A single EEOC complaint costs the average employer $75,000 or more in legal fees -- even when the employer wins. Add the management hours consumed by discovery, the reputational damage of a public charge, and the operational disruption of an investigation, and the actual cost of a single compliance failure can exceed $200,000 before any settlement or judgment is entered.
Now consider that many violations are systemic: a non-compliant job posting, a missing background check disclosure, or an undocumented screening criterion affects not one candidate but every candidate who passed through that process. One procedural gap can become dozens of individual claims overnight.
This is not a risk that only large employers face. The FCRA, I-9/IRCA, and FLSA apply to employers of all sizes. State pay transparency laws and ban-the-box statutes are expanding every year. And since 2023, the EEOC has held employers liable for disparate impact caused by third-party AI screening tools -- a rule that most employers using automated resume screening have not yet fully addressed.
This article is a working recruitment compliance checklist for 2026. It covers every federal requirement, the most impactful state-level mandates, the new rules that took effect this year, and a stage-by-stage breakdown of what you must do at each point in the hiring process. Use it as an audit tool, a training reference, or a policy baseline.
Federal Recruitment Compliance Requirements
Federal hiring laws form the baseline that every US employer must meet. State and local laws may add requirements on top of these, but they do not replace them. The following are the federal statutes that directly govern how you recruit, screen, and hire employees.
Title VII of the Civil Rights Act (1964, amended 1991)
Title VII prohibits employment discrimination based on race, colour, religion, sex (including pregnancy, sexual orientation, and gender identity as of the Supreme Court's Bostock v. Clayton County decision), and national origin. It applies to employers with 15 or more employees.
In recruitment, Title VII governs how you write job postings, which sourcing channels you use, how you evaluate candidates, and the criteria you apply to hiring decisions. Both disparate treatment (intentional discrimination) and disparate impact (neutral practices that disproportionately affect a protected group) are prohibited. The EEOC enforces Title VII and can investigate charges, issue right-to-sue letters, and bring enforcement actions.
For a detailed guide on EEO compliance during the hiring process, see our EEO Compliance in Hiring guide.
Americans with Disabilities Act (ADA, 1990)
The ADA prohibits discrimination against qualified individuals with disabilities and requires employers to provide reasonable accommodation throughout the hiring process. This includes making application forms accessible, providing interpreters or assistive technology during interviews, and modifying testing procedures when necessary.
Critically, the ADA prohibits pre-offer medical inquiries. You cannot ask candidates about their medical history, medications, or the nature or severity of a disability before making a conditional job offer. Post-offer medical examinations are permitted only if they are required of all entering employees in the same job category. The ADA applies to employers with 15 or more employees.
See our full guide on ADA compliance in recruitment for detailed requirements by hiring stage.
Age Discrimination in Employment Act (ADEA, 1967)
The ADEA protects individuals aged 40 and older from discrimination in employment. In hiring, this means job advertisements cannot include age preferences or limitations (except in rare cases where age is a bona fide occupational qualification), interview questions cannot probe a candidate's age or retirement plans, and screening criteria must not disproportionately exclude older workers without a clear job-related justification. The ADEA applies to employers with 20 or more employees.
Genetic Information Nondiscrimination Act (GINA, 2008)
GINA prohibits employers from using genetic information -- including family medical history -- in employment decisions. During hiring, this means you cannot request or use genetic tests, and you must take care that medical examinations conducted after a conditional offer do not result in the acquisition or use of genetic information. GINA applies to employers with 15 or more employees.
Fair Credit Reporting Act (FCRA)
The FCRA governs the use of consumer reports (including background checks conducted by third-party agencies) in employment decisions. Before obtaining a consumer report on a candidate, you must: (1) provide a clear, standalone written disclosure that a report may be obtained, (2) obtain the candidate's written authorisation, and (3) if you intend to take adverse action based on the report, provide the candidate with a pre-adverse action notice that includes a copy of the report and a summary of their rights under the FCRA.
FCRA requirements apply to all employers regardless of size when they use third-party consumer reporting agencies for background checks. The FTC and the Consumer Financial Protection Bureau (CFPB) enforce the FCRA. For the full FCRA compliance workflow, see our FCRA compliance in hiring guide.
