AI Resume Screening: The Dos and Don'ts in 2026

AI resume screening uses machine learning to parse resumes, score them against role requirements, and rank candidates for human review. As of 2026 it's governed by NYC Local Law 144, the EU AI Act, EEOC enforcement guidance, the Illinois AI Video Interview Act, and a pending federal class action against Workday that could touch every employer using algorithmic screening. The dos and don'ts below are the operating manual for using it without ending up in a deposition.

I've spent the last 18 months watching companies deploy this tech, watching some of them get burned, and watching the case law evolve faster than most HR teams realize. This guide is the version I wish existed when I started buying these tools. Practitioner-skeptical. Specific about what you can and can't do. Sourced.

Quick reference: the 10 dos and don'ts

| Do | Don't |

|---|---|

| Keep a human in the loop for every reject decision | Let AI auto-reject candidates without human review |

| Run an annual bias audit, especially if hiring in NYC | Deploy in NYC without a published bias audit (LL144) |

| Disclose AI use to candidates upfront | Hide that AI is involved in your hiring funnel |

| Maintain audit logs for every decision | Treat vendor "compliance" claims as proof of compliance |

| Use AI for sourcing and qualification | Use it for the actual hire/no-hire decision |

| Check ADA accommodation pathways before deployment | Skip accommodation review (the EEOC's first AI settlement was here) |

| Train on diverse, audited historical data | Train on biased historical hire data (Amazon's 2018 mistake) |

| Calibrate scoring against your actual best hires | Trust the tool's default scoring out of the box |

| Map your jurisdictions before deployment | Assume one compliance posture works across NYC, IL, EU, CO |

| Update FAQ, candidate notices, and DPIA documents | Forget that GDPR/data protection still applies |

Each of these has a real case behind it. Below.

How AI resume screening actually works

Before the dos and don'ts make sense you need the mechanism. AI resume screening is five stages, every one of which is a place bias can enter or compliance can break.

Stage 1: Parse. The tool ingests the PDF or DOCX and extracts text. Modern parsers handle multi-column layouts, headers and footers, embedded images. Older parsers drop information from non-standard layouts, which silently filters out candidates with creative resumes.

Stage 2: Extract entities. Named entity recognition pulls names, employers, dates, job titles, education, certifications, skills. This is where a 2020 graduation date becomes "0 to 5 years of experience" and a candidate with a 7-year gap becomes "career discontinuity."

Stage 3: Normalize against a skill taxonomy. The tool maps your raw skill list ("React, TypeScript, Postgres") to canonical entries in its internal taxonomy. Quality varies wildly. A good taxonomy understands that "Postgres" and "PostgreSQL" are the same thing. A bad one treats them as different signals.

Stage 4: Embed and vectorize. The job description becomes one vector. Each candidate becomes another vector. The model computes similarity. This is where modern AI screening differs from old keyword-match ATS: it can match meaning, not just words. "Distributed systems engineer" can match a candidate who wrote "scaled Kubernetes clusters" without ever using the word "distributed."

Stage 5: Score and rank. The similarity score becomes a number, candidates get ranked, the top N show up in the recruiter view. Some tools also apply hard filters here (years of experience, degree requirement, location radius). Those filters are where the most expensive lawsuits start.

The bias entry points map to specific stages. Parse failures bias against non-standard layouts (more common in older applicants, non-native English writers, candidates from countries with different resume conventions). Entity extraction can encode racial bias from name parsing. Skill taxonomies can systematically undervalue skills more common in underrepresented groups. Embeddings inherit bias from training data. Scoring thresholds and hard filters multiply whatever bias exists upstream.

The dos

Do: keep a human in the loop for every reject decision

This is the single most important rule. The legal distinction between a defensible AI screening system and an indefensible one is whether the AI makes the final call.

Use AI to sort, rank, surface, summarize, and qualify. Use a human to decide who advances and who doesn't. Yander is built around this principle: the AI does the work of finding and qualifying candidates, the human decides.

The Mobley v. Workday case (preliminary class certification granted May 16, 2025 by Judge Rita Lin, N.D. Cal.) hinges on Workday's screening tool allegedly auto-rejecting older applicants without human review. The class could include hundreds of millions of applicants given that Workday itself acknowledged 1.1 billion application rejections during the relevant period (Norton Rose Fulbright, 2025). If the case proceeds to verdict and plaintiffs win, every employer using algorithmic screening with insufficient human oversight is on the hook.

