57% of HR Teams Are Breaking AI Hiring Laws They've Never Heard Of — SHRM's 2026 Compliance Blind Spot
In ten days, Colorado's AI Act goes live. Every employer using automated decision tools in hiring — from resume screeners to AI-scored assessments — will face fines of up to $20,000 per violation. For a mid-market employer who rejects just ten applicants through a non-compliant AI tool, that is $200,000 in cumulative penalties before a single quarter closes.
And according to SHRM's 2026 State of AI in HR report, more than half of the HR professionals operating in states with these laws have never heard of them.
The compliance clock is not ticking. For most HR teams, it has already run out.
The Awareness Gap No One Is Talking About
SHRM surveyed 1,908 HR professionals for its 2026 State of AI in HR report and found a staggering disconnect: 57% of HR professionals working in states that have enacted AI employment legislation are completely unaware that these laws exist.
That number alone should alarm every CHRO in the country. But the data gets worse when you trace what happens among the 43% who are aware:
- 12% have implemented compliance policies
- 12% know about the laws but have not yet adjusted their practices
- 19% are aware but have not addressed compliance at all
Run the math and the effective compliance rate — the share of HR teams in regulated states that have actually implemented policies — lands at roughly 5%. Nineteen states have enacted AI employment laws as of February 2026, and 95% of affected HR teams are either ignorant of or ignoring them.
This is not a knowledge gap. It is a compliance crisis hiding in plain sight.
Three Compliance Regimes Every HR Leader Must Know
The US regulatory landscape for AI in hiring is fragmented, but three jurisdictions set the pace. Each carries distinct requirements — and distinct penalties for non-compliance.
New York City: Local Law 144
NYC's Local Law 144 remains the most operationally demanding AI hiring regulation in the country. If your organization uses an automated employment decision tool (AEDT) to screen or evaluate candidates in New York City, you must:
- Commission an independent bias audit conducted by an external auditor, updated annually
- Publish audit results on your company website
- Provide candidates 10 days' advance notice before any automated tool is used in their evaluation
Civil penalties apply for each violation. The law has been enforceable since July 2023, yet compliance rates remain low — a pattern that mirrors the broader SHRM findings.
Colorado: SB 205 / Colorado AI Act (Effective June 30, 2026)
Colorado's AI Act represents the most significant escalation in US AI hiring enforcement. Effective June 30, 2026, it applies to any "high-risk" AI system used in consequential decisions — and hiring decisions are explicitly included. Requirements include:
- Impact assessments documenting how the AI system works, what data it uses, and what risks it poses
- Consumer notification that an AI system is being used in the decision
- Ongoing monitoring to detect and mitigate discriminatory outcomes
- Penalties of $20,000 per violation — with no aggregate cap
The enforcement math is severe. Ten rejected applicants processed through a non-compliant AI tool can generate $200,000 in fines. For employers hiring at scale, the exposure is potentially catastrophic.
Illinois: AI Video Interview Act + HB 3773
Illinois was an early mover. The AI Video Interview Act, in effect since January 2020, requires employers to:
- Disclose that AI is being used to analyze video interviews
- Explain how the AI works and what characteristics it evaluates
- Obtain candidate consent before using AI analysis
HB 3773 extended Illinois' anti-discrimination protections to cover AI-driven employment decisions, adding another layer of legal exposure for employers using automated tools that produce disparate impact outcomes.
Why 91% of CHROs Are Worried — But Not Acting
The SHRM report reveals a paradox at the executive level. 91% of CHROs rank AI and workplace digitization as their top organizational concern. These leaders understand that AI is reshaping work — yet they are not translating that concern into compliance investment.
Part of the disconnect stems from a misplaced focus. SHRM's data shows that AI is 5.7 times more likely to shift job responsibilities than to displace workers entirely. Organizations are spending their risk-management energy on layoff optics and workforce displacement scenarios while the actual, immediate legal risk — regulatory non-compliance — goes unaddressed.
The result is a dangerous inversion: companies are preparing for the AI risk that makes headlines (job losses) while ignoring the one that generates fines (compliance failures).
The Federal Question: Why State Laws Still Apply
In December 2025, President Trump signed an executive order aimed at preempting state-level AI regulation. Some HR leaders have interpreted this as a signal to deprioritize state compliance — but that interpretation is wrong.
