Loading
Oriana Rodriguez

Senior Technical Recruiter

Global TA — Robotics & AI

Robotics/Embedded Recruiter

Oriana Rodriguez

Senior Technical Recruiter

Global TA — Robotics & AI

Robotics/Embedded Recruiter

Download CV
Blog Post

NYC Local Law 144 for Talent Acquisition: AEDT Bias Audits, Public Posting & 10‑Day

27.09.2025 Evidence-Based Hiring, Compliance & Governance (TA) by Oriana Valentina Rodriguez Guedes
NYC Local Law 144 for Talent Acquisition: AEDT Bias Audits, Public Posting & 10‑Day

Executive Summary

This report provides a comprehensive strategic analysis of New York City's Local Law 144, which governs the use of Automated Employment Decision Tools (AEDTs) in hiring and promotion. With enforcement by the Department of Consumer and Worker Protection (DCWP) now active, compliance is an urgent operational and legal imperative. The law mandates annual independent bias audits, public disclosure of audit summaries, and advance notice to candidates. Beyond mere compliance, this regulation presents an opportunity for organizations to build more equitable hiring processes, enhance their employer brand, and gain a competitive edge in the war for talent. This summary distills the most critical insights and actionable recommendations for talent acquisition leaders, legal counsel, and HR executives.

The Compliance Clock is Ticking on Daily Violations

Enforcement of Local Law 144 began on July 5, 2023, and the law's penalty structure is designed to escalate quickly. Each day an organization uses an AEDT in violation of the law constitutes a separate violation, and failure to provide required notice to a candidate is also a distinct violation. Fines begin at $500 for a first violation and can rise to $1,500 for subsequent violations.[1] This means a single non-compliant tool used for one week could generate over $30,000 in penalties, making immediate action essential.[2] The first step is to map every tool that meets the law's "substantially assists or replaces" criteria and freeze any in-scope tool that lacks a valid, recent bias audit.[3]

The law's public disclosure requirement transforms internal compliance efforts into public-facing statements with significant legal implications.[4] Employers must post a summary of the bias audit, including impact ratios for race/ethnicity and sex categories, on their website for at least six months after the tool's last use. An impact ratio below 80% (the EEOC's "four-fifths rule" threshold) can serve as powerful prima facie evidence for a disparate impact claim under Title VII or the NYC Human Rights Law. This provides plaintiffs' attorneys and regulatory bodies with a clear starting point for investigations.[4] To mitigate this, every publicly posted audit should be paired with a privileged internal legal memo documenting the tool's "job-relatedness and business necessity" and the search for less discriminatory alternatives.[4]

Widespread Non-Compliance Creates an Opportunity for Differentiation

Despite the law being in effect, widespread non-compliance persists. A January 2024 Cornell University study indicated that many employers were not meeting the law's requirements, suggesting the DCWP may be in an initial phase of education and evidence-gathering before launching aggressive enforcement.[5] This gap creates a strategic opportunity. Organizations that achieve and visibly demonstrate early compliance can differentiate themselves as fair and transparent employers. Publicizing audit results and notice procedures can attract "fair-minded" talent and build goodwill with regulators, turning a compliance burden into a reputational asset.[6]

The Hidden Costs: Data Engineering and Vendor Management

While external audit fees, which can exceed $5,000 per audit, per job, per year, are a significant budget item, the hidden costs of internal resource effort are equally substantial.[2] The law's strict prohibition on using inferred or imputed demographic data for audits places a heavy burden on internal data engineering and HRIS teams.[7] These teams must collect, clean, and manage voluntarily self-identified demographic data, which is often incomplete.[7] Furthermore, the ultimate legal responsibility for compliance rests squarely on the employer, not the AEDT vendor. Contracts must be updated with "right-to-audit" and indemnification clauses to shift risk and ensure vendors provide the necessary data and support for audits.[8]

The Regulatory Landscape is Evolving Toward Stricter Standards

NYC's law is a bellwether, not an endpoint. A proposed bill, Int 1003-2024, seeks to create a working group within the NYC Commission on Human Rights to recommend "passing criteria" for AI tools.[5] This would shift the law from a transparency mandate to a performance-based standard, potentially banning tools that fail to meet a defined fairness threshold.[5] Proactive organizations should begin developing internal "shadow thresholds" now, aiming for impact ratios well above the 80% floor to future-proof their AI toolkit and stay ahead of a potential move toward hard bans.

