NYC Bias Audit: Step-by-Step Employer Guide to NYC LL 144

A proactive approach to NYC Local Law 144 can turn a legal obligation into a strategic advantage. The law mandates specific actions — bias audits, candidate notices, public disclosure — but fulfilling those requirements is also an opportunity to build a more equitable, more trustworthy hiring process. Many organizations mistakenly believe the law only applies to companies headquartered within the five boroughs. The reality is far broader: the law's jurisdiction is determined by the location of the job, not the employer. If your company uses automated tools to screen, score, or select candidates for any position based in New York City — including remote roles filled by city residents — you are required to comply. The financial penalties for ignoring the NYC bias audit mandate accumulate daily, but the more serious risk is what the law's public disclosure rule does to a finding of bias: it puts it on the record, where it can fuel discrimination claims and erode your employer brand. This guide walks you through everything compliance demands — who's covered, what auditors check, what you owe candidates, what fines look like, and how to keep your AI hiring tools audit-ready over the long term.

‍
Key Takeaways

• Understand your core obligations: The law requires an annual, independent bias audit for each automated hiring tool, clear notification to candidates, and public disclosure of the audit summary on your website.
• Recognize the broad scope and high stakes: Compliance is mandatory for any company hiring for a role in NYC, regardless of your headquarters' location. Non-compliance can lead to daily fines and significant legal exposure from potential discrimination claims.
• Treat the audit as risk management, not a checkbox. A proactive, independent audit identifies and corrects bias before it becomes a public liability — protecting both your hiring decisions and your brand.
• Build a sustainable compliance program: Lasting compliance goes beyond a single audit; it requires a complete inventory of your tools, a strong AI governance framework, and continuous monitoring to catch model drift between annual cycles.

What Is the NYC Bias Audit Law?

If your company hires or promotes employees in New York City, you need to be aware of a significant piece of legislation impacting how you use technology in your recruitment process. Known as the NYC Bias Audit Law, this regulation introduces new rules for employers using automated tools to make employment decisions. Understanding its requirements is the first step toward ensuring your hiring practices are both fair and compliant.

The Core of Local Law 144

At its heart, New York City's Local Law 144 requires employers to take a closer look at the automated tools they use for hiring and promotions. The law mandates that these systems — called Automated Employment Decision Tools (AEDTs) — undergo an annual AI bias audit conducted by an independent party. This is not just an internal checkup; it is a formal assessment to check for potential bias. Beyond the audit itself, the law has two other key components: employers must notify candidates when an AEDT is being used to evaluate them, and they must make the results of the bias audit publicly available on their website, creating a new layer of transparency in the hiring process.

Key Dates and Implementation

While the law was passed in 2021, its enforcement did not begin immediately. The rules officially went into effect on July 5, 2023, marking the end of the grace period for businesses to bring their hiring practices into compliance. Since that date, any employer using an AEDT for a New York City-based role must meet the law's requirements — annual bias audits, candidate notifications, and public disclosure of audit results. The law is actively enforced by the NYC Department of Consumer and Worker Protection (DCWP), and companies that fail to comply are subject to financial penalties for each violation.

What the Law Aims to Achieve

The primary goal of this legislation is to promote fairness and reduce discrimination in the workplace. As companies increasingly rely on AI to screen resumes and assess candidates, there is a growing concern that these tools could unintentionally favor certain groups over others. The law directly addresses this by requiring audits that check for disparate impacts based on race, ethnicity, and gender. By making these audits mandatory and public, the city aims to hold organizations accountable for the technology they deploy, give candidates more insight into how they are being evaluated, and push the industry toward developing and using more equitable AI systems.

Who Must Comply With the Law?

New York City's bias audit law has a broad scope that can catch many employers by surprise. The compliance requirements are not determined by the size of your company or where your headquarters are located. Instead, the key factor is whether your organization uses specific types of technology to make employment decisions affecting jobs or people in New York City. Many organizations find that even if they are not based in the city, their recruitment practices require them to adhere to these rules.

