Your AI hiring vendors are partners in compliance — or liabilities waiting to happen. Before adopting new AI tools or renewing existing contracts, conduct thorough due diligence to ensure vendors can support your compliance obligations.
Why Vendor Assessment Matters
Under most AI hiring laws, the employer is ultimately responsible for compliance, not the vendor. However, vendors control critical information and capabilities you need:
- Access to bias audit data and results
- Documentation of AI functionality
- Data for impact assessments
- Support for candidate disclosure requirements
- Ability to implement opt-outs
Key Insight
If your vendor can't or won't provide the information you need for compliance, you have two choices: replace the vendor or accept significant legal risk. Assess this before signing contracts, not after.
Assessment Framework
Evaluate vendors across four dimensions:
- Transparency: Do they explain how their AI works?
- Compliance Support: Do they provide tools and data for compliance?
- Testing: Have they tested for bias and discrimination?
- Responsiveness: Can they support opt-outs and candidate requests?
Questions to Ask Vendors
AI Functionality & Transparency
- Does your product use AI, machine learning, or automated decision-making?
- What specific AI techniques are used (e.g., NLP, computer vision, ML ranking)?
- What data does the AI analyze to generate outputs?
- What outputs does the AI produce (scores, rankings, classifications, recommendations)?
- How should humans interpret and use these outputs?
- Can you provide documentation explaining the AI logic for candidate disclosures?
- What are the known limitations of your AI?
Bias Testing & Audits
- Has your AI been tested for bias or adverse impact?
- Can you provide bias audit results compliant with NYC Local Law 144?
- Who conducted the audit? Was it independent?
- What demographic groups were tested?
- What were the impact ratios for each group?
- If adverse impact was found, what mitigation steps were taken?
- How often do you conduct bias audits?
- Can you support audits using our historical data?
Compliance Documentation
- Do you provide documentation for Colorado AI Act impact assessments?
- Do you provide documentation for California CCPA risk assessments?
- Can you provide plain-language explanations for candidate disclosures?
- What records do you maintain that we can access?
- How long do you retain data?
- Can you provide data exports for our compliance records?
Candidate Rights Support
- Can candidates opt out of AI processing?
- How would an opt-out be implemented technically?
- Can you identify which candidates were processed by AI?
- If a candidate requests information about AI use in their application, what can you provide?
- Can the AI decision be reversed or reconsidered?
- What human override capabilities exist?
Data & Training
- What data was used to train your AI model?
- Was the training data tested for demographic representativeness?
- Is our data used to train or improve your AI?
- Do you use candidate data for purposes other than our hiring process?
- How do you ensure training data quality?
Red Flags
Be cautious if a vendor:
- Claims no AI: If they use ML, NLP, or algorithmic scoring, it's likely AI
- Won't share bias testing: Either they haven't tested or results are concerning
- Can't explain outputs: "Black box" AI is a compliance risk
- Refuses documentation: You need this for impact assessments
- Can't support opt-outs: Required under California and Colorado laws
- Has no independent audit: Especially problematic for NYC compliance
- Vague about data use: Could indicate broader data sharing
- Unresponsive to compliance questions: Support won't improve post-contract
Best Practice
Request compliance documentation before contract signing, not after. Vendors are more responsive during the sales process. Get commitments in writing before you're locked in.
Vendor Assessment Scorecard
Rate each vendor on a 1-5 scale (1=Poor, 5=Excellent):
| Criterion | Weight | Score (1-5) | Weighted |
|---|---|---|---|
| AI functionality transparency | 15% | ___ | ___ |
| Bias audit availability | 20% | ___ | ___ |
| Bias testing results | 15% | ___ | ___ |
| Documentation quality | 15% | ___ | ___ |
| Opt-out capability | 10% | ___ | ___ |
| Data access for monitoring | 10% | ___ | ___ |
| Responsiveness to questions | 10% | ___ | ___ |
| Data privacy practices | 5% | ___ | ___ |
| Total | 100% | ___ |
Score interpretation: 4.0+ Excellent | 3.0-3.9 Acceptable | 2.0-2.9 Concerning | <2.0 Avoid
Contract Provisions
Include these provisions in vendor agreements:
Documentation & Audit Rights
- Vendor will provide documentation sufficient for employer's disclosure obligations
- Vendor will conduct or support annual bias audits compliant with NYC Local Law 144
- Vendor will provide data access for employer's impact assessments
- Vendor will maintain and provide records for at least 4 years
- Employer has right to audit vendor compliance
Notification & Changes
- Vendor will notify employer 60 days before material changes to AI functionality
- Vendor will provide updated documentation following changes
- Vendor will notify employer of adverse bias audit results within 5 days
Support Obligations
- Vendor will support employer in responding to candidate access requests
- Vendor will provide technical capability to implement opt-outs
- Vendor will cooperate with regulatory inquiries
Representations & Warranties
- Vendor represents AI has been tested for bias with results provided to employer
- Vendor warrants it will comply with applicable AI regulations
- Vendor will indemnify employer for compliance failures caused by vendor
Ongoing Vendor Management
Annual Review
- ☐ Request updated bias audit results
- ☐ Review any AI functionality changes
- ☐ Update your impact assessment documentation
- ☐ Verify data retention practices
- ☐ Reassess vendor scorecard
Trigger-Based Review
Reassess vendors when:
- New regulations take effect
- Vendor releases major updates
- Bias issues are discovered
- Candidate complaints arise
- Contract renewal approaches
Sample Request Letter
Subject: AI Hiring Compliance Documentation Request
Dear [Vendor Contact],
As part of our AI hiring compliance program, we are requesting the following documentation for [Product Name]:
- Description of AI/ML functionality and how outputs are generated
- Most recent independent bias audit results
- Plain-language disclosure template for candidates
- Information about data inputs and how they influence outputs
- Documentation for impact/risk assessment purposes
- Technical specifications for implementing candidate opt-outs
This information is needed to support our compliance with NYC Local Law 144, Illinois HB 3773, Colorado AI Act, and California CCPA ADMT requirements.
Please provide the requested documentation by [date]. Contact me if you have questions.
Related Resources
- Building a Compliance Program
- What Counts as AI in Hiring?
- NYC Local Law 144 Guide
- Colorado AI Act Guide
- Free Compliance Scorecard
Disclaimer: This content is for informational purposes only and does not constitute legal advice. Employment laws vary by jurisdiction and change frequently. Consult a qualified employment attorney for guidance specific to your situation. EmployArmor provides compliance tools and resources but is not a law firm.