1. Law at a Glance — One statute, three hard obligations govern AEDT use

NYC Local Law 144 of 2021 (Int. No. 1894-A-2020) represents a landmark effort to regulate the use of artificial intelligence and algorithms in employment decisions, aiming to bring greater transparency and fairness to the hiring and promotion process. The law establishes a clear framework of obligations for any employer or employment agency using an Automated Employment Decision Tool (AEDT) for roles connected to New York City.[9]

Local Law 144 Timeline: From enactment to enforcement in 18 months

The law followed a structured rollout, providing organizations with a window to prepare for compliance.[9]

  • Enactment Date: December 11, 2021[9]
  • Effective Date: January 1, 2023
  • Enforcement Start Date: July 5, 2023

The law is codified in the New York City Administrative Code under Title 20, Chapter 5, Subchapter 25, with implementing rules in Title 6 of the Rules of the City of New York.[8]

“Substantially Assists” Test Decoded: Sole reliance, overriding weight, overruling power

A tool is only considered an AEDT under the law if it "substantially assists or replaces" discretionary decision-making.[3] The DCWP's final rules clarify this with a specific three-pronged test. A tool falls into scope if its simplified output (like a score or ranking) is used in one of the following ways:[3]

  1. Sole Reliance: The employer relies exclusively on the tool's output to make the decision, with no other factors considered.[3]
  2. Overriding Weight: The tool's output is one of several criteria, but it is weighted more heavily than any other single factor.[3]
  3. Overruling Power: The tool's output can be used to overrule conclusions derived from other factors, including human review.[3]

This definition explicitly excludes basic productivity tools like junk email filters, spreadsheets, and databases.[3]

2. Applicability & Scope — Which jobs, tools, and geos trigger compliance

The law's reach is determined by a combination of job location, employment agency location, and candidate residency, creating a nuanced compliance map for employers.

NYC Office Linkage: Hybrid and remote roles tied to an NYC manager

Local Law 144 applies if the position has a tangible connection to New York City.[10] This trigger is met under several conditions:

  • The job requires any physical presence in an NYC office, whether full-time, part-time, or hybrid.[9]
  • The job is fully remote, but the position is "associated with" an NYC office. This association can be established if the role reports to an NYC-based manager or is part of an NYC-based team.[10]
  • An employment agency using an AEDT is located within NYC.[10]
  • An employment agency outside NYC uses an AEDT to fill a position that meets the NYC job location criteria above.

Candidate vs. Job Location: Notice only for NYC residents; audits apply regardless

The law makes a critical distinction between its general requirements (bias audits and public disclosure) and its notification requirement.

  • Bias Audits & Disclosure: These obligations are triggered by the job's location. If the role is tied to NYC as defined above, the AEDT used for that role must be audited and the results published, regardless of where the candidates reside.[10]
  • Candidate Notice: The requirement to provide a 10-business-day advance notice is triggered by the candidate's residency. The notice must be provided to job candidates or employees being considered for promotion who are residents of New York City.

3. Core Compliance Requirements — Audit, Disclosure, Notice

Local Law 144 imposes three primary, non-negotiable obligations on employers and employment agencies: conducting annual bias audits, publicly disclosing the results, and providing advance notice to candidates.

Annual Bias Audit Mechanics: Selection vs. scoring rates; 2% exclusion rule

Employers are prohibited from using an AEDT if more than one year has passed since its most recent bias audit, establishing a strict annual cadence.[11] The audit must be an impartial evaluation conducted by an independent auditor.[3]

The audit must calculate two key metrics, mirroring the EEOC's Uniform Guidelines:

  • Selection Rate or Scoring Rate: For binary outcomes (e.g., advance/reject), the audit uses the Selection Rate: the rate at which individuals in a category are selected to move forward.[3] For tools that assign a score, it uses the Scoring Rate: the rate at which individuals in a category score above the sample's median score.[3]
  • Impact Ratio: This is the central comparative metric, calculated by dividing a category's selection/scoring rate by the rate of the most favorably treated category.[3]

This analysis must be performed for sex categories, race/ethnicity categories, and, crucially, intersectional categories (e.g., Black females, Hispanic males).[11] If a category represents less than 2% of the data, it can be excluded from the impact ratio calculation, but the auditor must justify this exclusion in the public summary and still report the category's raw numbers and selection/scoring rate.[11]