Identifying Covered Employers

The law applies to any employer or employment agency that uses Automated Employment Decision Tools (AEDTs) to screen candidates for hiring or employees for promotion. This applies to businesses of all sizes, from small startups to large multinational corporations, across both the public and private sectors. If your company relies on an algorithm or AI system to help filter, score, or select applicants for a position, you are required to comply. The regulation is triggered by the use of the tool in the decision-making process, regardless of how much weight that tool's output is given. The responsibility for the audit rests with the employer using the tool, not the vendor who created it.

The Law's Geographic Reach

A common point of confusion is the law's geographic application. A company does not need to be physically located in New York City to be subject to the regulation. The law's reach is determined by the location of the job. If you are hiring for a position based in New York City, you must comply, even if your company is headquartered in another state or country. This also extends to remote positions if the person hired for the role will be working from a location within the city. Any organization that evaluates job candidates or current employees for roles connected to New York City using an AEDT must follow the law's requirements for bias audits and transparency notices.

How the Law Affects Third-Party AI Tools

If you use a third-party vendor's AI tool for hiring or promotions, the compliance responsibility ultimately rests with you, the employer. You are required to ensure a bias audit has been conducted and to post the results publicly. Most employers will need to work closely with their vendors to meet these obligations, and reviewing the bias audits or other compliance documentation provided by your vendor is critical. For vendors themselves, providing a compliant, independent audit is no longer a differentiator — it's a cost of doing business in NYC, and a single thorough audit can often satisfy requirements across multiple jurisdictions.

What Is an Automated Employment Decision Tool (AEDT)?

New York City's Local Law 144 centers on a specific category of technology: the Automated Employment Decision Tool, or AEDT. Understanding what qualifies as an AEDT is the first step for any employer looking to comply with the law. The definition is intentionally broad, capturing a wide range of software used in modern recruitment and employee advancement.

Defining AEDTs and Common Examples

The law defines an AEDT as any computational process that issues a simplified output, like a score or classification, which is used to either replace or "substantially assist" a human decision-maker in hiring or promotion. Think of tools that automatically screen resumes for keywords, software that analyzes video interviews for specific traits, or platforms that rank candidates based on their responses to an assessment. These systems use data and algorithms to make recommendations. Because the definition is so broad, many common types of hiring software can be considered AEDTs. The key is whether the tool's output is a significant factor in making an employment decision.

The Role of AEDTs in Hiring and Promotions

AEDTs are designed to make hiring and promotion cycles more efficient, helping teams sort through large applicant pools to find the best fit. However, their efficiency can come with a risk. The primary concern behind Local Law 144 is the potential for these tools to perpetuate or even amplify biases, resulting in discriminatory outcomes. The law requires an audit to check for "disparate impact," which occurs when a tool's results unfairly disadvantage individuals based on their race, ethnicity, or gender, even if there was no intent to discriminate.

How to Determine if a Tool Is an AEDT

Figuring out if a specific piece of software qualifies as an AEDT can be challenging because the legal definition is broad. The central question is whether the tool "substantially assists or replaces" a person's judgment. Ask yourself:

• Does this software automatically reject applicants who lack a specific keyword?
• Does it rank candidates and recommend a top percentage for interviews?
• Does it score candidate responses, traits, or attributes and feed that score back to a recruiter?
• Does its output materially shape who advances in the process?

If a tool does more than simply organize information — if it produces a recommendation, ranking, or score that influences who moves forward — it probably falls under the law. For large organizations, the first step is often inventorying all HR technology to identify which systems meet the AEDT criteria and require auditing. This internal review is the foundation of a clear and defensible compliance strategy.

What Does a Bias Audit Entail?

Complying with New York City's law involves more than just running a quick check on your software. The regulation rests on three pillars: independent bias auditing, transparency for candidates, and public accountability for employers. The sections that follow break down each pillar, starting with the audit itself.

