AI in recruitment has already moved past the “emerging trend” phase. It is embedded in how we source, screen, rank, and engage talent. The conversation now is less about adoption and more about control: who governs it, how it is audited, and what risks businesses are actually taking on.
-
Setting the Stage
In the U.S., AI adoption in hiring has been fast, decentralized, and largely market-driven. Vendors are rolling out tools that promise efficiency—resume parsing, candidate matching, behavioral assessments—while employers are under pressure to move faster and do more with less. In practice, most companies are already using some form of AI, whether they formally acknowledge it or not.
In contrast, Europe has approached AI in hiring with more caution. The focus there is less on speed and more on guardrails—privacy, fairness, and accountability. The difference is philosophical as much as regulatory: the U.S. tends to prioritize innovation first and regulate later, while the EU builds frameworks before widespread deployment.
-
U.S. vs EU Regulatory Approaches
The United States — a fragmented and shifting landscape
There is still no comprehensive federal law governing AI in hiring. Instead, employers must navigate a patchwork of existing statutes, fast-moving state legislation, and a federal posture that has turned toward deregulation.
- Existing anti-discrimination law still applies. Title VII, the ADA, and the ADEA continue to govern AI hiring tools, and employers remain liable for discriminatory outcomes — even when a third-party vendor built the model. The EEOC’s dedicated AI guidance was withdrawn in 2025 and has not been replaced, and an executive order has directed federal agencies to deprioritize disparate-impact enforcement. The underlying statutory obligations, however, remain fully in force — and are increasingly being tested in court.
- The FTC continues to police deceptive or unfair practices, including overstated claims about AI capabilities (“AI washing”), though current leadership has signaled a narrower enforcement philosophy.
- State and local laws are now the primary driver — not an emerging gap-filler. NYC’s bias-audit law (Local Law 144), Illinois’s amended Human Rights Act, California’s Civil Rights Council regulations, and New Jersey’s anti-discrimination guidance are already in effect, with Colorado and Texas close behind. Requirements vary significantly from state to state.
- The federal posture is deregulatory. Rather than issuing new rules, the White House has moved to challenge state AI laws as obstacles to a uniform national policy, directing the DOJ to contest them. At the same time, the Senate voted 99–1 to strike a proposed moratorium on state AI laws, leaving the state patchwork firmly in place.
Accountability is being tested in the courts
Because there is no single federal rulebook, much of the real accountability in the U.S. is emerging through litigation under statutes never written with AI in mind. Two distinct strands are developing.
Employers remain on the hook for vendor-built tools. Most AI-hiring suits name the employer, testing the principle that buying a tool does not outsource liability. In Harper v. Sirius XM Radio (E.D. Mich., filed August 2025), a class of African-American applicants alleges that the company’s use of a third-party vendor’s AI/ML screening tools disproportionately rejected them, under Title VII and Section 1981. Bell v. Zelis Healthcare (N.D. Ala., filed July 2024) raises parallel race and age claims against an employer using algorithmic hiring tools.
The newer frontier is suing the vendor directly. The landmark case is Mobley v. Workday (N.D. Cal., filed 2023), which targets not an employer but the vendor of an AI screening tool, alleging race, age, and disability discrimination under Title VII, the ADA, and the ADEA. In July 2024 the court allowed the case to proceed on the theory that an AI vendor can be liable as an “agent” of the employers it serves, and in May 2025 it granted preliminary certification of a nationwide ADEA collective — potentially one of the largest ever, since Workday acknowledged that more than a billion applications were screened by its tools during the relevant period. The case has only gained momentum: a March 2026 ruling again upheld that job applicants may bring ADEA disparate-impact claims (applying Skidmore deference to the EEOC’s longstanding interpretation in the post-Loper Bright landscape), added new plaintiffs and new gender-based and California state-law claims, and set the matter toward a third amended complaint. The theory is also expanding beyond discrimination law: in Kistler v. Eightfold AI (Cal. Super. Ct., filed January 2026), plaintiffs allege that an AI hiring vendor functions as a “consumer reporting agency” subject to the Fair Credit Reporting Act.
Courts still demand specificity. Saas v. Major, Lindsey & Africa (D. Md., dismissed 2024; affirmed by the Fourth Circuit) is the important counterweight. The plaintiff’s claims were dismissed because she invoked “algorithmic bias” without identifying a specific tool, practice, or measurable disparate impact. The lesson: merely alleging that AI was used does not create a presumption of discrimination — conventional Title VII and ADEA pleading standards still apply.
An early agency marker. EEOC v. iTutorGroup (E.D.N.Y.) produced a $365,000 consent decree in 2023 over software that auto-rejected older applicants — described by the agency as its first AI-discrimination settlement, though the system was arguably a hard-coded age cap rather than true AI. It predates the 2025 federal enforcement pullback and reflects a posture the EEOC has since stepped back from.
State-law and privacy vectors. Even where federal discrimination law is not the vehicle, state statutes create exposure. In Deyerler v. HireVue (N.D. Ill.), six applicants brought claims under Illinois’s Biometric Information Privacy Act (BIPA) over facial-geometry capture during AI-analyzed video interviews; in February 2024 the court largely denied the vendor’s motion to dismiss — sustaining the core BIPA claims and trimming only the “profiting” claim under § 15(c) — denied a second motion against the amended complaint in November 2025, and the parties then stipulated to dismissal in early 2026. In Baker v. CVS Health (D. Mass.), an applicant advanced the novel theory that AI video-interview screening functioned as an unlawful “lie detector test” under Massachusetts law; in February 2024 the court held that the statute creates a private right of action and let the case proceed past CVS’s motion to dismiss the notice claim, before the parties reached a confidential settlement.