Public Posting Checklist: Mandatory metrics and six-month retention

A summary of the most recent bias audit must be made "publicly and conspicuously" available on the careers section of the employer's website.[7] This summary must remain posted for at least six months after the AEDT's last use.[8]

The required content for the public summary includes:[8]

  • The date of the most recent bias audit.[7]
  • The "distribution date" of the AEDT (when the employer first started using it).[7]
  • The source and an explanation of the data used (e.g., historical vs. test data).[7]
  • The number of individuals assessed who fell into an "unknown" demographic category.[7]
  • For all required categories: the number of candidates, their selection/scoring rates, and their impact ratios.[7]

10-Day Advance Notice Playbook: Four delivery channels and evergreen shortcut

Employers must provide notice to NYC-resident candidates or employees at least 10 business days before an AEDT is used to assess them.[7] The notice must state that an AEDT will be used, specify the job qualifications and characteristics the tool will assess, and include instructions on how to request a reasonable accommodation.[9]

The law provides several flexible delivery channels:[8]

  1. In a job posting.
  2. Via U.S. mail or e-mail.
  3. In a written policy or procedure (for current employees up for promotion).
  4. On the employment section of the company website in a clear and conspicuous manner.

This last option provides an "evergreen shortcut." By posting a single, general notice on their website, employers can start the 10-day clock once. After that period, they can use the AEDT for any role without a new waiting period for each job or candidate, significantly reducing the impact on hiring timelines.[8]

4. Independent Auditor Standards — How to pass DCWP’s impartiality test

The credibility of the entire compliance regime rests on the independence of the auditor. The law defines an independent auditor not by a specific certification, but by their functional ability to exercise objective and impartial judgment.[3] To ensure this, the rules establish clear disqualifiers.

Disqualifiers Table: Development, employment, financial interest = conflict

Disqualification Category Description of Prohibited Activity
Involvement Exclusion The auditor is or was involved in using, developing, or distributing the specific AEDT being audited. This prevents auditors from evaluating their own work.[3]
Relationship Exclusion The auditor has an employment relationship with the employer/employment agency using the AEDT or with the vendor that developed or distributes it, at any point during the audit.
Financial Interest Exclusion The auditor holds a direct financial interest or a material indirect financial interest in the employer, employment agency, or vendor associated with the AEDT.

Vetting Questions That Surface Hidden Ties

To ensure compliance, employers must rigorously vet potential auditors. Key questions to ask during procurement include:

  • Disclose all past and present financial and employment relationships with our company and the AEDT vendor.
  • Describe your methodology for ensuring objective and impartial judgment throughout the audit process.
  • Confirm that no member of your audit team has ever been involved in the development, sale, or implementation of this specific AEDT.

5. Data Collection & Privacy — Navigating the ‘No Inference’ mandate

The law's data requirements for bias audits are strict, creating significant data engineering and privacy challenges for employers. The central tenet is a focus on data integrity and transparency.

Voluntary Self-ID Uptake Tactics: ATS prompts, opt-in nudges

The rules mandate that demographic data for bias audits must be collected through voluntary self-identification.[12] This ensures data is provided with consent. However, this method often leads to incomplete datasets. To improve data completion rates, organizations can implement communication campaigns explaining the purpose of the data collection (to ensure fairness) and use carefully designed prompts and "nudges" within their Applicant Tracking System (ATS) to encourage voluntary disclosure.

Prohibition on Inferred Data

Local Law 144 contains an explicit and strict prohibition against using imputed or algorithmically inferred demographic data for bias audits.[7] This means employers cannot use methods like Bayesian Improved Surname Geocoding (BISG) to guess a candidate's race or gender from their name or other data. Audits must be based on historical data collected from the employer's actual use of the tool or, if insufficient, approved test data.[7]

Handling Unknowns & Small Samples: Audit disclosure language templates

The law provides clear procedures for handling incomplete data. The public audit summary must explicitly state the number of individuals who fall into an "unknown" demographic category. These individuals are excluded from impact ratio calculations but must be reported for transparency.[12] Similarly, if a demographic category makes up less than 2% of the audit data, it can be excluded from impact ratio calculations, but the summary must include the auditor's justification and report the raw numbers for that group.[11]

Data Retention Policy Transparency

Employers must be transparent about their data practices. Information regarding the data retention policy, the type of data collected for the AEDT, and the source of that data must be made available.[12] This can be posted on the company website or provided to a candidate within 30 days of a written request.[13]

6. Enforcement & Penalties — Cost of non-compliance in dollars and lawsuits

Failure to comply with Local Law 144 carries significant financial penalties and opens the door to broader legal action. The enforcement framework is designed to ensure accountability through a two-tiered system involving both procedural and substantive oversight.

