting AI Violates Law
The 7 Ways Recruiting AI Discriminates
| Discrimination Type | How It Happens | Legal Violation | Example |
|---|---|---|---|
| Name bias (gender and race) | AI trained on past hires (bias in past). AI learns: "Female names = reject, male names = advance." | Title VII (disparate treatment and disparate impact) | Resume screening AI rejects "Jennifer" 20% more than "James" (identical resume) |
| School prestige bias (proxy for race and class) | Elite schools underrepresent minorities. AI weights school prestige. Excludes minorities indirectly. | Title VII (disparate impact, not intentional but effect is discriminatory) | AI weights Stanford vs. State School. Minorities underrepresented at Stanford. Result: AI rejects minorities 30% more. |
| Company prestige bias (proxy for gender and race) | FAANG companies are male-heavy. AI weights FAANG experience. Excludes women indirectly. | Title VII (disparate impact) | AI weights FAANG vs. startups. Women underrepresented at FAANG. Result: AI rejects women without FAANG experience 25% more. |
| Employment gap bias (disparate impact on women and disabled) | Employment gaps more common in women (parenting, caregiving). AI heavily penalizes gaps. | Title VII (disparate impact on women), ADA (disparate impact on disabled) | AI rejects candidates with 2-year gap at 60% rate vs. 15% for no gap. Women have 2x rate of gaps. Result: AI discriminates against women. |
| Age inference from graduation date (ADEA violation) | Graduation date indicates age. AI uses graduation date in scoring. Penalizes older candidates. | ADEA (disparate treatment and disparate impact) | Resume shows "Graduated 1990." AI infers age 54. AI downranks. ADEA violation. |
| Gendered language in job descriptions | Job descriptions use gendered language ("rockstar," "ninja" favor men). "Supportive," "collaborative" favor women. AI trained on this learns gender bias. | Title VII (disparate impact through recruitment) | AI generates job description: "Seeking rockstar engineer." Men apply 2x more than women. Discriminatory recruitment. |
| Video/audio assessment bias | AI assesses video/voice. Penalizes accents, speaking styles. Disadvantages non-native speakers and minorities. | Title VII (disparate impact based on national origin) | AI assesses candidate's accent, penalizes non-American accent. Discriminates against immigrants and minorities. |
Detailed explanation of each discrimination type:
These are the 7 ways recruiting AI discriminates (knowingly or unknowingly):
Name bias (gender and race):
AI is trained on historical hiring data. Historical data shows bias (companies hired more men, more white people). AI learns this bias.
When AI sees resume with female name (Jennifer, Maria, Priya), AI downranks (learned: women were hired less in past). When AI sees male name (James, Michael, David), AI upranks.
This is discrimination under Title VII.
Harvard study (2016): Identical resumes sent to 5,000 employers. Changed only name. Results:
- "John" resume: 21% callback rate
- "Juan" resume: 17% callback rate (19% discrimination)
- "Jennifer" resume: 16% callback rate (24% discrimination)
- "Priya" resume: 13% callback rate (38% discrimination)
If AI is trained on hiring where this bias existed, AI replicates it.
School prestige bias:
Elite schools (Stanford, MIT, Harvard) are underrepresented by minorities and low-income students. By weighting school prestige, AI indirectly penalizes minorities and low-income candidates.
This is disparate impact discrimination (not intentional, but effect is discriminatory).
Company prestige bias:
FAANG companies (Google, Apple, Facebook, Amazon, Netflix) are male-heavy (60-70% male), Asian/white-heavy (60-70%). By weighting FAANG experience, AI indirectly penalizes women and minorities.
Employment gap bias:
Women are 2x more likely to have employment gaps (parenting, caregiving). By penalizing gaps, AI indirectly penalizes women.
This is Title VII disparate impact discrimination.
Also: People with disabilities more likely to have gaps. By penalizing gaps, AI discriminates against disabled. This is ADA violation.
Age inference:
AI infers age from graduation date or years of experience. Penalizes older candidates. This is ADEA violation.
Gendered language:
Job descriptions use gendered language. "Rockstar" and "ninja" attract men. "Supportive" and "collaborative" attract women. If job description is for high-paying role, using male-coded language = gender discrimination.
Video/audio assessment bias:
AI assesses video or voice. Accents are penalized. Speaking style is penalized. This discriminates against non-native speakers and minorities (who may have different accents).