Fair Labor Standards Act (FLSA)
The FLSA establishes minimum wage, overtime pay, recordkeeping, and youth employment standards. While primarily a wage-and-hour statute, FLSA compliance intersects with recruitment in two key areas: (1) the correct classification of positions as exempt or non-exempt must be determined before the offer stage, and (2) salary disclosures in job postings must accurately reflect the position's FLSA classification and applicable wage requirements.
Immigration Reform and Control Act (IRCA) and I-9 Requirements
IRCA requires all employers to verify the identity and employment authorisation of every individual hired in the United States using Form I-9. The I-9 must be completed within three business days of the employee's start date. Employers must physically examine original documents from the approved list (List A, or one document each from List B and List C) and retain the completed I-9 for the later of three years after the date of hire or one year after the date of termination.
IRCA also prohibits discrimination based on citizenship status or national origin during hiring. You cannot refuse to accept valid documents, require specific documents, or treat candidates differently based on their citizenship status or national origin during the verification process.
OFCCP Requirements for Federal Contractors
Employers holding federal contracts or subcontracts of $50,000 or more must comply with the Office of Federal Contract Compliance Programs (OFCCP) regulations. These include: developing and maintaining a written affirmative action plan (AAP), collecting and reporting EEO demographic data, tracking applicant flow data by race, ethnicity, sex, veteran status, and disability status, and conducting annual adverse impact analyses of selection procedures.
Federal contractors with 150+ employees and contracts of $150,000+ must retain all hiring records for two years (compared to the one-year minimum for most other employers).
Master Recruitment Compliance Checklist
The following table consolidates the major federal compliance requirements that apply during recruitment and hiring. Use this as a reference to verify that your processes and documentation meet each obligation.
| Law / Regulation | Key Requirement | Who It Applies To | Deadline / Frequency |
|---|---|---|---|
| Title VII | No discrimination by race, colour, religion, sex, national origin in any hiring practice | Employers with 15+ employees | Every hiring action |
| ADA | No pre-offer disability inquiries; provide reasonable accommodation for application process | Employers with 15+ employees | Every hiring action |
| ADEA | No age-based preferences in postings or screening; no age-related interview questions | Employers with 20+ employees | Every hiring action |
| GINA | No collection or use of genetic information, including family medical history | Employers with 15+ employees | Every hiring action |
| FCRA | Standalone disclosure + written consent before obtaining background check; pre-adverse action notice with report copy | All employers using third-party consumer reports | Before each background check; before each adverse action |
| FLSA | Correct exempt/non-exempt classification; accurate wage disclosures | All employers | Before offer stage |
| IRCA / I-9 | Complete Form I-9 with original document inspection; no document discrimination | All employers for every new hire | Within 3 business days of start date |
| EEO-1 Reporting | File Component 1 workforce demographic data by job category | Employers with 100+ employees (or 50+ with federal contracts of $50K+) | Annually (EEOC sets collection window) |
| OFCCP / AAP | Written affirmative action plan; applicant flow data; adverse impact analysis | Federal contractors with contracts of $50K+ | Updated annually |
| VEVRAA | Invite self-identification of veteran status; report hiring benchmarks | Federal contractors with contracts of $150K+ | Updated annually |
| E-Verify | Electronic employment eligibility verification (in addition to I-9) | Federal contractors; employers in mandatory E-Verify states | Within 3 business days of start date |
State-Level Recruitment Requirements
Federal law sets the floor, not the ceiling. State and local jurisdictions have added layers of requirements that, in many cases, go well beyond federal mandates. The three most significant categories for 2026 are ban-the-box laws, pay transparency requirements, and salary history bans.
Ban-the-Box Laws
Ban-the-box laws prohibit employers from asking about criminal history on initial job applications. The intent is to allow candidates to be evaluated on qualifications before criminal history enters the decision-making process. As of 2026, over 37 states and more than 150 cities and counties have enacted some form of ban-the-box legislation.
The scope varies significantly by jurisdiction:
- Public employers only: Some states restrict criminal history inquiries only for government positions.
- Public and private employers: States including California, Colorado, Connecticut, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, New Mexico, Oregon, Rhode Island, Vermont, and Washington apply ban-the-box to private employers as well.