Daily Violation Math: Scenario modelling for one tool used on 100 applicants

Penalties can accumulate rapidly. The law specifies a civil penalty of up to $500 for a first violation and for each additional violation on the same day. Subsequent violations are penalized at $500 to $1,500 each.[1] Crucially, each day an AEDT is used in violation of the audit requirement is a separate violation, and each failure to provide notice to a candidate is also a separate violation. For example, using one non-compliant tool for a week could result in thousands of dollars in fines, and failing to notify 100 applicants could trigger 100 separate violations.

DCWP vs. NYC CHR: Procedural fines vs. discrimination claims

Enforcement responsibility is split between two city agencies:

  • NYC Department of Consumer and Worker Protection (DCWP): This is the primary agency for enforcing the procedural requirements of Local Law 144 itself—namely, the failure to conduct audits, publish summaries, or provide notices. Individuals can file complaints about these violations directly with the DCWP.[8]
  • NYC Commission on Human Rights (NYC CHR): The DCWP does not adjudicate claims of actual discrimination.[8] If a complaint alleges that an AEDT produced a discriminatory outcome, the DCWP refers that claim to the NYC CHR, which enforces the broader NYC Human Rights Law.[5] The law explicitly preserves the right of individuals to bring a private civil action under the NYC Human Rights Law, regardless of an employer's procedural compliance with Local Law 144.[14]

7. Operational Compliance Program — Building a defensible, scalable framework

Effective compliance with Local Law 144 requires more than a one-time audit; it demands a structured, ongoing operational program. This framework should be built on clear governance, documented procedures, and meticulous recordkeeping.[8]

A cross-functional governance team is essential for managing compliance. This team should include stakeholders from Talent Acquisition, HR, Legal, Privacy, IT/HRIS, Data Science, and Procurement.[8] A RACI (Responsible, Accountable, Consulted, Informed) matrix clarifies ownership for key tasks:

  • AEDT Inventory & Risk Assessment: Responsible: TA, Procurement; Accountable: Legal.
  • Independent Auditor Selection: Responsible: Procurement, Legal; Accountable: Legal.
  • Bias Audit Execution: Responsible: Data Science, Vendor Management; Accountable: Legal.
  • Public Disclosure & Notices: Responsible: TA, HRIS; Accountable: Legal.

Phased Roadmap: Discovery → Audit → Tech enablement → Continuous monitoring

A phased implementation ensures a structured rollout:[8]

  1. Phase 1: Discovery & Scoping (Months 1–2): Establish the governance committee, inventory all potential AEDTs, and conduct a risk assessment to determine which tools are in-scope.
  2. Phase 2: Vendor Engagement & Initial Audits (Months 2–4): Select an independent auditor, review vendor contracts for data access clauses, and conduct the first round of bias audits.
  3. Phase 3: Process & Technology Implementation (Months 4–6): Build the public-facing webpage for audit summaries, configure the ATS to manage candidate notices, and create workflows for accommodation requests.
  4. Phase 4: Go-Live & Continuous Monitoring (Ongoing): Publish audit summaries, activate new processes, train all stakeholders, and maintain an audit calendar for annual renewals.

SOP Library: New tool onboarding, annual audit cycle, candidate accommodations

Documented Standard Operating Procedures (SOPs) are critical for consistency.[8] Key SOPs should include:

  • New Tool Onboarding: A mandatory vetting process for any new hiring tool, including a compliance check, vendor due diligence, and a pre-use bias audit.[8]
  • Annual Audit Cycle: A procedure for engaging the auditor, providing data, reviewing results, and updating the public website.
  • Candidate Notice & Accommodation: A step-by-step guide for recruiters on sending and documenting notices and handling candidate requests.