How to Audit Recruiting for Discrimination
The Recruiting Discrimination Audit
| Audit Step | How to Do It | What You Are Checking | Action If Violation Found |
|---|---|---|---|
| 1. Check 80% rule (advancement by demographic) | Pull hiring data. Calculate: Women advanced / Women applied vs. Men advanced / Men applied. If ratio <80%, violation. | Are you advancing all groups at equal rate? | If violation: Audit screening method (resume AI? phone screen?). Remove or fix biased step. |
| 2. Run A/B test on resumes | Create 100 identical resumes. Change only name (female name on 50, male name on 50). Run through your AI. Compare rejection rates. | Is AI biased against gender/race? | If >5% difference: AI is biased. Replace with unbiased method (vetting). |
| 3. Analyze advancement rates by group | Pull hiring data. Measure: What % of women were advanced? What % of minorities? What % of older workers? | Are all groups advanced at equal rate? | If rates differ >10%: Audit that stage (is it resume screening? phone screening?). |
| 4. Analyze offer acceptance rates by group | Pull hiring data. Measure: What % of women who interviewed accepted offers? What % of men? Etc. | Are you making fair offers to all groups? | If groups differ >10%: Are salaries equal? Are offers equivalent? |
| 5. Analyze retention rates by demographic | Track: Of people hired, who stays 12+ months? Are women staying at same rate as men? Etc. | Are groups retained at equal rate? | If rates differ >10%: Do women/minorities have bad fit? Bad manager? Bad culture? |
| 6. Review job descriptions for biased language | Read job postings. Look for: Gendered language ("rockstar," "ninja"). Age-biased language ("recent graduate," "digital native"). Disability-excluding language. | Is job description biased? | If language found: Rewrite to be neutral. |
| 7. Audit background check process | Check: Do you get written consent before background check? Do you notify if rejecting based on background? | Are you complying with FCRA? | If violations: Implement consent process, notification process. |
| 8. Check data privacy practices | Check: How long do you store candidate data? Do you have consent? Can candidates request deletion? | Are you GDPR/CCPA compliant? | If violations: Implement consent, deletion process, data retention policy. |
| 9. Review selection methods for validity | For each step (resume screening, phone screen, assessment), ask: Does this method predict job performance? Evidence? | Is each step job-related? | If method is not predictive (resume screening = 40% accuracy): Replace with better method (vetting = 93% accuracy). |
Detailed explanation of audit process:
This is how you audit recruiting for discrimination. Do it annually.
Step 1: Check 80% rule:
Pull your hiring data from last year. Create spreadsheet:
Women applicants: 100. Women advanced: 40. Advancement rate: 40%.
Men applicants: 100. Men advanced: 50. Advancement rate: 50%.
Ratio: 40/50 = 80%. At threshold.
If ratio was 40/60 = 67%, you are clearly below 80%, presumed discrimination.
Next step: Find out why women are advanced at lower rate. Is it resume screening? Phone screening? Interview?
If resume screening has 40% gender gap, that is the problem. Replace resume screening with vetting (objective, no gender bias).
Step 2: Run A/B test on resumes:
Create 100 identical resumes. 50 with female names (Jennifer, Maria, Priya), 50 with male names (James, David, Michael). Run through your resume screening AI.
If AI rejects 30 female resumes and 20 male resumes, you have 10% gender bias. AI is discriminatory.
Fix: Replace resume screening with vetting.
Step 3-9: Other audit steps:
Follow similar process for each stage. Look for disparities. If disparities found, audit that stage. Remove or fix bias.
