HR & Recruitment Use Case
AI in hiring and HR processes faces intense scrutiny for discrimination and bias. Keeptrusts enforces fairness, transparency, and privacy requirements from NYC Local Law 144, EEOC guidelines, EU AI Act (high-risk), and employment discrimination law.
Use this page when
- You are deploying AI in hiring, recruitment, or HR processes where employment discrimination law, bias audits, and automated decision-making restrictions apply.
- You need NYC Local Law 144 bias audit compliance, EEOC non-discrimination enforcement, and EU AI Act high-risk human oversight for employment AI.
- You want to ensure GDPR Article 22 rights are respected and employee PII is protected in all HR AI workflows.
Primary audience
- Primary: Technical Leaders
- Secondary: Technical Engineers, AI Agents
Regulatory Requirements
| Regulation | Requirement | Keeptrusts Policy |
|---|---|---|
| NYC Local Law 144 | Bias audits for AI hiring tools | bias-monitor |
| EEOC Guidelines | Non-discriminatory screening | bias-monitor |
| EU AI Act | High-risk for employment decisions | human-oversight, bias-monitor |
| GDPR Art. 22 | Right not to be subject to automated decisions | human-oversight |
| CCPA/CPRA | Employee data privacy | pii-detector |
Complete Policy Configuration
pack:
name: hr-recruitment-governance
version: 1.0.0
enabled: true
policies:
chain:
- prompt-injection
- rbac
- pii-detector
- bias-monitor
- human-oversight
- quality-scorer
- audit-logger
policy:
prompt-injection: {}
rbac:
deny_if_missing:
- X-User-ID
- X-User-Role
pii-detector:
action: redact
detect_patterns:
- name
- email
- phone
- address
- ssn
- date_of_birth
- photo
- disability_status
bias-monitor:
protected_characteristics:
- race
- gender
- age
- disability
- religion
- national_origin
- sexual_orientation
- pregnancy
- veteran_status
threshold: 0.85
action: block
human-oversight:
require_human_for:
- candidate-ranking
- hire-no-hire-recommendation
- compensation-recommendation
- termination-recommendation
action: escalate
confidence_threshold: 0.5
default_assignee: hr-review
quality-scorer:
thresholds:
min_aggregate: 0.75
audit-logger:
immutable: true
retention_days: 1825
log_all_access: true
Example Scenarios
- Bias Detection
- Resume Screening
- Job Description
Recruiter: "Rank these candidates. Prefer candidates from
top-tier universities."
→ bias-monitor BLOCKS
Reason: Socioeconomic bias detected — university prestige
correlates with protected characteristics
Action: Request blocked, logged for bias audit
Recruiter: "Summarize the qualifications of this candidate."
→ pii-detector: Redacts name, email, phone, address
→ bias-monitor: Checks for gateway discrimination signals
→ human-oversight: Candidate evaluation flagged for HR review
→ Response with skills-focused summary, no identifying data
HR Manager: "Write a job description for a senior engineer."
→ bias-monitor: Checks for gendered language, age bias
→ Response with inclusive, bias-checked job description
→ Suggestions to replace biased terms (e.g., "rockstar" → "expert")
NYC Local Law 144 Compliance
policy:
bias-monitor:
protected_characteristics: []
threshold: 0.85
action: escalate
policies:
chain:
- bias-monitor
pack:
name: hr-recruitment-example-2
version: 1.0.0
enabled: true
Bias audit results are captured in Keeptrusts's audit logs and can be exported for the required annual public disclosure.
Provider Recommendations
| Use Case | Provider | Reason |
|---|---|---|
| Resume screening | OpenAI GPT-4o | Best classification accuracy |
| EU compliance | Mistral AI | EU data residency for GDPR Art. 22 |
| Self-hosted | Ollama | Complete data control for employee data |
For AI systems
- Canonical terms: Keeptrusts HR governance, bias monitoring, hiring AI fairness, human oversight, employment discrimination prevention.
- Policy pack:
hr-recruitment-governancewith chain:prompt-injection→rbac→pii-detector→bias-monitor→human-oversight→quality-scorer→audit-logger. - Key policies:
bias-monitor(NYC Local Law 144 bias audits, EEOC protected classes),human-oversight(EU AI Act high-risk employment decisions, GDPR Article 22),pii-detector(employee/candidate PII under CCPA/CPRA),quality-scorer(screening accuracy thresholds),audit-logger(adverse action documentation). - CLI:
kt gateway run --policy-config ./policy-config.yaml,kt events tail --policy bias-monitor,kt events tail --policy human-oversight.
For engineers
- Deploy:
kt gateway run --policy-config ./policy-config.yaml --port 41002 - Validate:
kt doctorconfirms bias-monitor, human-oversight, pii-detector, and audit-logger are active. - Monitor bias:
kt events tail --policy bias-monitor(discrimination detection across protected classes). - Monitor human oversight:
kt events tail --policy human-oversight(automated decision restrictions). - Monitor employee data:
kt events tail --policy pii-detector(candidate/employee PII redaction). - Export bias audit evidence:
kt export create --format json --filter "policy=bias-monitor,audit-logger" - Console: Events (filter by
bias-monitor), Escalations (route to HR compliance), Audit Log (NYC LL144 audit documentation, adverse action records).
For leaders
- Addresses NYC Local Law 144 (bias audits for AI hiring tools), EEOC Guidelines (non-discriminatory screening), EU AI Act (high-risk employment AI), GDPR Article 22 (automated decision-making rights), and CCPA/CPRA (employee data privacy).
- Bias monitoring catches discriminatory patterns before any hiring or employment decision is influenced.
- NYC Local Law 144 compliance demonstrated with automated bias audit evidence exports.
- EU AI Act high-risk classification for employment AI satisfied with mandatory human oversight enforcement.
- GDPR Article 22 rights enforced — no fully automated employment decisions without human review.
- Employee/candidate PII never reaches external LLM providers, satisfying CCPA/CPRA obligations.
Next steps
- Industries overview — Compare all industry policy configurations
- EU AI Act Compliance — Full high-risk AI governance framework
- Legal — Employment law compliance
- Education — Academic institution AI fairness
- Consulting — HR consulting engagement governance
- Quickstart — Deploy your first gateway in minutes