Evidence Logs: What to save, where, and for how long

Meticulous recordkeeping provides a defensible audit trail.[8] Evidence logs must include:

  • All independent bias audit reports and published summaries.
  • Logs or screenshots proving when and for how long summaries were posted.
  • Records of all candidate notices sent (e.g., email copies, ATS logs).
  • Documentation of all candidate requests for accommodations and their outcomes.
  • A log of all written requests for data information and the company's responses.

8. Sector-Specific Pressure Points — Healthcare, Finance, Unionized shops

While Local Law 144 applies broadly, its requirements create unique challenges for certain sectors, stemming from their specific operational models, data practices, and labor agreements.

Case Deep-Dive: NYU Langone’s 368k applications vs. 10-day delay

The healthcare sector faces significant operational disruption from the mandatory 10-business-day notification period. In a high-volume, fast-paced hiring environment with urgent staffing needs, this delay can be an "undue hardship."[15]

NYU Langone Health highlighted this issue in its public comments, noting it processed 368,536 applications to fill 12,796 positions in FY2022, making automated screening essential.[15] The health system argued that the 10-day delay would worsen workforce shortages and impact patient care, formally requesting a sector-wide exemption for healthcare.[15]

Finance Privacy Paradox: Synthetic data banned in audits

The finance sector faces a conflict between its data privacy practices and the law's audit requirements.[8] To navigate privacy regulations, some financial firms use inferred or synthetic demographic data for internal analysis. However, Local Law 144 explicitly prohibits using such data for official bias audits.[8] This creates a compliance "catch-22," forcing firms to overhaul their data practices to rely solely on voluntarily self-identified data, which may be incomplete.[8]

CBA Collision Course: Integrating AEDTs with seniority rules

In unionized environments, using an AEDT for promotions can conflict with Collective Bargaining Agreements (CBAs) that have well-defined, seniority-based rules for job bidding.[8] An AEDT that scores employees on different metrics could contradict these established procedures. Employers in these settings must engage with union representatives before implementation to ensure the technology does not violate the CBA and to co-develop a compliant process.[15]

9. Cost, Timing & ROI — Turning expense into strategic value

Compliance with Local Law 144 involves both direct costs and operational impacts, but a strategic approach can generate a positive return on investment through risk mitigation and brand enhancement.[9]

Budget Table: External audit fees, internal FTE hours, potential fines avoided

The costs of compliance are significant and recurring, but they are dwarfed by the potential cost of non-compliance.

Cost/Benefit Category Description Estimated Financial Impact
External Audit Fees Annual cost for an independent bias audit. Can exceed $5,000 per audit, per job, per year.[2]
Internal Resource Effort Dedicated time from data engineering, HRIS, and analytics teams for data collection, cleaning, and preparation. A "substantial internal data engineering effort" representing a significant hidden cost.[7]
Potential Fines Avoided Fines for non-compliance range from $500 to $1,500 per violation, accruing daily. Can exceed $30,000 per week for a single non-compliant tool.[2]

Speed-to-Hire Recovery: Evergreen notice impact on hiring KPIs

The 10-business-day notice period can add two weeks to the hiring cycle, directly increasing time-to-fill.[9] However, this impact can be largely mitigated. Instead of providing notice on a per-job basis, employers can post a single, general notice on their website.[8] This starts the 10-day clock once, allowing the employer to use the AEDT for all subsequent roles without further delay, thereby recovering lost cycle time.[8]

The primary ROI for compliance is risk mitigation—avoiding fines and costly discrimination lawsuits.[2] A secondary ROI comes from enhancing the employer brand by demonstrating a commitment to fairness and transparency, which can attract top talent.[7]

10. Comparative Regulatory Landscape — Prepare for multi-jurisdiction alignment

NYC's Local Law 144 is a pioneering regulation, but it is part of a growing patchwork of laws governing AI in employment across the U.S. and globally. Employers operating in multiple jurisdictions must navigate these varied requirements and should consider a unified compliance strategy based on the highest common denominator.[5]