- Conditional offer timing: Most ban-the-box laws delay criminal history inquiries until after a conditional offer of employment has been made, though some jurisdictions permit the inquiry after an initial interview.
- Individualized assessment: Many jurisdictions require that if criminal history is considered, the employer must conduct an individualized assessment weighing the nature of the offence, the time elapsed, and the nature of the job before making an adverse decision.
Pay Transparency Requirements
Pay transparency laws require employers to disclose salary ranges for open positions. This is one of the fastest-growing areas of state employment law. As of 2026, the following states require salary range disclosure in job postings: California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, New York, and Washington.
Key details that vary by state:
- What must be disclosed: Most states require a good-faith salary range (minimum and maximum). Some also require disclosure of benefits and other compensation.
- When disclosure is required: Some states require disclosure in the posting itself; others require disclosure upon request or at the time of an offer.
- Remote worker coverage: Colorado's law applies to any position that could be performed by a Colorado resident, setting a precedent that several other states have followed. Employers posting remote positions must comply with the strictest applicable standard.
- Penalties: Fines range from $1,000 per violation (Maryland) to $250,000 for repeat violations (New York City).
Salary History Bans
Salary history bans prohibit employers from asking candidates about their current or prior compensation. The rationale is that using prior salary to set offers perpetuates historical pay disparities, particularly for women and minorities. As of 2026, over 21 states and numerous cities and counties have enacted salary history bans.
Employers operating across multiple jurisdictions should default to a national policy of not requesting salary history, as tracking individual state requirements for each candidate interaction is operationally impractical for most organisations.
New Rules for 2026
Three categories of regulatory change are reshaping recruitment compliance in 2026. Employers who have not updated their processes to account for these changes are operating with significant legal exposure.
AI Bias Audit Requirements
The use of artificial intelligence and automated tools in hiring is now subject to specific regulatory requirements in multiple jurisdictions:
- New York City Local Law 144: Requires employers using automated employment decision tools (AEDTs) to conduct an annual bias audit by an independent auditor. The audit results, including impact ratios by race/ethnicity and sex, must be publicly available on the employer's website. Candidates must be notified that an AEDT is being used and given the option to request an alternative process.
- Illinois AI Video Interview Act: Requires employers to notify candidates when AI is used to analyse video interviews, explain how the AI works, and obtain written consent before using AI analysis. Employers must also report demographic data on applicants screened by AI to the Department of Commerce and Economic Opportunity.
- EEOC Technical Guidance (2023, ongoing): The EEOC has issued guidance confirming that employers are liable for disparate impact caused by AI and algorithmic hiring tools, even when those tools are developed and operated by third-party vendors. Employers cannot outsource compliance responsibility by purchasing an AI tool from a vendor.
- Colorado AI Act (effective 2026): Requires developers and deployers of high-risk AI systems, including those used in employment decisions, to conduct impact assessments and provide transparency notices to affected individuals.
For a full breakdown of AI audit requirements and how they affect ATS-based screening, see our guides on ATS bias audit requirements for 2026 and ATS compliance and EEO.
Vendor Tools Do Not Transfer Compliance Responsibility
If your ATS or screening tool uses AI to score, rank, or filter candidates, you -- not the vendor -- are responsible for ensuring that the tool does not produce disparate impact against protected groups. The EEOC's position is unambiguous: "If an employer administers a selection procedure, it may be responsible under Title VII if the procedure has a disparate impact, even if the procedure was designed or administered by an outside vendor." Request bias audit documentation from your vendor, but conduct your own monitoring as well.
Pay Transparency Expansion
Several states that previously required salary disclosure only upon request or at the offer stage have expanded their laws in 2026 to require disclosure in the job posting itself. Illinois's pay transparency law, effective January 1, 2025, now requires employers with 15+ employees to include pay scales and benefits in all job postings. Minnesota's law, effective January 1, 2025, applies to employers with 30+ employees.
The trend is clear: within two to three years, a majority of US states are expected to require salary range disclosure in job postings. Employers that have not already adopted this practice will need to do so regardless of their current state obligations.
