Where AI in HR creates the most governance risk

HR teams deploying AI face governance obligations that span three distinct phases of the employment relationship. Getting any one of them wrong creates material legal, reputational, and operational risk.

Recruitment and selection AI: the highest-scrutiny phase

AI in recruitment attracts the most regulatory attention globally because it is where algorithmic discrimination is most consequential β€” affecting who gets employment opportunities at all.

The core obligation in every major jurisdiction is disparate impact testing: does the AI produce significantly different outcomes for applicants from different protected groups? In the US, the EEOC's May 2023 technical guidance confirms that Title VII applies to AI hiring tools even from third-party vendors, and that the employer bears responsibility for discriminatory outcomes. In the UK, indirect discrimination under the Equality Act 2010 applies to AI screening tools. In the EU, AI employment systems are Annex III high-risk under the EU AI Act β€” full conformity assessment and human oversight obligations apply. In Australia, the Racial Discrimination Act, Sex Discrimination Act, Disability Discrimination Act, and Age Discrimination Act all apply to discriminatory AI hiring outcomes.

Before deploying any AI recruitment tool: require the vendor to provide bias testing data across all relevant protected characteristics in your jurisdiction; conduct your own disparate impact analysis using the four-fifths rule as a starting point; implement a genuine human review of AI recommendations before decisions are made; document your bias testing and human review processes; and review candidate-facing materials to ensure disclosure of AI use where required (NYC LL144, Illinois AI Video Interview Act, and GDPR/UK GDPR transparency obligations).

AI in performance management: the consent and process challenge

Performance management AI β€” productivity tracking, quality scoring, algorithmic KPI setting β€” creates three distinct governance challenges.

First, transparency: employees must be informed that AI is used to assess their performance. Under the Australian Privacy Act, GDPR, and UK GDPR, privacy notices must be updated to reflect AI use in performance management. From December 2026, the Australian Privacy Act requires specific disclosure of substantially automated decision-making in privacy policies. The ICO's Employment Practices code requires UK employers to disclose workplace monitoring in accessible form.

Second, accuracy and contestability: AI performance scores are only as good as the underlying metrics. An AI that measures keystrokes per hour captures output quantity but not quality, context, or collaboration. Disciplinary action based on AI-generated performance data that is systematically biased or captures the wrong signals is likely to fail procedural fairness requirements in unfair dismissal proceedings. Give employees the ability to contest AI-generated performance data and implement a human review of assessments before they trigger disciplinary consequences.

Third, psychosocial risk: AI performance monitoring creates documented psychosocial hazards in Australian workplaces under the WHS framework. Constant surveillance, unpredictable algorithmic targets, and opaque scoring create the conditions for work-related psychological harm. Employers must assess and control these risks under state and territory psychosocial hazard regulations (Victoria: 1 December 2025 commencement; all other jurisdictions: already in effect).

AI in workforce planning: restructuring and redundancy

AI is increasingly used to model workforce scenarios, identify efficiency opportunities, and rank employees for potential redundancy. This use case attracts the most serious legal risk because it directly affects job security.

In Australia, the Fair Work Act requires genuine consultation before significant workplace changes, including redundancies. Where AI modelling is used to identify redundant roles, the employer must be able to explain and justify the selection criteria to affected employees and their representatives, and the model's outputs must be subject to genuine human review. Redundancy selection criteria that disproportionately identify workers of a particular age, gender, or disability status for redundancy may constitute unlawful discrimination even if the model did not use those characteristics directly.

The Amazon hiring algorithm case study is instructive: a model trained on historical data reflects historical patterns, including historical discrimination. Redundancy AI trained on data from a workforce that was previously less diverse will tend to perpetuate that lack of diversity through its selections. Require an independent bias audit of any AI redundancy selection model before it is used, and scrutinise selection outputs for patterns by protected characteristic before any redundancy decisions are communicated.

Building governance infrastructure for HR AI

A sustainable HR AI governance framework requires: an AI register that lists all HR AI tools, their purpose, data inputs, and the decisions they influence; bias testing protocols for each tool, conducted at least annually and after any significant model update; a human-in-the-loop requirement for all consequential HR decisions β€” the AI informs, the human decides; an employee disclosure framework β€” what employees are told about AI use in each phase of their employment; a contestability process β€” how employees can challenge AI-generated assessments; and an incident response plan for when HR AI produces errors or discriminatory outputs.

None of this needs to be complex. A small company with one or two HR AI tools can meet these requirements with straightforward documentation and clear process. What matters is that the governance is real β€” not a policy document that is never followed. Regulators and Employment Tribunals are increasingly examining whether AI governance documented in policy was actually implemented in practice.