Regulation Jurisdiction Key Obligations Status
NYC Local Law 144 New York City, NY Annual independent bias audits, public disclosure of summaries, 10-business-day advance notice to candidates.[8] Enforcement began July 5, 2023.
Illinois AI Video Interview Act Illinois Notify applicants that AI will analyze video interviews, explain how it works, obtain consent, and allow deletion of videos.[8] Effective since Jan 1, 2020. Expanded notice law (HB 3773) effective Aug 2024.
Maryland HB 1202 (Facial Recognition) Maryland Prohibits use of facial recognition in interviews without explicit, signed consent detailing the purpose. Effective since Oct 1, 2020.
California ADMT Regulations California Requires pre-use and annual risk assessments for ADMT in "significant decisions," mandates notice, and grants rights to access, appeal, and opt-out of profiling.[8] Finalized July 24, 2025; effective Jan 1, 2026.
EU AI Act European Union Classifies employment AI as "high-risk," imposing comprehensive risk management, data governance, human oversight, and accuracy standards. Bans some practices like emotion inference. High-risk rules apply Aug 2, 2025. Emotion inference ban effective Feb 2, 2025.
Canada's AIDA Canada Proposed law expected to classify "high-impact" systems, triggering risk management, impact assessments, and transparency obligations. Still under development as of Sep 2025.

11. Future Outlook & Adaptive Governance — Staying ahead of moving targets

The regulatory environment for AI in employment is dynamic. Compliance today does not guarantee compliance tomorrow. Organizations must adopt an adaptive governance strategy to anticipate and respond to changes in the law and its enforcement.

Int 1003-2024 Watchlist: Possible pass/fail thresholds ahead

A significant potential change is NYC Council bill Int 1003-2024, introduced on August 15, 2024.[5] This bill would create an AI Working Group within the NYC Commission on Human Rights tasked with recommending "passing criteria" for AI tools.[5] This would mark a major shift from the current transparency-focused regime to a performance-based one, where tools could be banned for failing to meet a specific fairness threshold.[5]

Litigation Early Signals: How public audits may seed class actions

While no public enforcement actions have been reported by the DCWP as of September 2025, the public disclosure of bias audits creates a fertile ground for private litigation.[5] Legal analyses consistently highlight the risk of lawsuits from individuals alleging discrimination, using the publicly posted impact ratios as initial evidence.[5] Court decisions in these cases could set binding precedents on ambiguous terms in the law, such as what constitutes "substantially assists."[5]

Horizon-Scanning Playbook: Quarterly law and case-law reviews

  1. Horizon-Scanning: Regularly monitor the NYC Council Legistar platform, the DCWP website, and legal news for legislative updates, new guidance, and litigation trends.[5]
  2. Change Management Playbooks: Develop internal procedures for quickly adapting to new rules, including updating policies and retraining staff.[5]
  3. Proactive Compliance: Go beyond the letter of the law by rigorously vetting auditors and conducting regular internal reviews of AEDTs.[5]
  4. Unified Framework: For multi-jurisdiction employers, align with a robust standard like the NIST AI Risk Management Framework (RMF) to create a defensible and adaptable program.[5]

12. Action Checklist & Quick-Start Toolkit — 30-day, 90-day, 1-year milestones

Achieving and maintaining compliance with Local Law 144 requires a structured, time-bound action plan. The following checklist outlines key milestones for building a robust and defensible program.

Immediate: 30-Day Actions

  • Inventory All Tools: Create a comprehensive inventory of all software and automated systems used in hiring and promotion.
  • Conduct Risk Assessment: In partnership with Legal, assess each tool against the "substantially assists or replaces" criteria to determine which are in-scope AEDTs.[3]
  • Freeze Non-Compliant Tools: Immediately halt the use of any in-scope AEDT that does not have a valid bias audit conducted within the last year.[11]
  • Issue Evergreen Notice: Post a general, non-position-specific notice on the employment section of your website to start the 10-day clock and mitigate hiring delays.[8]

Near-Term: 90-Day Actions

  • Establish Governance Committee: Form a cross-functional team with a clear RACI matrix to oversee compliance.[8]
  • Secure Vendor Audit Rights: Begin reviewing all AEDT vendor contracts. Add riders for "right-to-audit," data access, and full indemnification. Make these a condition of renewal.[8]
  • Engage an Independent Auditor: Vet and select a qualified independent auditor that meets the law's strict impartiality standards.[7]
  • Boost Self-ID Rates: Launch a communication campaign and implement ATS nudges to increase the rate of voluntary demographic self-identification from candidates.