The Mandate for an Independent Annual Audit

The law requires employers to commission an AI bias audit for each of their AEDTs at least once a year. A critical part of this rule is the term "independent." The audit must be conducted by a third party who was not involved in developing or using the tool, ensuring the evaluation is impartial and objective. This annual cadence means compliance is not a one-time project but an ongoing commitment. Your company must schedule and complete a new audit every 12 months for as long as the tool remains in use.

Key Components of the Audit

The core of the audit is a test for disparate impact. This analysis determines if an AEDT disproportionately screens out candidates based on their race, ethnicity, or sex. The audit calculates an "impact ratio" by comparing the selection rate of a specific demographic group to the selection rate of the most-selected group. The law also requires intersectional analysis — for example, comparing outcomes for Black women against those for white men — providing a clear framework for the evaluation.

Transparency and Public Reporting Rules

The audit's findings cannot remain internal. Before using an AEDT, and at least annually thereafter, you must publish a summary of the most recent bias audit on your company's website. This summary must be placed in a clear and conspicuous location where job seekers or employees can find it. The public disclosure needs to include the date of the most recent audit, the date the tool was first used, and the impact ratios for all categories tested. You can see examples of this transparency in the Warden Assured Directory.

Notifying Candidates and Handling Data Requests

The audit is only one of Local Law 144's three pillars. The other two — what you tell candidates before you use a tool, and what you must hand over when a candidate asks — are where many employers get tripped up.

Required Candidate Notice (At Least 10 Business Days)

Employers must notify applicants or employees that an AEDT is being used at least 10 business days before it is used. The notice must be clear and conspicuous — whether posted on a careers page or sent directly to individuals — and must:

• State that an automated tool will be used in the assessment or evaluation
• Specify the job qualifications and characteristics the tool will use to make its assessment
• Inform the candidate of the right to request an alternative selection process or a reasonable accommodation

This last point is essential. The notice isn't just informational; it's a trigger that puts the candidate's opt-out rights on the table.

Data Disclosure on Request

Beyond the initial notice, employers have an ongoing duty to provide information upon request. If a candidate who lives in New York City applies for a position, they have the right to ask for more details about the AEDT — and the employer must respond. Upon request, you must disclose:

• The type of data the tool collects
• The source of that data
• The company's data retention policy

For staffing and recruitment agencies and large enterprises managing high applicant volumes, having a clear, repeatable process for handling these requests is essential for both compliance and trust.

Providing an Alternative Selection Process

The law ensures candidates are not forced to be evaluated by an automated system. The required notice must explicitly state that an individual can request an alternative selection process. While the law does not prescribe what that alternative must look like, it is generally understood as a method that does not rely on the AEDT — for example, a manual review by a human recruiter. The alternative must be a reasonable substitute and cannot be used to disqualify the candidate from consideration. Adhering to a comprehensive standard like Warden Assured helps organizations build the framework needed to manage these alternatives consistently.

Your Step-by-Step Guide to Bias Audit Compliance

Understanding the law is one thing; operationalizing it is another. The following four steps translate Local Law 144's requirements into a sequence you can run.

Step 1: Define the Scope of Your AEDT Inventory

The first step in compliance is determining which of your tools qualify as AEDTs. The law's definition can feel broad, covering any automated process that "substantially assists or replaces" human decision-making for hiring or promotion. This requires a thorough inventory of your HR technology stack, from resume screeners to promotion-eligibility software. Evaluate each tool's function and its influence on employment outcomes. Because many organizations operate under a patchwork of regulations, defining the scope for a New York City audit may also have implications for compliance elsewhere — making a comprehensive initial assessment critical.

Step 2: Find a Qualified, Independent Auditor

Local Law 144 mandates that your bias audit be conducted by an independent party. This means the auditor cannot be involved in the use or development of the tool being tested, nor can they be employed by the vendor or the employer using the tool. They also cannot have a financial interest in the tool. Finding a truly qualified auditor is essential for the credibility of your results. For enterprises operating in multiple jurisdictions, the most efficient path is often a single audit engagement designed to satisfy several frameworks at once. When evaluating partners, look for a credible auditor with a transparent methodology that will hold up to scrutiny — and the expertise in both statistical analysis and the specific nuances of HR technology.