EEOC Reporting Updates
The EEOC continues to expand its data collection and reporting requirements. Key updates for 2026 include:
- Component 1 EEO-1 filing: The EEOC has maintained the annual EEO-1 Component 1 filing requirement for employers with 100+ employees. The collection window and filing deadlines are announced annually.
- Pay data collection: While the EEO-1 Component 2 pay data collection was discontinued after fiscal year 2018, several states (including California and Illinois) have enacted their own pay data reporting requirements that require demographic breakdown of compensation data.
- AI and algorithmic tool reporting: The EEOC has signalled that future guidance may require employers to document and report on the use of AI and automated tools in hiring decisions, particularly when those tools affect selection rates for protected groups.
For guidance on EEO reporting tools and workflows, see our EEOC-compliant ATS guide for 2026.
Compliance Requirements by Hiring Stage
Compliance obligations are not generic -- they are specific to each stage of the hiring process. The following stage-by-stage breakdown identifies the exact requirements that apply at each point, from the moment a requisition is approved to the day a new hire completes onboarding.
Stage 1: Job Posting
- Use inclusive language that does not indicate a preference for or against any protected class (Title VII, ADA, ADEA).
- Do not include age-related terms such as "young," "recent graduate," "digital native," or "energetic" that could indicate age preference (ADEA).
- Include required salary range information per applicable state law (pay transparency).
- Include an EEO statement ("Equal Opportunity Employer" or equivalent).
- Do not include questions about criminal history on the application form if operating in a ban-the-box jurisdiction.
- Ensure the application process itself is accessible to individuals with disabilities (ADA).
- If the position requires specific physical capabilities, describe the essential functions of the job rather than stating physical requirements in terms that could exclude individuals with disabilities.
- Retain a copy of every job posting for the applicable record retention period.
Stage 2: Sourcing and Candidate Outreach
- Use a diverse mix of sourcing channels to avoid systemic exclusion of any protected group (Title VII).
- Document all sourcing channels used for each position (OFCCP requirement for federal contractors; best practice for all employers).
- If using AI-powered sourcing tools, verify that the tool's targeting criteria do not exclude candidates based on protected characteristics.
- Federal contractors must post positions on the appropriate state job bank and provide job listings to the local veterans' employment representative (VEVRAA).
Stage 3: Application Screening
- Apply consistent screening criteria to all candidates for the same position (Title VII).
- Do not screen out candidates based on disability-related information or medical conditions (ADA).
- Do not use criminal history as a screening criterion at this stage if operating in a ban-the-box jurisdiction.
- If using AI or automated screening tools, document the criteria being applied, monitor selection rates by demographic group, and ensure compliance with any applicable AI bias audit requirements.
- Collect voluntary EEO self-identification data separately from the application; ensure this data is not visible to reviewers.
- Document the reason for every candidate who is screened out at this stage.
Stage 4: Interviewing
- Use structured interview questions that are consistent across all candidates for the same role.
- Do not ask questions about age, marital status, pregnancy, family plans, religion, national origin, disability, or genetic information (Title VII, ADA, ADEA, GINA).
- Provide reasonable accommodation for the interview process when requested or when a need is apparent (ADA).
- If using AI-analysed video interviews, comply with the Illinois AI Video Interview Act and any applicable state notification/consent requirements.
- Use a standardised scoring rubric and document scores for every candidate interviewed.
- Retain all interview notes, scorecards, and evaluation forms for the applicable record retention period.
Stage 5: Background Checks
- Provide a standalone disclosure (separate from the application form) that a consumer report may be obtained (FCRA).
- Obtain the candidate's written consent before ordering the background check (FCRA).
- If considering adverse action based on the report: send a pre-adverse action notice, a copy of the report, and a summary of the candidate's rights under the FCRA. Wait a reasonable period (typically 5 business days) before making a final decision.
- If making a final adverse decision: send an adverse action notice including the name and contact information of the consumer reporting agency, a statement that the agency did not make the decision, and notice of the candidate's right to dispute the report and obtain a free copy.
- In ban-the-box jurisdictions, conduct an individualized assessment of any criminal history findings before making an adverse decision.