Long-Term: 1-Year Actions

  • Conduct First Annual Audit Cycle: Work with your auditor to complete the first round of bias audits using your historical data.[11]
  • Develop SOPs and Evidence Logs: Create and document SOPs for new tool onboarding, the annual audit cycle, and candidate requests. Establish meticulous evidence logs for all compliance activities.
  • Implement Shadow Thresholds: In anticipation of future "pass/fail" criteria, establish internal fairness thresholds (e.g., an impact ratio floor of 0.85) and create a plan to sunset or modify tools that do not meet them.[5]
  • Align with NIST AI RMF: Integrate your compliance program into a broader, holistic AI governance framework like the NIST AI Risk Management Framework to ensure a defensible, adaptable, and scalable approach to managing AI risk.[5]

Conclusions

New York City’s Local Law 144 is not a narrow compliance task; it is a public scoreboard that rewires how selection tools are designed, governed, and defended. Once enforcement began on July 5, 2023, the economics changed: every day an in‑scope Automated Employment Decision Tool runs without a current independent audit, and every day notice is not properly given, becomes a separate, fineable event. That penalty cadence, combined with mandatory public posting of impact ratios by sex, race/ethnicity, and their intersections, turns fairness from an internal aspiration into an externally testable claim that plaintiffs’ attorneys and regulators can interrogate with a single screenshot. The winning posture is therefore to treat Local Law 144 as a design specification for an “evidence‑grade” hiring system.

Start by mapping every tool that “substantially assists or replaces” discretion under the law’s three‑prong test—sole reliance, overriding weight, or overruling power—and freeze anything in scope that lacks a valid audit. Then rebuild the funnel so proof comes first: configure your Applicant Tracking System to collect voluntary self‑identification at the earliest legitimate moment, explain to candidates that data will be used only for aggregate fairness auditing, and implement gentle opt‑in nudges to raise completion rates without coercion. Because the law bars inferred demographics and permits exclusion of cells under two percent only with explicit justification, your data engineering challenge is not to “fill the gaps” with proxies but to reduce “unknowns” through consent‑driven design and to disclose small‑cell treatment transparently in the public summary.

The independent audit itself must do more than compute selection or scoring rates and the 4/5ths impact ratio. While Local Law 144 does not require statistical significance testing, pairing your public ratios with a privileged, attorney‑client analysis that applies appropriate tests for your sample sizes (for example, Fisher’s exact test where cells are sparse) and documents job‑relatedness and less discriminatory alternatives converts a transparency duty into a legally defensible record. Post only what is required; retain everything else under privilege.

Use the “evergreen notice” mechanism to recover cycle time: place a conspicuous, standing notice on the careers site that starts the ten‑business‑day clock once, and keep requisitions moving without resetting it for each role. Select auditors who can pass the city’s impartiality standard in fact and appearance: no development ties to the tool, no employment relationship with you or the vendor, and no direct or material indirect financial interest. Rotate audit firms or teams across models and years to preserve independence, insist on documented methods, and require dataset lineage and versioning so the public “distribution date” and the “last audit date” can be traced to specific model builds.

Expect sector‑specific friction and design around it. In healthcare, where ten business days can affect patient coverage, pre‑notice through the evergreen route is operationally essential; in finance, where privacy programs often rely on synthetic or inferred demographics, rebuild pipelines to rely solely on self‑identified data for official audits; in unionized settings, analyze promotion tools against seniority provisions in collective bargaining agreements and co‑design AEDT usage with union representatives before piloting.

Contracts should reflect that employers—not vendors—own the compliance risk: hard‑code audit rights, data‑access service levels, change‑notification duties for any model or threshold update, indemnification that is not capped to subscription fees, explicit bans on vendor reuse of your data to train generalized models, and a documented rollback plan if an audit fails or a “pass/fail” regime is later adopted.

Anticipate where the law is headed, not just where it is: proposals like Int 1003‑2024 point to performance thresholds that could move the regime from disclosure to outright bans of underperforming tools. Act now by setting internal “shadow floors” above the four‑fifths heuristic—many employers can hold an 0.85 impact ratio floor in practice—and by retiring tools that cannot meet that bar without job‑related validation. Operate monitoring like reliability engineering rather than compliance theater: track the share of candidates with known demographics, adverse‑impact ratios by required categories and intersections, and a fixed incident‑to‑closure target (for example, thirty days) that ends in one of four dispositions—algorithm modification, substitution with a less discriminatory alternative, formal validation, or discontinuation.