Step 3: Measure Bias Accurately Across Protected Groups

An effective bias audit goes beyond a simple pass/fail score. It requires a detailed statistical analysis to measure whether a tool produces disparate outcomes across different demographic categories. The law requires calculating selection rates and impact ratios across specific race, ethnicity, and gender groups, as well as their intersections. To do this accurately, you must start with your data: a systematic review of acquisition methods and the datasets themselves is necessary to identify and address potential sources of bias before they skew the results. A comprehensive AI assurance platform can automate these calculations, providing the metrics needed to determine compliance and identify areas for model improvement.

Step 4: Publish Results — Balancing Transparency with Confidentiality

One of the biggest concerns for employers and vendors is how to meet the law's public disclosure requirements without revealing proprietary information. The law does not require you to publish your algorithm's source code. Instead, you must post a public summary that includes the date of the audit, the source and type of data used, and the selection rates and impact ratios for all protected categories and intersectional groups. This level of transparency is designed to build trust with candidates and the public. Companies can feature these results directly on their career pages or through a public directory like the Warden Assured Directory.

Common Hurdles in Achieving Compliance

Even with a clear roadmap, several recurring obstacles can derail a compliance program. Understanding them in advance helps you plan around them.

The Challenge of Locating Every AEDT

The first hurdle for many organizations is simply identifying every tool that qualifies as an AEDT. These tools may be standalone resume screeners, or they could be features embedded within larger Human Resource Information Systems (HRIS). In large companies, different departments might use various unsanctioned tools, making a complete inventory a complex undertaking. A thorough internal review is necessary to map out every piece of technology that plays a role in employment decisions before an audit can even begin.

Securing a Qualified, Independent Auditor

The term "independent" is not explicitly defined in the law, leaving companies to interpret its meaning. Finding an auditor who is truly impartial and possesses the necessary expertise in data science, employment law, and AI ethics can be difficult. The process of an AI bias audit itself requires deep technical and legal knowledge, and the pool of qualified professionals who can perform this service to a legal standard is still developing.

Managing Data for a Successful Audit

A successful bias audit depends entirely on the quality and completeness of your data. Many organizations find that their historical data is insufficient, lacking the specific demographic details required for a statistically valid analysis. Preparing for an audit often involves a significant data gathering and cleaning effort. You must ensure you have a sufficient sample size and accurate records for both selected and non-selected candidates to produce a meaningful audit result.

Interpreting the Law's Vague Language

While the NYC Bias Audit Law is in effect, some of its language remains open to interpretation. Key terms — what precisely constitutes an AEDT, what makes an auditor truly "independent," and which statistical methods are best for measuring bias — are still being clarified through regulatory guidance and early enforcement actions. This legal ambiguity can make it challenging for employers to build a compliance strategy with confidence, requiring a robust framework — often supported by an AI assurance platform — to create a defensible and transparent process that can adapt as legal interpretations evolve.

How to Prepare for Compliance

Meeting the requirements of Local Law 144 involves more than just a single audit. It requires a systematic approach to how you select, use, and monitor automated tools in your hiring process.

Start with an Internal AEDT Inventory

Create a comprehensive inventory of every AEDT your organization uses. Document which tools are in use, what they do, and where they fit into your recruitment workflow. This inventory serves as your map, showing you the full scope of what needs to be audited and managed, and is a critical part of your AI assurance strategy.

Build a Framework for AI Governance

Once you know which tools you're using, you need a clear framework for governing them. Establish rules for how your company uses and manages its AEDTs. Assemble a dedicated team responsible for overseeing these tools, with authority to review and test the systems, ask questions of vendors or developers, and report any issues. A strong governance structure demonstrates a commitment to responsible AI use and provides a clear line of accountability.