The executive order expressed a policy preference for federal over state AI regulation. It did not invalidate existing state laws. Colorado, New York City, and Illinois enforcement continues while federal courts evaluate jurisdictional questions. No court has issued an injunction pausing any state AI hiring law.
For HR teams, the practical calculus is straightforward: state laws are enforceable today. Waiting for federal courts to settle preemption questions means operating without compliance protections during the period of highest enforcement risk. The Colorado AI Act deadline is June 30, 2026 — ten days from now — regardless of what happens in Washington.
Five Steps HR Teams Should Take This Week
The gap between where most HR teams are and where they need to be is wide. But it is closable. Here is a practical compliance checklist:
1. Audit your AI tool inventory. Catalog every automated tool used in your hiring process — resume screeners, chatbots, assessment platforms, video interview analyzers. You cannot comply with laws you do not understand, and you cannot understand your exposure without knowing what tools you are using.
2. Map your regulatory exposure. Determine which state and local AI employment laws apply to your candidates and employees. With 19 states having enacted AI employment legislation, your exposure is determined by where your candidates are located, not just where your headquarters sits.
3. Conduct bias audits proactively. NYC already requires them. Colorado's impact assessments serve a similar function. Do not wait for enforcement — commission an independent bias audit of your AI hiring tools now. If your tools cannot produce auditable outputs, that is a procurement problem you need to solve immediately.
4. Implement candidate notice procedures. Both NYC and Colorado require advance disclosure to candidates when AI tools are used. Illinois requires consent. Build these notification steps into your hiring workflow before they become enforcement triggers.
5. Assign compliance ownership. SHRM's data shows that even among HR professionals who know about AI hiring laws, most have not acted. The reason is often structural: no one owns AI compliance. Designate a compliance lead — whether that is your employment counsel, your HR operations head, or a dedicated compliance role — and give them explicit authority and budget.
Where AI Hiring Tools Fit In the Compliance Picture
The compliance burden falls heaviest on employers using AI tools that make or substantially inform hiring decisions autonomously. Tools that operate in a human-in-the-loop model — where AI provides decision support but final hiring decisions remain with a human recruiter — face meaningfully reduced regulatory exposure.
This distinction matters for tool selection. Platforms like OVI, which analyze transcript content only (no biometric analysis, no facial recognition, no emotion detection) and keep humans in the decision loop, are architecturally better positioned for compliance. OVI's approach aligns with AEDT frameworks like NYC Local Law 144 because the AI does not make the "automated decision" — the recruiter does. Starting at $99/month, it represents an affordable entry point for teams that want to adopt AI hiring tools without inheriting outsized compliance risk.
For HR leaders evaluating or re-evaluating their AI hiring stack, the compliance posture of each tool should now sit alongside cost and functionality as a primary selection criterion.
For more on OVI's compliance architecture, see the Trust & Compliance Center.
Do AI hiring laws apply if my company is headquartered in a state without AI legislation?
In most cases, yes. NYC Local Law 144 and Colorado's AI Act apply based on where the candidate is located, not where the employer is based. If you evaluate candidates in New York City or Colorado using AI tools, those laws apply to you.
Does the Trump executive order on AI preempt state AI hiring laws?
No. The December 2025 executive order expressed a federal policy preference but did not invalidate existing state laws. State enforcement continues. No court has issued an injunction pausing any state AI hiring law.
What is the difference between a bias audit and an impact assessment?
NYC Local Law 144 requires an annual independent bias audit examining disparate impact across race, ethnicity, and gender categories. Colorado's AI Act requires broader impact assessments that document how the AI system works, what data it uses, and what risks it presents. Both serve to identify and mitigate discriminatory outcomes, but Colorado's scope is wider.
How do I know if my AI hiring tool qualifies as an "automated employment decision tool"?
Under NYC Local Law 144, an AEDT is any computational process derived from machine learning or statistical modeling that substantially assists or replaces discretionary decision-making in employment. If the tool scores, ranks, or filters candidates, it likely qualifies. Tools operating in a human-in-the-loop model — where AI supports but does not replace recruiter decisions — may fall outside the definition.
What should I do if my current AI hiring vendor cannot provide bias audit data?
This is a critical procurement gap. If your vendor cannot produce the data needed for a bias audit or impact assessment, you face compliance risk that cannot be mitigated operationally. Engage your vendor in writing, set a deadline for audit-ready outputs, and evaluate alternative tools that are built with compliance transparency as a core feature.