The fix is operational. Configure your tool to score and surface, not to auto-reject. Have a recruiter review the ranking before any decision communicates to the candidate.

Do: run an annual bias audit

NYC Local Law 144 requires it for any Automated Employment Decision Tool used to make or substantially assist hiring decisions in NYC. The audit must be conducted by an independent auditor, must measure adverse impact across protected categories (sex, race, ethnicity), and must be published publicly.

Even outside NYC, an annual bias audit is the cheapest insurance against an EEOC enforcement action. The audit gives you a paper trail showing reasonable care. Reasonable care is the standard that decides whether an algorithmic discrimination case becomes a settlement or a verdict.

What an audit actually requires: pull the screening decisions for the past year, compute selection rates by protected category, calculate the four-fifths rule (does any group's selection rate fall below 80% of the highest group's rate?). If yes, you have potential disparate impact that needs explaining. If no, you have evidence that the tool is operating within accepted bounds.

Do: disclose AI use to candidates

Candidate disclosure is required under NYC LL144, the Illinois Artificial Intelligence Video Interview Act, the Colorado AI Act (when enforcement resumes), and the EU AI Act's transparency provisions. Beyond compliance, disclosure is the single best protection against a candidate experience complaint.

The disclosure should appear before the candidate uploads their resume, not buried in a privacy policy nobody reads. State: "We use AI tools to help review and rank applications. A human reviews every decision."

If you can't make that second sentence true, change your process before you change your disclosure.

Do: maintain audit logs for every decision

Every score, every ranking, every reject. Timestamped, immutable, linked to the role and the recruiter who reviewed the decision. Modern AI hiring platforms log this by default. Older ATS bolt-ons often don't.

When the EEOC or a plaintiff's attorney shows up asking "why didn't you hire my client," the audit log is the evidence that decides whether the case goes anywhere. No log means no defense. The logs also surface patterns over time, like a particular recruiter consistently advancing candidates from a single demographic, which is the kind of issue you want to catch internally rather than have a lawyer surface in deposition.

Do: use AI for sourcing and qualification, not decisions

This is the model that holds up legally and operationally. Use AI to find candidates who would never surface through your normal pipeline. Use AI to qualify their fit against the role's actual requirements. Use AI to surface a shortlist. Stop there.

Decisions about who advances, who interviews, who gets the offer stay human. This is what we built Yander to do specifically: instant sourcing of hidden candidates, automated outreach, qualification, and then the human takes over. We do not make hire decisions for you, ever.

Do: check ADA accommodation pathways

The EEOC's May 12, 2022 technical assistance document on AI in hiring under the ADA flagged a specific risk: AI tools that disadvantage candidates with disabilities. A timed assessment, a video interview that scores fluency, a chat-based screening that penalizes slow typing, all of these can violate the ADA if they screen out a qualified candidate who would have succeeded with accommodation.

The fix: provide a clearly visible accommodation pathway before any AI-driven step. "Need a different format for this assessment? Click here." Train your recruiters to grant accommodation requests without scrutiny. Document every accommodation you grant.

The iTutorGroup settlement (EEOC, August 2023) cost the company $365,000 because their screening system auto-rejected applicants over a certain age. The same legal logic applies to disability accommodations. Build the pathway before you need it.

Do: train on diverse, audited historical data (or don't train at all)

If your AI screening tool learns from your past hiring decisions, it inherits every bias in those decisions. Amazon's internal AI recruiting tool taught itself to penalize resumes containing the word "women's" (as in "women's chess club") and downgraded candidates from two all-women's colleges, because the training data was drawn from a male-heavy decade of engineering resumes. Amazon scrapped the project in 2017 (Reuters, October 2018).

If you're using a vendor whose tool learns from your data, audit the training set before deployment. Look for skewed demographic distributions. Look for patterns that correlate with protected categories. If the historical data is biased, the tool will be biased.

Many modern AI screening tools (including Yander) do not train on your historical decisions. They use general-purpose language models with role-specific scoring criteria. That avoids the Amazon problem entirely, at the cost of less customization. The trade is usually worth it.

Do: calibrate scoring against your actual best hires

Run a calibration test before going live. Take 50 to 100 of your best hires from the last two years. Run their resumes through the AI screening tool as if they were applying today. Does the tool rank them highly?

If your best hires score badly, the tool is misconfigured for your roles. Adjust the criteria, retest. Don't deploy until your top historical performers consistently surface in the top 20% of rankings.