Create Clear Protocols for Candidate Notification

Transparency with candidates is a non-negotiable part of the law. You must inform applicants and employees when an AEDT will be used to evaluate them, specify the job qualifications or characteristics it assesses, and provide information on how an individual can request an alternative evaluation method or an accommodation.

Re-evaluate Vendor Contracts and Partnerships

If you use third-party AI tools, your organization remains responsible for their impact — your vendor contracts should reflect that. Review your agreements to ensure they require vendors to provide the documentation needed for compliance. For new partnerships, make compliance a non-negotiable part of procurement: ask potential vendors whether their tools are independently certified — for example, through the Warden Assured standard — to select partners committed to fairness and transparency from the start.

Implement a System for Continuous Monitoring

Compliance is not a one-and-done task. Implement a system for continuously monitoring your AEDTs to ensure they are performing as expected and remain stable over time. Regular assessments will help you identify and address potential bias before it becomes a significant problem.

Best Practices for an Effective Bias Audit

An effective audit goes beyond the legal minimum. The following practices turn the annual audit from a procedural requirement into a genuine governance instrument.

Validate Your Data Sources Before You Audit

The data used to train and test your AI employment tools is the foundation of their decision-making. If the source data contains historical biases, the tool will likely perpetuate or amplify them. Before conducting a bias audit, evaluate the integrity and appropriateness of your datasets: question how the data was collected, whether it is representative of your desired applicant pool, and whether it contains variables that could act as proxies for protected characteristics. Validating your data sources is a fundamental step toward a fair and defensible AI system.

Assess Job-Related Outcomes, Not Just Statistical Parity

A statistically fair model is not necessarily an effective one. A comprehensive bias audit should also evaluate the relationship between scores from the AI tool and actual job-related outcomes — a process often called a criterion validation study. This examines whether the tool's predictions correlate with meaningful metrics like job performance and employee retention. Linking the audit to tangible business results confirms that the tool is not just avoiding bias but also helping you identify the best candidates for the right reasons.

Integrate Continuous Monitoring Between Annual Audits

While periodic audits are essential, continuous monitoring is a more proactive approach to AI governance. Instead of waiting for the annual review, monitoring tracks fairness metrics in near real time, catching potential bias drift or performance degradation much sooner. This transforms AI assurance from a periodic check into an ongoing operational function embedded in the lifecycle of your AI systems.

What Are the Penalties for Non-Compliance?

Failing to comply with New York City's bias audit law carries significant and compounding consequences. The legislation was designed with clear enforcement mechanisms that include financial penalties, but the risks extend far beyond monetary fines.

Understanding the Fines and Penalties

The law specifies a civil penalty of up to $500 for a first violation. For each subsequent violation, the penalty can increase to as much as $1,500. Crucially, the city considers each day an employer uses a non-compliant tool — or fails to provide proper notice — as a separate violation. This means fines can accumulate rapidly: using an unaudited tool for a single week could result in seven distinct violations. According to the NY State Comptroller's December 2025 audit of DCWP enforcement, the city is moving toward tighter enforcement of these penalties. An independent AI bias audit is the foundational step to confirm your tools are compliant and avoid these accumulating costs.

Beyond Fines: The Risk of Litigation

While the financial penalties are clear, the greater risk for many organizations lies in potential litigation and reputational harm. Local Law 144 is fundamentally a civil rights law, and a public finding of bias — or the failure to conduct a required audit — could become powerful evidence in a discrimination lawsuit filed under other local, state, or federal laws. As Deloitte's analysis of Local Law 144 notes, the structure of the law — where each day of violation counts separately — creates significant legal exposure for organizations slow to address compliance gaps. If an audit reveals bias and the organization does not take corrective action, it creates a documented record of liability. Public reports of biased hiring practices can also damage a company's brand, making it harder to attract top talent and maintain customer trust. Adhering to a recognized standard like Warden Assured helps demonstrate a commitment to fairness that can mitigate these legal and reputational risks.