Document it all in an evidence log that proves audits were independent and timely, notices were sent through approved channels, summaries were publicly posted for the required six months, and accommodation requests were handled through a clear, four‑step workflow. Finally, accept that Local Law 144 is the opening move in a multi‑jurisdiction endgame. Align your program to the strictest common denominator now—New York City’s audit cadence and disclosure discipline, California’s record‑keeping horizons, consent rules from Illinois and Maryland, and the European Union’s high‑risk controls—so that evidence can travel, auditors can replicate, and counsel can defend. Organizations that do this will not just avoid fines; they will convert a statutory obligation into a durable talent advantage by signaling to candidates, regulators, and the market that their hiring decisions can withstand daylight, replication, and cross‑examination.

Key insights to take away and share

  • Treat Local Law 144 as a design spec for evidence‑grade hiring: map tools to the “substantially assists” test, freeze what lacks a current audit, and rebuild data collection around consent—not inference.
  • Use public posting as a strategic lever: pair required summaries with a privileged validation memo (significance testing, job‑relatedness, and less discriminatory alternatives) to turn transparency into defensibility.
  • Recover speed with the evergreen notice and preserve independence with auditor rotation, method documentation, and strict dataset lineage and model versioning.
  • Engineer for sector realities: pre‑notice in healthcare, self‑ID only in finance, and union co‑design for promotion tools that intersect with seniority rules.
  • Contract for accountability: audit rights with service levels, uncapped indemnification tied to fairness warranties, change‑notification triggers, data‑use bans, and rollback clauses.
  • Get ahead of “pass/fail” futures by adopting internal impact‑ratio floors (for example, 0.85) and sunsetting tools that cannot meet them without rigorous validation.
  • Run fairness like SRE: a small set of real‑time KPIs, a thirty‑day remediation playbook, and an evidence log that proves independence, timeliness, posting, and accommodations—ready for regulators, courts, and candidates.

References

  1. https://www.littler.com/news-analysis/asap/what-does-2025-artificial-intelligence-legislative-and-regulatory-landscape-look↩︎↩︎
  2. https://www.nortonrosefulbright.com/en-us/knowledge/publications/e90da0c0/new-york-city-begins-enforcing-restrictions-on-the-use-of-artificial-intelligence↩︎↩︎↩︎↩︎↩︎
  3. https://codelibrary.amlegal.com/codes/newyorkcity/latest/NYCrules/0-0-0-138393↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎
  4. https://perkinscoie.com/insights/update/new-york-city-adopts-final-rules-law-governing-automated-employment-decision-tools↩︎↩︎↩︎
  5. https://intro.nyc/1003-2024+↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎
  6. https://www.talivity.com/industry-insights/nyc-local-law-144-a-guide-for-talent-acquisition-compliance/↩︎
  7. https://www.nyc.gov/assets/dca/downloads/pdf/about/DCWP-AEDT-FAQ.pdf↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎
  8. https://rules.cityofnewyork.us/wp-content/uploads/2023/04/DCWP-NOA-for-Use-of-Automated-Employment-Decisionmaking-Tools-2.pdf↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎↩︎
  9. https://s3.amazonaws.com/IGG/AI+Part+1+-+Materials/City+of+NY+-+Local+Law+144+of+2021.pdf↩︎↩︎↩︎↩︎↩︎↩︎↩︎
  10. https://www.lawandtheworkplace.com/wp-content/uploads/sites/29/2023/03/Local-Law-144.pdf↩︎↩︎↩︎↩︎
  11. https://codelibrary.amlegal.com/codes/newyorkcity/latest/NYCrules/0-0-0-138530↩︎↩︎↩︎↩︎↩︎↩︎
  12. https://www.nycbiasaudit.com/↩︎↩︎↩︎
  13. https://www.deloitte.com/us/en/services/audit-assurance/articles/nyc-local-law-144-algorithmic-bias.html↩︎
  14. https://www.nyc.gov/site/cchr/law/title-47-index.page↩︎
  15. https://rules.cityofnewyork.us/rule/automated-employment-decision-tools-updated/↩︎↩︎↩︎↩︎

Back to top ↑

Tags:
Write a comment