AI is transforming the hiring landscape, but with that transformation comes a growing web of regulation. Jurisdictions across the U.S., Canada, and Europe are moving quickly to establish rules around how automated tools can be used in employment decisions — and the penalties for non-compliance are substantial.
Understanding where your tools stand against this regulatory landscape is no longer optional. It's a precondition for enterprise deployment. Here's a breakdown of the major frameworks and how Braintrust AIR is built to meet them.
NYC Local Law 144
New York City's Local Law 144 requires any employer using an automated employment decision tool (AEDT) to conduct and publish an annual bias audit performed by an independent third party. The audit must assess the tool's impact across race, gender, and national origin — and the results must be made publicly available.
AIR passed its most recent independent audit with zero adverse findings across all demographic groups. Selection rate equivalence was confirmed at 100%, and the audit methodology met the standards required under LL 144. Read the full audit findings.
The Illinois AI Video Interview Act
Illinois requires employers using AI to analyze video interviews to disclose the use of AI to candidates, explain how the AI works, and obtain express consent before analysis. AIR includes configurable, jurisdiction-aware consent flows that satisfy this requirement by design — candidates are clearly informed before any analysis begins, and consent is logged and auditable. AIR's structured rubric-based evaluation also means the AI's decision-making process is fully explainable, which directly satisfies the Illinois requirement to explain how the AI works.
Colorado SB 169
Colorado's SB 169 requires developers and deployers of high-risk AI systems to implement a risk management program, conduct annual impact assessments, and disclose AI use to candidates. AIR's rubric-based scoring is designed for exactly this kind of transparency — every decision point is traceable, auditable, and attached to a specific competency rather than a black-box algorithm.
The EU AI Act
Under the EU AI Act, AI systems used to make or significantly influence employment decisions are classified as high-risk. High-risk systems require conformity assessments, transparency documentation, human oversight mechanisms, and ongoing monitoring.
AIR addresses these requirements through its human-in-the-loop design philosophy. No hiring decision is made autonomously by the AI — it surfaces ranked candidates and generates scorecards, but a human makes every final call. This architecture directly satisfies the oversight requirements of the EU framework.
Data Privacy: GDPR and CCPA
Beyond bias and fairness regulations, data privacy frameworks impose strict requirements on how candidate data is collected, processed, and stored. AIR operates within fully isolated enterprise tenants — candidate PII, audio, and transcripts are never used to train third-party foundational models. Data residency requirements can be configured by region, and all data is encrypted at rest and in transit under SOC 2 Type II controls.
If your legal or compliance team is evaluating AI hiring tools, book a demo and we'll walk through our full compliance documentation and third-party audit history in detail.