AI Compliance and Legal Risks Grow

- Under the EU's AI Act, fines for non-compliance can be severe, reaching up to €35 million or 7% of a company's total worldwide annual turnover for the preceding financial year, whichever is higher, for prohibited AI practices. For other violations, penalties can be up to €15 million or 3% of turnover. - AI systems used in employment, worker management, and recruitment are classified as "high-risk" under the EU AI Act. This classification mandates stringent compliance measures, including risk management systems, human oversight, and robust documentation. - In the U.S., there is a growing patchwork of state and local laws, with New York City's Local Law 144 requiring annual independent bias audits for automated employment decision tools. California's regulations, effective October 2025, also mandate proactive bias testing and meaningful human oversight for automated decision systems in employment. - Canada’s proposed Artificial Intelligence and Data Act (AIDA) stalled in parliament and has not been enacted into law, leaving a gap in national AI regulation. In the interim, the Canadian government has introduced a voluntary code of conduct for the responsible management of generative AI systems. - The legal principle of "explainable AI" (XAI) is gaining prominence, pushing organizations to be able to explain how their AI models arrive at a decision. This is crucial in HR to defend against discrimination claims and is a key component of emerging regulations. - AI impact assessments are becoming a standard due diligence practice to identify and mitigate risks before deploying AI systems. These assessments go beyond data privacy to evaluate fairness, accountability, and potential societal harm. - Legal precedent is emerging that holds both the employers using AI tools and the vendors who create them liable for discriminatory outcomes. Courts are clarifying that companies cannot avoid liability by blaming "the machine," especially when harm is foreseeable.