- Comply with state-specific background check laws, which may impose additional notice requirements, waiting periods, or restrictions on which offences can be considered.
For the complete FCRA compliance workflow with sample timelines, see our FCRA compliance in hiring guide.
Stage 6: Offers
- Ensure the salary offered complies with the FLSA minimum wage and overtime requirements for the position's classification.
- Do not base the offer on the candidate's salary history if operating in a salary history ban jurisdiction.
- Ensure the offer is consistent with pay equity requirements -- comparable roles should have comparable compensation regardless of gender, race, or other protected characteristics (Equal Pay Act, state pay equity laws).
- If the offer is contingent on a medical examination, the examination must be required of all entering employees in the same job category (ADA).
- Document the offer, including the compensation rationale, for record retention.
Stage 7: Onboarding
- Complete Form I-9 within three business days of the employee's start date (IRCA).
- Submit E-Verify case within three business days of the start date, if required (federal contractors, mandatory E-Verify states).
- Collect any required state new-hire reporting data and submit to the state directory of new hires within the applicable deadline (typically 20 days).
- File W-4 and state tax withholding forms.
- Provide required workplace notices (FLSA, FMLA, OSHA, state-specific).
- Begin the accommodation process if the new hire has disclosed a disability and requested accommodation (ADA).
Penalties for Non-Compliance
The financial consequences of recruitment compliance failures are substantial and, in many cases, cumulative -- meaning a single systemic violation can generate penalties across every affected candidate or hire. The following table summarises the penalty ranges for the most common recruitment compliance violations.
| Violation | Statute | Penalty Range | Notes |
|---|---|---|---|
| Hiring discrimination (disparate treatment or impact) | Title VII / ADA / ADEA | $50,000 -- $300,000 per claimant (compensatory + punitive damages, tiered by employer size), plus back pay, front pay, and attorney fees | Punitive damages capped by employer size: $50K (15-100 employees), $100K (101-200), $200K (201-500), $300K (500+). No cap on back pay. |
| Background check violations | FCRA | $100 -- $1,000 per violation (statutory damages for willful violations), plus actual damages and attorney fees | Class action FCRA cases routinely reach multi-million dollar settlements. A missing standalone disclosure on 1,000 applicants = potential $1M+ exposure. |
| I-9 verification failures | IRCA | $252 -- $2,507 per employee (first offence); up to $25,076 per employee (repeat violations) | Penalties apply per employee with a deficient I-9. ICE audits can cover all current employees. |
| Pay transparency violations | State laws (varies) | $1,000 -- $250,000 per violation depending on jurisdiction and repeat offence status | New York City: up to $250,000 for repeat violations. Colorado: $500 -- $10,000 per violation. |
| Failure to file EEO-1 report | Title VII / Executive Order 11246 | Compulsory compliance through court order; potential loss of federal contracts for contractors | Failure to file can trigger EEOC investigation and is considered evidence of non-compliance in discrimination cases. |
| OFCCP violations (federal contractors) | Executive Order 11246 / Section 503 / VEVRAA | Debarment from federal contracts; back pay and other make-whole relief | Debarment is the most severe sanction -- it bars the employer from all federal contracts. |
| AI bias audit non-compliance | NYC Local Law 144; state AI laws | $500 -- $1,500 per violation per day (NYC); varies by state | Each use of a non-audited AEDT on each candidate is a separate violation under NYC law. |
| Salary history inquiry violations | State/local laws | $1,000 -- $10,000 per violation depending on jurisdiction | Some jurisdictions allow private right of action; others enforce through state agencies. |
| Disability discrimination in hiring | ADA | Same as Title VII damages (up to $300,000 per claimant), plus injunctive relief and accommodation costs | Pre-offer medical inquiries are a per se violation regardless of whether discrimination occurred. |
| Retaliation against complainants | Title VII / ADA / ADEA / FCRA | Uncapped compensatory damages in many jurisdictions, plus punitive damages and attorney fees | Retaliation claims are the most common EEOC charge category (54% of all charges in FY2023). |
The Hidden Cost: Legal Defence
The penalties in the table above do not include the cost of legal defence, which is often the largest expense. According to EEOC data and employment law surveys, the median cost of defending an EEOC charge through resolution (without litigation) is approximately $30,000 -- $50,000 in legal fees. If the charge proceeds to litigation, defence costs routinely exceed $75,000 and can surpass $500,000 for complex cases or class actions. Prevention through systematic compliance is always less expensive than defence.