What This Law Signals for the Wider Regulatory Landscape

Local Law 144 was the first U.S. law to directly regulate AI in hiring, and legal experts widely treat it as a blueprint. Organizations should view compliance not as a local issue but as preparation for a broader shift toward AI accountability — establishing a robust framework now provides a competitive advantage as new requirements appear.

How to Report a Violation

New York City's Local Law 144 gives job applicants and employees clear rights and establishes procedures for addressing potential non-compliance. The law empowers individuals to hold employers accountable and includes safeguards to protect them throughout the process.

Filing a Complaint with the DCWP

If you believe an employer or hiring firm has used an automated employment decision tool without adhering to the law, you have the right to take action. The primary channel for this is the Department of Consumer and Worker Protection (DCWP). An individual can file a complaint if a company fails to conduct a required bias audit, does not make the audit results public, or neglects to provide the required notifications about the tool's use. The DCWP is responsible for investigating these claims and enforcing the law, which may include issuing penalties for violations.

Understanding Anti-Retaliation Protections

The law includes strong anti-retaliation provisions to protect individuals who exercise their rights. Employers are explicitly prohibited from taking adverse action against a job applicant or employee for filing a complaint or requesting information about an AEDT. A company cannot legally penalize you — for instance, by rescinding a job offer or terminating employment — for questioning its use of an automated tool or reporting a potential violation. These protections are designed to ensure that people feel safe holding employers accountable without fear of reprisal, reinforcing a culture of transparency and removing the threat of negative consequences for speaking up.

An Applicant's Right to Transparency

A fundamental aspect of Local Law 144 is an applicant's right to understand how they are being evaluated. Companies must inform candidates if an AEDT will be used in their assessment and specify which job qualifications or characteristics the tool will consider. Beyond this initial notice, candidates have the right to request more detailed information — and upon request, an employer must disclose the type of data the tool collects, its source, and the company's data retention policy. For employers, fulfilling these disclosure requirements is a key part of demonstrating good faith and adhering to the law's standards.

Maintaining Compliance for the Long Term

Achieving compliance with the NYC Bias Audit Law is not a one-time task. The law requires an annual audit, and the world of AI and regulations is constantly changing. Maintaining compliance means building a durable program that integrates into your company's operations.

The Importance of Ongoing Team Training

Compliance is a team sport. Your legal and HR departments must work together to prepare and update the notices you provide to candidates and employees. Hiring managers and recruiters who interact with these systems daily also need to understand their basic functions and limitations. Ongoing training ensures that everyone involved in the hiring process is aware of their obligations under the law.

Conduct Regular Risk Assessments

The automated tools you use today may not be the same ones you use next year. An algorithmic risk analysis helps you understand which groups of people might be affected by your automated tools and how significant those effects could be. Regular assessments allow you to catch potential issues early, before they lead to non-compliance or harm your company's reputation.

A Proactive Approach to Addressing Bias

An audit that finds potential bias is not a failure; it is an opportunity to improve. If an audit reveals that an AEDT is producing unfair outcomes, you need a clear and immediate process for remediation. This involves investigating the source of the bias, working with the tool's vendor or your internal development team, and taking concrete steps to fix the disparities. A proactive approach to AI bias auditing demonstrates to regulators, candidates, and your own employees that you are committed to fairness.

Evolving Your AI Governance Strategy

A robust AI governance strategy is the foundation of long-term compliance. Your strategy should create a clear system for managing your AEDT inventory, define the schedule for risk assessments, and outline protocols for training and bias remediation. As AI technology advances and regulations evolve, your governance strategy must adapt.

Related Articles

• NYC Local Law 144: AI Bias Audits & Compliance Platform
• Automated Employment Decision Tools (AEDT) Under NYC LL 144
• NYC LL 144 for HR Tech Vendors: A Compliance Playbook
• The State of AI Bias in Talent Acquisition