Introduction
Generative artificial intelligence (GenAI) is revolutionizing various industries, particularly in workplace settings [4]. Its integration into human resources (HR) practices, such as recruitment and decision-making, is transforming how organizations operate. However, the rapid adoption of GenAI raises significant legal and ethical concerns, prompting legislative actions at both state and federal levels to address potential misuse and discrimination.
Description
Generative artificial intelligence (GenAI) is rapidly transforming industries, particularly in workplace settings [4], where it is increasingly utilized by human resources (HR) leaders for various employment practices, including recruitment and decision-making. Its capabilities in natural language understanding and generation facilitate tasks such as content creation [2], chatbot development [2], programming [2], and language translation [2]. However, the integration of AI systems [3], such as algorithm-based tools [3], has raised concerns about potential misuse and discrimination [3], prompting numerous states to enact or consider legislation aimed at protecting workers and job applicants.
As the adoption of GenAI continues to evolve [1], states like Colorado have introduced laws targeting “high-risk” AI systems that may lead to algorithmic discrimination in employment decisions [3], including hiring and promotions [3]. Effective February 1, 2026 [3], employers with 50 or more full-time employees in Colorado must implement risk management policies [3], conduct annual impact assessments [3], and notify individuals if AI influenced employment decisions [3]. Similarly, Illinois has enacted the Artificial Intelligence Video Interview Act (AIVIA) [3], which mandates transparency and consent for AI use in video interviews [3], alongside an amendment to the Human Rights Act prohibiting AI-facilitated discrimination across all employment areas [3], effective January 1, 2026 [3].
Other states have also taken steps to regulate AI in the workplace. Maryland’s 2020 law restricts the use of facial recognition during job interviews without explicit consent [3], while New Jersey’s Attorney General has clarified that existing anti-discrimination laws apply to AI-driven decisions [3]. New York City’s Local Law 144 [3], effective in 2023 [3], requires bias audits for automated employment decision tools [3], with audit results made public and notifications provided to applicants [3].
At the federal level [3], the Biden administration has focused on raising awareness and establishing guidelines rather than imposing strict regulations on AI in the workplace [3]. Existing employment discrimination statutes [3], such as Title VII [3], are expected to remain the primary legal recourse for addressing AI-related discrimination [3]. A notable class-action case in California underscores the legal scrutiny surrounding AI in employment [3], demonstrating that traditional anti-discrimination laws may apply even in the absence of specific AI regulations [3]. The outcomes of such cases could shape the legal landscape and influence the need for further legislation [3].
To effectively manage the legal and compliance risks associated with GenAI [1], organizations should initiate a Data Protection Impact Assessment (DPIA) when implementing these tools [2]. This assessment evaluates the potential impact of data processing on personal data protection [2], particularly when such processing poses a high risk to individual rights and freedoms [2]. It is essential for legal [4], HR [4], and IT teams to collaborate in reviewing the technology deployed [4], identifying risks [1] [2], assessing their severity [2], and recommending mitigation measures to ensure compliance with federal and state employment, privacy [1] [2] [4], and AI laws [4].
Employers must understand the algorithms and data underlying these technologies to mitigate risks of class actions related to privacy violations [4], AI regulations [1] [2] [3] [4], and employment claims [4], including allegations of disparate impact discrimination and wage and hour violations [4]. Key areas of focus include recent legal developments regarding GenAI in the workplace [4], compliance strategies [1] [4], and proactive measures to minimize legal risks [4]. Companies must navigate potential claims of improper copying of protected works and ensure compliance with laws safeguarding confidential information while being vigilant against biases or discrimination that may arise from AI systems.
Directors hold significant responsibility in overseeing the ethical [1], strategic [1] [4], legal [1] [2] [3] [4], and compliance aspects of GenAI [1]. They must ensure that the deployment of these technologies aligns with the company’s values and regulatory requirements while addressing risks related to bias [1], data privacy [1] [2] [4], transparency [1] [2] [3], and accountability [1] [2]. This includes guiding management in formulating AI governance policies to ensure responsible use and mitigate potential harms [1]. Organizations are required to uphold the principle of accountability [2], demonstrating compliance with data protection principles [2], ensuring data privacy by design [2], and maintaining records of processing activities [2].
Given that many GenAI providers operate internationally [2], organizations must consider the implications of data transfers under the General Data Protection Regulation (GDPR) [2]. Compliance with GDPR requires ensuring the privacy and security of individual rights and data [2], even for transfers outside the UK and European Economic Area [2]. Organizations should ascertain whether data transfers occur and implement appropriate safeguards [2], closely consulting the European Data Protection Board’s Guidelines 05/2021 to accurately apply the criteria for identifying data transfers.
Training for staff involved in hiring processes is crucial to ensure they understand the AI systems in use and can effectively communicate the processes to applicants [4]. Additionally, it is important to accommodate individuals with disabilities by providing alternative options if the technology may disproportionately affect them [4]. Establishing robust governance frameworks in collaboration with management [1], legal counsel [1] [3] [4], and AI ethics experts is essential for balancing innovation with risk management [1]. Regular audits and evaluations of AI systems are necessary to identify and mitigate biases [2], and organizations should create clear guidelines and policies for the ethical use of GenAI [2], ensuring responsible and transparent usage [2].
The introduction of GenAI into business operations may necessitate updates to privacy notices [2], documented decision-making processes [2], and appropriate contractual protections [2]. Legal advice may be required based on the nature of the data input into the system and the intended uses of the results [2]. While proper implementation is crucial and may require time [2], the potential benefits of effectively integrated GenAI are significant [2], and caution may be warranted until comprehensive policy frameworks are developed to protect individual and commercial rights [1], although this may also lead to missed growth opportunities [1].
Conclusion
The integration of GenAI into workplace settings presents both opportunities and challenges. While it offers significant benefits in terms of efficiency and innovation, it also necessitates careful consideration of legal, ethical [1] [2], and compliance issues [1]. Organizations must navigate a complex landscape of regulations and potential risks, ensuring that their use of GenAI aligns with both legal requirements and ethical standards. As the legal framework continues to evolve, companies must remain vigilant and proactive in addressing the implications of GenAI to harness its potential while safeguarding against misuse and discrimination.
References
[1] https://www.privatecompanydirector.com/the-legal-and-compliance-risks-of-generative-ai/
[2] https://www.mills-reeve.com/blogs/technology/may-2025/data-protection-considerations-for-integrating-generative-ai-in-the-workplace/
[3] https://www.lexisnexis.com/community/insights/legal/practical-guidance-journal/b/pa/posts/regulating-ai-in-the-workplace-in-2025
[4] https://www.jdsupra.com/legalnews/risk-management-in-the-modern-era-of-7044491/