Record Retention Requirements
Maintaining proper records is not just a best practice -- it is a legal obligation that directly affects your ability to defend against discrimination claims. If you cannot produce records of your hiring decisions, the burden of proof effectively shifts to you in any EEOC investigation or litigation.
The following are the minimum retention periods required by federal law:
- General hiring records (applications, resumes, interview notes, screening criteria, rejection reasons): 1 year from the date the record was created or the hiring decision was made, whichever is later (Title VII, ADA, ADEA).
- Federal contractor records (for employers with 150+ employees and contracts of $150,000+): 2 years from the date the record was created or the action was taken (OFCCP).
- I-9 forms: The later of 3 years after the hire date or 1 year after the date of termination (IRCA).
- EEO-1 reports: The EEOC recommends retaining filed reports indefinitely; at minimum, retain for 3 years.
- FCRA-related documents (disclosures, authorisations, copies of consumer reports, adverse action notices): 5 years is the recommended practice, as FCRA has a 5-year statute of limitations for some claims.
- Payroll and compensation records: 3 years (FLSA). If an Equal Pay Act claim is filed, records may need to be produced going back further.
State requirements may extend these periods. California requires retention of personnel records for 4 years. Texas requires 3 years. Always apply the longest applicable retention period.
An ATS with automated retention policies can manage these timelines without manual intervention. Treegarden retains all candidate records, application materials, screening decisions, interview scores, and communication logs with timestamps, supporting the most stringent applicable retention requirements. See our guide on employment law updates for 2026 for the latest changes to retention requirements.
Audit Frequency and Self-Assessment
Compliance is not a one-time project -- it is an ongoing operational discipline. The following audit schedule represents best practice for most employers:
- Annual full compliance audit: Review all hiring policies, procedures, forms, and documentation against current federal, state, and local requirements. Update your recruitment compliance checklist. This is also the time to review and update your affirmative action plan (federal contractors).
- Quarterly metrics review: Analyse adverse impact ratios at each stage of the hiring funnel (application, screening, interview, offer) by race, sex, age, and disability status. Review I-9 completion rates. Review background check consent documentation completeness.
- Per-change audit: Any time a new law takes effect, a new state is added to your hiring footprint, or a new tool (especially an AI-based tool) is introduced into the hiring process, conduct a targeted audit before the change goes live.
- Post-complaint review: After any EEOC charge, state agency complaint, or internal complaint related to hiring, conduct a review of the specific process that generated the complaint to identify and correct the root cause.
How Treegarden Supports Compliance Audits
Treegarden's reporting module tracks selection rates by demographic group across every hiring stage, making adverse impact analysis part of your standard workflow rather than a separate manual exercise. Combined with automated record retention, audit-trail logging for every candidate action, and configurable AI screening criteria with bias monitoring, Treegarden gives your compliance team the data infrastructure they need to conduct quarterly reviews and annual audits without assembling spreadsheets from scratch.
Frequently Asked Questions
What federal laws apply to recruitment compliance in 2026?
The primary federal laws governing recruitment compliance in 2026 are Title VII of the Civil Rights Act (race, colour, religion, sex, national origin), the ADA (disability), the ADEA (age 40+), GINA (genetic information), the FCRA (background checks and consumer reports), the FLSA (wage and hour, including salary disclosures), IRCA/I-9 (employment eligibility verification), and Executive Order 11246/OFCCP regulations for federal contractors. Starting in 2026, new AI bias audit requirements from the EEOC and several states add additional compliance obligations for employers using automated hiring tools.
What are the penalties for recruitment compliance violations?
Penalties vary by statute. Title VII violations carry compensatory and punitive damages up to $300,000 per claimant (for employers with 500+ employees), plus back pay, front pay, and attorney fees. FCRA willful violations carry statutory damages of $100 to $1,000 per violation plus actual damages. I-9 violations range from $252 to $2,507 per employee for first offences and up to $25,076 for repeat violations. Pay transparency violations carry state-specific fines of $1,000 to $250,000 depending on jurisdiction. The average cost of defending an EEOC charge exceeds $75,000 in legal fees even when the employer prevails.