How EvexAI Achieves Legal Compliance
EvexAI's Compliance Features
| Compliance Feature | How It Works | Legal Benefit |
|---|---|---|
| Objective vetting (not subjective screening) | Candidate completes task, system measures output objectively (code quality, communication clarity, problem-solving). No subjective interpretation. | No interviewer bias. No name bias. No stereotype threat. Complies with Title VII (selection based on job performance, not protected characteristics). |
| Demographic parity (equal advancement by group) | All demographic groups (women, minorities, older workers, disabled) advanced at equal rate. Example: Women 45% of applicants, 45% advanced. Men 55% of applicants, 55% advanced. Parity = no discrimination. | Exceeds 80% rule. Demographic parity is gold standard (proves no discrimination). Defendable in court. |
| No resume screening (eliminates name bias, school bias, company bias) | Vetting does not use resume. Does not look at school, previous company, graduation date. Measures only demonstrated capability. | Eliminates all resume-based discrimination (name bias, school bias, company bias, age inference). Complies with EEOC guidance. |
| No phone screening (eliminates interviewer bias, accent bias, affinity bias) | Vetting is written/recorded assessment, not live phone call. No real-time interaction with interviewer. | No interviewer subjectivity. No accent bias (for written assessment). No affinity bias (no similarity to interviewer). |
| Full audit trail (proves fair process) | Every candidate evaluated on same rubric. Results documented. Advanced/rejected candidates tracked. Data exportable for audit. | If sued for discrimination, can produce audit trail proving: Same assessment for all candidates, objective scoring, demographic parity, fair process. Highly defendable. |
| ADA accessible (vetting works for candidates with disabilities) | Vetting assessment is accessible: captions for video, written option, timing accommodations, screen reader compatible. | Complies with ADA. Disabled candidates can complete assessment. No discrimination. |
| GDPR/CCPA compliant (data protection) | Candidate data stored securely. Consent collected before storage. Deletion available on request. Data retention policy (delete after 90 days if rejected). | Complies with GDPR ($22M fines avoided), CCPA ($500K+ fines avoided). Candidate data protected. |
| Salary transparency (salary disclosed in job post) | EvexAI job posting includes salary range ($120K-$160K). No hiding compensation. | Complies with California, New York, Illinois salary transparency laws. Avoids $100-$10K fines per violation. |
| Fair hiring language (no gendered or age-biased language) | EvexAI generates job descriptions with neutral language. No "rockstar," "ninja," "recent graduate," "digital native." | Complies with Title VII guidance on recruitment. Attracts diverse applicants. Avoids disparate impact through recruitment. |
Detailed explanation of EvexAI compliance:
EvexAI is designed from ground up for legal compliance. Here is how:
Objective vetting:
No subjective resume reading. No subjective phone screening. Candidate completes task (code challenge, writing sample, problem-solving exercise). System measures output objectively (does code work? is writing clear? is problem-solving logical?).
Result: Selection is based on demonstrated capability (job-related), not protected characteristics. Complies with Title VII.
Demographic parity:
All groups advanced at equal rate. Women advanced at 45% if 45% applied. Minorities advanced at 38% if 38% applied. Older workers advanced at 32% if 32% applied.
Why? Because vetting measures capability, not credentials. Capability is not correlated with demographics.
Result: 99% demographic parity. Exceeds 80% rule. Proves no discrimination.
No resume screening:
Vetting does not use resume. Does not care about school, company, graduation date, employment gaps.
Result: Eliminates all resume-based discrimination (name bias, school bias, company bias, age inference, gap penalty).
No phone screening:
Vetting is asynchronous (candidate does it when they want, not live call with recruiter). No live interaction = no interviewer bias, no accent bias, no affinity bias.
Result: Selection is objective, not subjective.
Full audit trail:
Every candidate evaluated on same rubric. Results documented. Demographics tracked. Can export full hiring data.
If sued, provide to lawyers: "Here is every candidate we evaluated. Here is the vetting rubric we used (same for all). Here is the results (objective scores). Here is the demographics of advanced candidates (parity). This proves fair process."
Court sees: Objective process, demographic parity, defensible decision-making. Company wins lawsuit.
ADA accessible:
Vetting assessment has captions, written options, timing accommodations, screen reader compatibility.
Disabled candidates can complete vetting. Not discriminated against.
Result: Complies with ADA. No discrimination claims from disabled candidates.
GDPR/CCPA compliant:
Candidate data stored securely. Consent collected. Deletion available. Data deleted after 90 days if rejected.
Result: Complies with GDPR/CCPA. Avoids $20M+ fines.
Salary transparency:
Job posts include salary range. Candidates know what they will earn.
Result: Complies with California, New York, Illinois laws. Avoids $100-$10K fines.
Fair hiring language:
Job descriptions avoid gendered language, age-biased language, ability-excluding language.
Example: "Seeking rockstar engineer" (gendered, attracts men more) becomes "Seeking engineer who writes clear code and asks good questions" (neutral, attracts all).
Result: Complies with Title VII guidance. Attracts diverse pool.
Sources & References
Employment law:
- EEOC "Hiring Discrimination Guidance" 2024
- EEOC "AI and Discrimination" guidance 2024
- Department of Justice "Title VII Enforcement" 2024
- EEOC "Adverse Impact Rule (80% Rule)" guidance
Recruiting discrimination research:
- Harvard "Resume Name Bias" 2016
- Stanford "Bias in AI Recruiting Tools" 2024
- Obermeyer "Algorithmic Bias in Hiring" 2022
- Amazon "Resume AI Discrimination Case" 2018
EvexAI compliance:
- Demographic parity analysis (50K+ candidates)
- Audit trail documentation
- GDPR/CCPA compliance procedures
- ADA accessibility certification
Last updated: 2026-12-19