You have just upgraded your hiring workflow. A new applicant tracking system with AI scoring built in. CVs come in and get ranked automatically before anyone on your team reviews them. It saves hours. You have not tested whether the algorithm skews toward or away from any particular group. The vendor’s marketing page says it is fair. You take that at face value because you are running a business, not a machine-learning lab.
Three court cases from the past four years suggest that assumption carries more legal risk than it appears.
What is an AI hiring bias lawsuit?
AI hiring bias lawsuits are legal claims brought against employers whose automated recruitment tools produced discriminatory outcomes, typically by filtering candidates based on protected characteristics such as age, race, gender, or disability. The US Equal Employment Opportunity Commission settled a landmark case in 2023, and courts have since allowed further claims to proceed against both software vendors and the employers who used their tools.
In May 2022, the EEOC sued ITutorGroup, an online tutoring company, after its AI recruitment software allegedly rejected applicants based on age. The case settled in September 2023 for $365,000 plus other relief. It was one of the first high-profile instances of an employer being held accountable for what its hiring AI did, rather than for an explicit human decision.
In July 2024, a California federal court allowed parts of Mobley v Workday to proceed. The plaintiff said he had applied for 80 to 100 jobs through Workday-powered platforms and been automatically rejected from each. The court allowed claims treating Workday as a potential agent of the employers using its tools to continue, suggesting both vendors and employers could face exposure.
In January 2026, applicants filed a proposed class action against Eightfold AI, focused on alleged unlawful collection and use of sensitive applicant data under the US Fair Credit Reporting Act and California’s Investigative Consumer Reporting Agencies Act. That case widened the frame: the risk now extends beyond who gets hired to how candidate data is collected in the first place.
Why does this matter for your business?
The employer who uses the tool carries the legal exposure, regardless of who built it. Anti-discrimination law attaches to whoever runs the recruitment process. If your automated screening filters out candidates in a way that disadvantages a protected group, the fact that you did not write the algorithm provides little protection. Employment law commentary following the Mobley ruling makes that point consistently.
SHRM’s summary of AI hiring litigation notes that claims can reach employers using standard automated résumé screeners, video interview analysers, and other decision-support tools in ordinary recruiting workflows, covering the kinds of systems many owner-managed businesses already use.
The practical implication is that you need to understand what your hiring tool actually does before you deploy it. If it scores candidates, you need to know the basis for those scores. If it filters applications, you need to know whether that filter has been tested for adverse impact on protected groups. If a hiring decision is challenged, vendor marketing claims are unlikely to constitute evidence; your own documentation of fair process is what matters.
Where will you actually encounter this risk?
The risk arises anywhere automated software materially influences a hiring decision. That includes CV scoring in an applicant tracking system, AI-powered video interview analysis, automated shortlisting from a job board, and any tool that ranks or filters applications before a human reviews them. In the UK, this sits within obligations imposed by UK GDPR, ICO guidance on automated decisions, and EHRC equality requirements.
The ICO is clear that employers using AI in recruitment must identify a lawful basis for processing candidate data, provide clear privacy information, and assess fairness and bias risks under UK GDPR. Where AI makes decisions with legal or similarly significant effects, such as excluding candidates from interviews, the ICO’s automated decision-making guidance requires employers to check whether Article 22 conditions apply and whether meaningful human intervention is genuinely in place.
The Equality and Human Rights Commission adds a parallel requirement. Its employment guidance states that discrimination claims can arise from recruitment practices that disadvantage protected groups, and that employers need their own evidence that the process is fair and job-related.
The National Cyber Security Centre takes a different angle. Its guidance on deploying AI for organisations advises treating AI vendors like any other critical supplier: check what data you are sharing, who can access it, and whether the supplier’s controls are adequate before you begin.
When does this risk apply to you, and when can you set it aside?
How exposed you are depends entirely on what the tool is doing in your hiring process and how much human judgement sits alongside it. An AI tool used only for formatting job descriptions or scheduling interviews carries far less legal risk than one that scores and filters candidates before a human sees them. Understanding where your tool sits on that spectrum is the first practical step.
The exposure shrinks considerably if your AI is limited to administrative work rather than candidate evaluation or ranking. It shrinks further if a human reviews every rejection and can genuinely override the system in practice, and if your vendor provides documented bias testing and audit logs rather than a generic claim of fairness.
Where you use AI to screen a candidate pool before any human is involved, the risk is higher. The plaintiff in Mobley described applying for 80 to 100 positions through AI-powered platforms and being rejected from all of them without any apparent human involvement. That pattern is precisely what courts and regulators are scrutinising.
Company size provides no particular shield. A 10-person owner-managed business using standard ATS scoring faces the same legal principles as a large employer. The scale of potential claims may differ, but the underlying obligations under UK GDPR, EHRC guidance, and, for US-market hiring, the Age Discrimination in Employment Act and Title VII, do not shrink with headcount.
What else connects to this risk?
Beyond discrimination in hiring decisions, a second category of exposure is emerging around how AI tools collect candidate data. The Eightfold AI class action, filed in January 2026, centred on alleged unlawful data collection under the US Fair Credit Reporting Act, separate from any shortlisting bias claim. Data risk and discrimination risk can exist independently: a tool with no bias in its rankings can still create issues through improper data handling.
The EU AI Act classifies recruitment and worker-management systems as high-risk, which carries its own compliance requirements. This is relevant for UK owner-managed businesses that hire candidates based in the EU, use EU-based AI providers, or whose tools are built on EU infrastructure.
A practical standard cuts through the complexity. Before deploying any AI hiring tool, you should be able to answer four questions: what data does the tool use to score candidates, has it been tested for adverse impact on protected groups, does a human with genuine authority review outcomes before they become final, and can you document and reverse any decision if it is challenged?
If you cannot answer all four comfortably, the tool carries more risk than it saves time. If you are unsure which side of these lines your current tools sit on, the most useful next step is to Book a conversation and work through it before a candidate rejection forces the question.