What is required for AI bias audits in hiring for 2026?
New York City's Local Law 144 requires annual bias audits of automated employment decision tools (AEDTs) by an independent auditor, with results published on the employer's website. Illinois requires employers to notify candidates when AI is used in video interviews and obtain consent. The EEOC's 2023 technical guidance holds employers liable for disparate impact caused by AI screening tools, regardless of whether the tool was developed by a third-party vendor. Several additional states have introduced or are considering similar legislation in 2026, making AI bias audits a growing compliance requirement nationwide.
How long must employers retain hiring records?
Federal requirements mandate that most employers retain all hiring records -- applications, resumes, interview notes, test results, and selection decisions -- for at least one year from the date the record was created or the hiring decision was made, whichever is later. Federal contractors with 150+ employees and contracts of $150,000+ must retain records for two years. OFCCP regulations require additional documentation for affirmative action plans. State laws may impose longer retention periods; California requires four years for personnel records, and several other states require three years or more.
Which states require pay transparency in job postings?
As of 2026, states requiring salary ranges in job postings include California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, New York, and Washington. New York City, Jersey City, and other municipalities have their own pay transparency ordinances. Requirements vary: some mandate disclosure in the job posting itself, others require disclosure upon request or at specific stages in the hiring process. Employers operating in multiple states must comply with the strictest applicable standard for each posting's target location.
What is ban-the-box and which states enforce it?
Ban-the-box laws prohibit employers from asking about criminal history on initial job applications. As of 2026, over 37 states and more than 150 cities and counties have adopted some form of ban-the-box legislation. The scope varies widely: some laws apply only to public employers, while others cover both public and private employers. In states like California, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, Oregon, Rhode Island, Vermont, and Washington, the law applies to private employers as well. Employers must delay criminal history inquiries until after a conditional offer or, in some jurisdictions, until after an initial interview.
How often should employers conduct a recruitment compliance audit?
Best practice is to conduct a full recruitment compliance audit at least annually, with quarterly reviews of key metrics like adverse impact ratios, I-9 completion rates, and background check consent documentation. Federal contractors subject to OFCCP must update their affirmative action plans annually. Any time a new law takes effect, a new state expansion occurs, or the employer begins using a new hiring tool (especially AI-based tools), an additional targeted audit should be completed before the change goes live.
Do small businesses need to worry about recruitment compliance?
Yes. While some federal laws have employee-count thresholds (Title VII and ADA apply at 15+ employees, ADEA at 20+), many state and local anti-discrimination laws apply to smaller employers -- California's FEHA applies at 5+ employees, and some jurisdictions cover employers with even one employee. The FCRA, I-9/IRCA, and FLSA have no employee-count threshold and apply to all employers. Pay transparency and ban-the-box laws increasingly apply to smaller employers as well. Small businesses that fail to comply face the same penalties as larger organisations.
Building Compliance Into Your Hiring Infrastructure
The recruitment compliance requirements described in this article are not aspirational goals -- they are legal obligations with concrete deadlines, documentation standards, and financial penalties. The employers who manage compliance well are not the ones with the largest legal departments; they are the ones who build compliance into their hiring infrastructure so that it operates automatically rather than depending on manual vigilance.
That means using an ATS that enforces consistent screening criteria, separates EEO self-identification data from hiring decisions, logs every candidate action with a timestamp, manages record retention automatically, and provides adverse impact reports as a standard output rather than a special project.
Treegarden is designed to meet these requirements. Every candidate interaction, screening decision, interview score, and status change is logged and retained. AI screening criteria are configurable and auditable. Demographic data is collected separately and protected by role-based access controls. And reporting tools provide the adverse impact analysis, applicant flow data, and EEO-1 data your compliance team needs without requiring them to build reports from raw data.
If your current hiring process depends on manual checklists, spreadsheet tracking, or the hope that your team members remember every requirement at every stage, you are operating with unnecessary risk. Book a demo to see how Treegarden automates compliance documentation across the full hiring workflow.