The EEOC’s position is direct: employers are liable for discriminatory outcomes from AI tools they use in hiring, regardless of vendor claims about bias mitigation. If your AI hiring tool screens out protected class candidates at a higher rate, that’s your compliance problem — not your vendor’s. The 9 requirements below define what adequate compliance looks like for HR teams using AI in 2026.

See the HR Compliance Automation — Complete 2026 Guide for how to build these requirements into your automation stack.

1. Adverse Impact Analysis — Track Selection Rates by Protected Class

The four-fifths rule is the EEOC’s primary adverse impact standard: if any protected group has a selection rate less than 80% of the highest-selected group, adverse impact is indicated. You need to measure this at every AI-influenced stage — resume screening, interview scoring, assessment results.

What automated compliance looks like: Your ATS logs every candidate, their stage progression, and the AI tool outputs influencing each decision. A Make.com™ scenario aggregates this data monthly into a structured report. Adverse impact is calculated automatically; HR reviews the output and documents the review. Manual process: someone exports data, runs a spreadsheet analysis, and files it somewhere — usually quarterly at best, often not at all.

Verdict: Adverse impact analysis is the single highest-priority EEOC compliance requirement. If you automate nothing else, automate this. The data already exists in your ATS — the gap is systematic aggregation and analysis.

2. Human Oversight Records — Prove Humans Reviewed AI Recommendations

EEOC guidance requires that humans make hiring decisions, not AI systems. The practical compliance requirement is documentation: evidence that a human reviewed AI output and made an independent judgment. A recruiter clicking “approve” on an AI recommendation without documented independent review doesn’t satisfy this.

What automated compliance looks like: Your ATS workflow requires a structured human review action — with a required input field — before any AI-influenced decision is recorded. The action is timestamped, logged with the reviewer’s identity, and stored with the candidate record. The workflow enforces the step; it cannot be bypassed.

Verdict: This requirement trips up teams that assume a human in the loop satisfies oversight. The documentation standard is evidence of substantive review, not just a click-through.

3. Vendor Due Diligence Records — Assess Your AI Tool’s Bias Methodology

Employers are liable for the AI tools they use. That liability extends to vendor selection: you need documented evidence that you assessed the AI tool’s bias testing methodology, training data composition, and known limitations before deployment — and that you reviewed this assessment annually.

What automated compliance looks like: A structured vendor assessment template completed at onboarding and annually thereafter, stored in your document management system with version control. Make.com™ triggers the annual review reminder and routes the completed assessment to the compliance record.

Verdict: Most HR teams have vendor contracts, not vendor assessments. These are different documents. A contract describes terms; an assessment documents your evaluation of the tool’s compliance posture.

4. Candidate Disclosure — Systematic Notice of AI Use

Candidates must be informed when AI tools are used in decisions that significantly affect them. The compliance failure mode is relying on individual recruiters to include disclosure language — some do, some don’t. Systematic compliance requires disclosure to be built into the application process itself, not dependent on recruiter behavior.

What automated compliance looks like: Disclosure language is embedded in the application form. A confirmation log records that the disclosure was presented to each candidate. The log is stored with the candidate record for the retention period required by your EEOC compliance policy.

Verdict: Disclosure is low-friction to implement correctly and high-risk to implement inconsistently. Build it into the application form once; the system handles it for every subsequent applicant.

5. Opt-Out Mechanism — Provide an Alternative Process

Candidates who decline AI-based review must have an alternative pathway. This doesn’t mean AI can’t be used at all — it means candidates who object have a defined process for human-only review of their application. That process must be documented, consistently applied, and not structured to disadvantage candidates who opt out.

What automated compliance looks like: The opt-out request triggers a workflow flag on the candidate record. The record routes to a human review queue rather than the AI-assisted pipeline. The flag is retained with the record; opt-out requests are logged for volume analysis.

Verdict: Few HR teams have formal opt-out processes. This is a compliance gap that creates specific liability because it’s an explicit EEOC requirement with a clear remedy.

6. Job-Relatedness Testing — Validate That AI Criteria Predict Performance

AI selection criteria must be job-related and consistent with business necessity. The EEOC requires validation evidence: documentation showing that the factors the AI uses to score or rank candidates actually predict job performance in your specific role. Vendor-provided validation studies on their generic dataset don’t substitute for validation on your population and your roles.

What automated compliance looks like: Validation studies are commissioned at implementation and when significant role changes occur. Study documentation is stored in the compliance record. Outcome tracking — connecting hiring decisions to performance data — is automated to build the longitudinal dataset needed for ongoing validation.

Verdict: This is the most resource-intensive requirement and the one most commonly skipped. Start with the roles where AI is used most heavily in screening and build validation evidence there first.

7. Data Retention — Keep Records Sufficient for Investigation

EEOC regulations require retention of employment records for one year from the date of the record or the date of the personnel action, whichever is later. For AI-related compliance, the relevant records include adverse impact analyses, human review logs, vendor assessments, and AI tool outputs for individual candidates. These records must be retained and retrievable.

What automated compliance looks like: Your compliance records are stored in a structured system with retention policies enforced by the platform. When the retention period expires, records are purged according to the policy. When a charge is filed, records are preserved (litigation hold) automatically. Manual archiving to email folders doesn’t satisfy this.

Verdict: Retention policy is easy to document. Retention enforcement is where manual processes fail. Build enforcement into the system, not the procedure.

8. Complaint Process — Define How Candidate Complaints Are Handled

Candidates who believe they were discriminated against by an AI hiring tool must have a process to raise that complaint. Your compliance posture requires a defined complaint intake process, a log of complaints received, documentation of the investigation and resolution, and analysis of complaint patterns for systemic issues.

What automated compliance looks like: The complaint intake form triggers a workflow: log creation, assignment to the compliance owner, investigation timeline tracking, and resolution documentation. Complaint data is aggregated monthly for pattern analysis alongside adverse impact data.

Verdict: Most HR teams have general complaint processes; few have AI-specific complaint processes. The EEOC’s AI guidance makes this a specific requirement, not a general one.

9. Annual Review — Systematic Evaluation of AI Tool Performance and Compliance

EEOC compliance for AI tools isn’t a one-time implementation — it’s an ongoing obligation. Annual review means systematically evaluating: adverse impact trends over the past year, vendor compliance posture updates, any regulatory guidance changes, complaints received and resolved, and whether the AI tool’s criteria remain job-related as roles evolve.

What automated compliance looks like: An annual review calendar event triggers data compilation from all compliance logs. A structured review template guides the analysis. Findings are documented and stored with the compliance record. Action items from the review are tracked in your project management system with owners and due dates.

Verdict: Annual review is where compliance programs either mature or decay. Teams that treat it as a real operational process maintain compliance posture. Teams that treat it as a box-checking exercise discover gaps during investigations.

How We Evaluated These Requirements

These requirements are drawn from EEOC guidance documents, the Uniform Guidelines on Employee Selection Procedures (29 CFR Part 1607), and EEOC technical assistance materials on AI in employment. The practical implementation guidance reflects 4Spot Consulting’s work building compliance automation workflows for HR teams using AI hiring tools. This is not legal advice — consult employment counsel for guidance specific to your organization and jurisdiction.