For employers, the result is operational ambiguity layered with real and active legal risk. You can deploy AI tools, but you carry the burden of proving they are not discriminatory — and that burden is now being litigated, with vendors increasingly drawn in alongside the employers who use their products.
The European Union — a comprehensive, risk-based framework
The EU governs AI hiring through a single law: the AI Act (Regulation 2024/1689), in force since August 1, 2024. It sorts AI into tiers — prohibited, high-risk, limited, and minimal — and hiring falls in the high-risk category, the heaviest tier short of a ban.
What is banned outright? Since February 2, 2025, some uses are flatly prohibited: emotion-recognition systems in the workplace and recruitment, biometric categorization that infers sensitive traits, and social scoring. Practically, any video-interview tool offering “emotion analysis” or sincerity-scoring must be turned off for EU candidates — there is no compliance path that makes it lawful.
Why hiring counts as “high-risk.” The designation is broad, covering AI used in recruitment, selection, evaluation, promotion, termination, and worker monitoring. It captures nearly the whole HR AI stack, and turns on function, not branding — “decision-support” tools that meaningfully shape outcomes are caught even where a human signs off.
The provider/deployer split — a structural feature with no U.S. analogue. The Act splits obligations between the provider (the vendor that builds the tool) and the deployer (the employer using it). The vendor handles product compliance — technical documentation, conformity assessment, EU-database registration — but buying off the shelf does not transfer responsibility. The employer has its own binding duties and cannot rely on a vendor’s certification to cover itself. This is the answer U.S. courts are still resolving case by case: the EU codified it up front.
What the employer (deployer) must actually do? Under Article 26, a deployer must follow the provider’s instructions, ensure input data is relevant, monitor the system, flag emerging risks, and keep logs for at least six months. Two duties stand out: meaningful human oversight is mandatory (Article 14 — humans must be able to override or stop the system), and workers and their representatives must be told before a high-risk tool is used on them.
How it stacks on top of GDPR? GDPR’s Article 22 already bars decisions based solely on automated processing where they have significant effects — making fully algorithmic rejections precarious and requiring human review. The AI Act adds Article 86’s right to an explanation of high-risk AI decisions, which a hiring rejection squarely triggers.
Enforcement, penalties, and national variation. Fines run up to €15M or 3% of global turnover for high-risk breaches and €35M or 7% for prohibited uses. Regulators can also pull a non-compliant system from the market — often the bigger commercial threat. Enforcement is decentralized to national authorities (Finland activated first, January 2026), so interpretations vary by member state, and national works-council rules apply alongside the Act.
The timeline — and the delay employers should not over-read. Prohibited practices and AI-literacy duties took effect February 2025; general-purpose AI rules in August 2025. The core high-risk obligations for employment, originally due August 2026, were pushed to December 2, 2027 by the May 2026 Digital Omnibus agreement — but the bans and literacy duties are already live.
The reach beyond Europe. The Act applies to U.S. employers whenever an AI tool’s output is used to evaluate candidates or workers in the EU, which makes it the effective floor for any multinational’s global hiring process.
The core difference
Instead of asking “Is this tool effective?”, the EU framework forces companies to ask “Can we justify and audit every decision this system makes?” The EU front-loads that accountability through pre-deployment compliance and codifies who is responsible — both vendor and employer — before a single candidate is screened. The U.S. ultimately imposes similar accountability, but after the fact, through litigation and a growing thicket of state laws, with the vendor-liability question still being worked out in the courts rather than settled by statute. For a multinational employer, the practical consequence is that EU compliance tends to set the global floor: meeting the strictest regime is usually easier than running two separate hiring processes.
-
Implications for Businesses and Employees
For businesses operating in the U.S., the biggest challenge is not access to AI—it is managing exposure. Many firms are unknowingly creating risk by relying on third-party tools without fully understanding how those tools were trained or validated. In a fragmented regulatory environment, enforcement may come after the fact, which means liability is reactive rather than preventative.
In the EU, the barrier to entry is higher, but the expectations are clearer. Companies need infrastructure—documentation, audit trails, compliance workflows—before deploying AI in hiring. That slows adoption, but it also reduces uncertainty.
For employees and candidates, the experience diverges as well. In the U.S., candidates are often screened by systems they do not see or understand. In the EU, there is a stronger emphasis on transparency and the right to challenge decisions, which shifts some power back to the individual.
-
Future Outlook
Looking ahead, the question is whether these two systems move closer together or continue to diverge.
In the U.S., some level of unification is likely. The current patchwork is not sustainable for companies operating across multiple states, especially in industries like financial services where compliance expectations are already high. Whether that comes through federal legislation or coordinated agency enforcement remains to be seen, but pressure is building.
In the EU, there may be gradual flexibility in how the AI Act is implemented, particularly as companies push back on operational burdens. The framework is strict, but enforcement will ultimately determine how rigid it feels in practice.
At the same time, there are limits to what AI can realistically solve in hiring. It can improve efficiency and surface patterns, but it cannot fully replace judgment—especially in roles where context, soft skills, and regulatory nuance matter. Over-reliance on automation without human oversight is where both legal and business risks start to compound.
From a practical standpoint, the companies that will navigate this well are not the ones adopting AI the fastest, but the ones building controls around it early—understanding their data, documenting their processes, and treating AI as an assistive tool rather than a decision-maker.
Authors:
• Len Adams, Founder/CEO, ACG RESOURCES
• Mario Cistaro, Founder, CILC
Compliments of ACG Resources and CILC – members of the EACCNY