eazyware
Playbook·October 13, 2025·11 min read

AI in HR and recruiting: compliance-first design

Hiring is the most regulated knowledge-work application of AI. Here is what earns trust without violating law.

KR
Kushal R.
Engineering lead

Hiring is the most regulated application of knowledge-work AI. NYC Local Law 144, EEOC guidance, state-level bias-audit requirements, GDPR implications, India's evolving data protection framework, and the general fact that wrongful-termination and discriminatory-hiring lawsuits are expensive. Building HR AI that earns adoption without creating legal exposure is a compliance-first design problem. This post is the stack we actually deploy.

Compliance-first stack
Compliance-first HR AI stack 5. Audit + challenge log · explain · human appeal 4. Human decision AI assists — never decides alone 3. Bias testing disparate-impact by protected class 2. Feature restrictions no protected class or proxies 1. Legal review on every feature NYC Local Law 144, EEOC, Title VII, GDPR, India
Five layers: legal review on every feature, feature restrictions, bias testing, human-in-loop decisions, audit trail with challenge rights. AI never decides alone.

What the regulations actually require

Broadly across jurisdictions: (1) If AI is used in employment decisions, candidates must be informed. (2) Employers are liable for discriminatory impact regardless of intent — the AI can produce disparate impact on protected classes and the employer is responsible. (3) Bias audits are increasingly required (NYC annually, EU forthcoming). (4) Candidates have right to challenge decisions and in some cases to know what data was used.

Practical implication: every HR AI feature gets legal review before launch. Not during. Before. Skip this and you ship a feature you'll need to tear out after an audit or a complaint.

Patterns that work

Resume screening assistance — not decision

AI reads resumes against a job description, flags alignment signals, ranks candidates for reviewer efficiency. The reviewer still reads each promising resume and makes the shortlist decision. The AI is a priority-sorter, not a filter. Logs capture the full ranking, allowing bias audits to check that no protected class is being systematically deprioritized.

Feature restrictions that matter: no features that could serve as proxies for protected classes. Names, addresses, universities (can proxy for nationality, socioeconomic status), employment gaps (can proxy for pregnancy, disability) all require careful handling — often exclusion from the ranking signal even if they appear in the resume.

Interview scheduling and coordination

Low-risk, high-value. Calendar coordination, prep materials, reminder emails. Pure productivity win; avoids decision-making entirely.

Job description quality checks

AI reads JD drafts, flags biased language ('rockstar,' 'cultural fit' without specification, gendered terms), suggests more inclusive alternatives. Directly addresses a known source of applicant-pool bias.

Employee-facing HR Q&A

Policy questions, benefits explanations, leave procedures. RAG over the employee handbook with careful guardrails (no personalized benefits decisions, no representations that could create contractual obligations). High adoption if you get the scope right.

Performance review drafting

Given goals and periodic check-in notes, draft performance reviews for manager editing. Every review is human-edited and signed. AI handles the tedium; manager exercises judgment.

What fails or gets pulled

Video-interview analysis ('reading' candidates from their video). Multiple vendors have been forced to change products or pull features after bias audits revealed discriminatory impact against protected classes. The underlying problem — facial features and vocal patterns correlate with protected-class membership — is not solvable by more data.

Automated decision-making in hiring. Illegal in many jurisdictions without specific consent and challenge rights; exposes the employer to significant liability. Any 'fully automated screening' product is shipping something that can't legally operate in NYC, Illinois, California, most of the EU, or India as drafted.

Performance-management automation at scale. Using AI to identify underperformers for action is a minefield. The AI identifies patterns that may correlate with protected-class status; the employer is liable for the action.

The deployment discipline

Before launching any HR AI feature: (1) legal review, (2) bias audit against the training data or decision outputs, (3) documentation of the human-in-loop flow, (4) audit log design. Every decision logged with the AI's contribution, the human decision, and the rationale. This audit trail is what you'll need when complaints come.

Compliance cost is significant. Budget 20-30% of engineering effort on it. Skipping this is how HR AI products become legal incidents.

Read next
AI governance frameworks that work (and ones that don't)
Read next
LLM security basics every team should know
Read next
PII redaction patterns for LLM pipelines
Tags
HRrecruitingcompliancefairness
Related reading

Continue the thread.

Strategy · 11 min

AI governance frameworks that work (and ones that don't)

Internal policy, model risk management, external audits. The lightweight framework most mid-size companies actually need.

Engineering · 11 min

LLM security basics every team should know

Prompt injection, jailbreaks, data exfiltration, and the concrete mitigations that actually work.

Engineering · 9 min

PII redaction patterns for LLM pipelines

How to strip sensitive data before it hits a model, and the three places this usually breaks.

/ Next step

Want to talk about this?

We love debating this stuff. 30-minute call, no pitch, just engineering conversation.

~4h
avg response
Q2 '26
next slot
100%
NDA on request
Book a call
Pick a 30-min slot · Cal.com
Email directly
hello@theeazyware.com
Send a brief
Get a written proposal · ~1 week