The same test in reverse: take 50 to 100 rejected candidates from the same period. Are any of them scoring above your hires? If yes, your historical screening was wrong, the AI is exposing it, and you have an interesting decision to make about whether to revisit those candidates.

Do: map your jurisdictions before deployment

The compliance posture for AI screening differs by where you hire, not where you're headquartered. A New York City company that only hires remote employees in Texas still has NYC LL144 obligations for any NYC-based applicants. An EU subsidiary of a US company is subject to the EU AI Act for any EU-based hiring decision.

Map every state and country where you currently hire or plan to. Then map the compliance requirements that apply (NYC LL144 if NYC, Illinois AIVIA if Illinois, Colorado AI Act once enforcement resumes if Colorado, EU AI Act if anywhere in the EU, GDPR if anywhere in the EU regardless). Build the compliance posture for the strictest applicable regime. Apply it everywhere.

Do: update FAQ, candidate notices, and data protection documents

GDPR still applies. CCPA still applies. The right of candidates to know what data you collect, how you use it, how long you retain it, and to request deletion still applies. The fact that an AI tool is involved makes the transparency requirement more important, not less.

Audit your candidate-facing privacy notice, your internal data retention policy, and your data protection impact assessment (DPIA). Add a section explaining what AI does, what data it processes, how long that data is retained, and how candidates can object or request human review.

The don'ts

Don't: let AI auto-reject candidates

This is the most expensive mistake. The iTutorGroup settlement, the Mobley v. Workday class certification, every EEOC algorithmic discrimination case, every NYC LL144 enforcement action, they all share this pattern. The AI was given the power to reject.

The fix is configuration. Most modern AI screening tools have an "auto-reject below threshold" feature. Turn it off. Configure the tool to rank and surface, not to make terminal decisions. Have a human review the bottom of the ranking before any rejection email goes out.

This sounds slow. It isn't. A recruiter can scan 50 ranked candidates and flag the bottom 30 in five minutes. That five minutes is the difference between a defensible process and a class action exhibit.

Don't: use facial or emotion analysis

HireVue learned this the hard way. After the 2019 EPIC FTC complaint, ACLU pressure, and a third-party algorithmic audit, HireVue dropped its facial analysis feature in January 2021 (Fortune, 2021). The feature was widely criticized for scoring candidates on facial expressions, micro-expressions, and emotional cues that have no validated link to job performance and that disproportionately disadvantage candidates with neurodivergent traits, certain disabilities, or simply different cultural norms for facial expression.

In 2026, any AI hiring tool still scoring candidates on facial features, emotional inference, or video-based personality analysis is either reckless or selling snake oil. Avoid them. If your tool offers these features as optional, turn them off.

Don't: deploy in NYC without a published bias audit

NYC Local Law 144 (effective January 2023, enforcement starting July 5, 2023) is the single most enforceable AI hiring law in the US right now. Penalties start at $500 per violation and rise to $1,500 per day for ongoing violations (NYC Department of Consumer and Worker Protection).

The requirements are specific. An independent auditor conducts the bias audit. The audit results are published on your website. Candidates are notified before they apply that an AEDT (Automated Employment Decision Tool) will be used. The audit is renewed annually.

If you're hiring in NYC and your vendor cannot produce a current bias audit, you have two options. Switch vendors, or use the tool only for non-NYC hiring until your vendor catches up. Don't deploy and hope for the best. The DCWP has been actively investigating since enforcement started.

Don't: train on biased historical hire data

This is the Amazon mistake (tool scrapped 2017, reported by Reuters October 2018), and it's the trap most vendors that "customize" their AI fall into. The pitch sounds appealing: "Our AI learns from your hiring patterns to find candidates like your best hires." The reality: if your past hires skew toward any demographic, the AI will encode that skew and apply it forward.

If your tool offers training-on-your-data as a feature, ask hard questions. What demographic distribution is in the training set? Is the model audited for adverse impact after training? Can you opt out of training while keeping the AI features you want?

In many cases the right answer is to use a tool that doesn't train on your data at all. General-purpose language models with role-specific scoring criteria avoid the Amazon problem and are usually accurate enough for the work.

Don't: hide the AI from candidates

Beyond legal compliance, this is a trust issue. Candidates increasingly assume AI is involved in any hiring process anyway. Companies that disclose openly get the benefit of looking honest. Companies that hide get the benefit of looking like they have something to hide when the disclosure inevitably comes out.

Put the AI disclosure on the job listing. Put it on the application form. Put it in the autoresponder email. Don't bury it in a privacy policy footer.

Don't: treat vendor "compliance" claims as proof of compliance

Most vendors will tell you they're compliant. Fewer will give you their audit. Even fewer will let your counsel review the audit methodology.

Ask for the audit document itself, not the marketing summary. Ask for the methodology. Ask who the auditor is and whether they're independent. Ask how often the audit is renewed. If the vendor pushes back on any of these, walk.

The big enterprise vendors (Eightfold, Ashby, Paradox) publish audits. Some mid-market vendors do. Many SMB vendors don't have audits at all, even when they claim to be NYC LL144 compliant. The claim and the document are different things.

The legal map by jurisdiction

What actually applies, where, and when.

NYC Local Law 144 (Automated Employment Decision Tools)

- Enacted: 2021. Effective: January 2023. Enforcement began: July 5, 2023.

- Requirements: independent annual bias audit, public disclosure of audit results, candidate notice before AEDT use.

- Penalties: $500 per violation, up to $1,500 per day for ongoing violations.

- Source: NYC Department of Consumer and Worker Protection.

Illinois Artificial Intelligence Video Interview Act

- Effective: January 2020.

- Requirements: written candidate consent before AI analyzes video interview, disclosure of what characteristics the AI evaluates, restrictions on data sharing.

- Source: Illinois General Assembly.

EEOC guidance and enforcement

- May 12, 2022: EEOC issued technical assistance on AI in hiring under the ADA.

- August 2023: iTutorGroup settled for $365,000 over age discrimination by AI screening tool (EEOC's first AI-related settlement).

- May 16, 2025: Mobley v. Workday class certification granted by Judge Rita Lin (N.D. Cal.). Potential nationwide class of applicants aged 40+ who were rejected by Workday's screening tool.

- Source: U.S. EEOC, Norton Rose Fulbright.

EU AI Act (Regulation 2024/1689)

- High-risk classification effective: August 2, 2026 (for hiring AI specifically).

- Proposed deferral to December 2, 2027 per the Digital Omnibus published November 19, 2025. Unless adopted before August 2026, the original date applies.

- Requirements: mandatory risk assessments, technical documentation, bias testing, human oversight, transparency disclosures, continuous monitoring.

- Penalties: up to €15 million or 3% of global annual turnover, whichever is higher.

- Source: European Commission.

Colorado AI Act (SB 24-205)

- Originally effective: June 30, 2026.

- Status: federal court paused enforcement April 27, 2026 pending litigation. Underlying statute remains intact.

- Requirements (if enforcement resumes): documented AI governance program, impact assessments, consumer-facing disclosures, opt-out notifications.

- Source: Colorado General Assembly.

Federal level

- No broad federal AI hiring law yet. EEOC enforcement uses existing Title VII, ADA, ADEA, and Title I of the GINA. Multiple federal bills proposed but none enacted as of mid-2026.

California

- AB 2930, which would have required AI hiring notices and impact assessments, was pulled by its sponsor before reaching Governor Newsom's desk in 2024. Assemblymember Rebecca Bauer-Kahan signaled plans to reintroduce a similar bill. No specific AI hiring law currently in force, but the California Fair Employment and Housing Act applies to algorithmic discrimination just as it applies to human discrimination.

Where bias actually creeps in (the five-stage map)

Bias doesn't appear in one place. It compounds across the mechanism. Here's what to audit at each stage.

Parse stage. Test your tool against resumes with non-standard layouts: graphical resumes, multi-column resumes, resumes with creative design. If candidates get rejected silently because their layout broke the parser, that's a bias channel you didn't know existed.

Entity extraction stage. Test against resumes with non-Anglo names, non-US universities, non-traditional career paths. Does the tool correctly extract a degree from a Vietnamese university? Does it understand that "ENS Paris" is an elite French institution?

Skill taxonomy stage. Audit the canonical skill list. Does it understand that "vibe coding" and "AI-assisted development" should map to similar engineering competencies? Does the taxonomy systematically undervalue skills more common in candidates from specific backgrounds?

Embedding stage. This is the hardest to audit because it's a black box for most vendors. Ask the vendor what model is used, what training data, what bias mitigation was applied. If they can't answer, that's a red flag.

Scoring and ranking stage. Run the adverse impact analysis. Selection rates by protected category. The four-fifths rule. If your selection rate for any protected group is below 80% of the highest group's rate, you have a problem to investigate.

The fix is layered. Single-stage audits miss compound bias. A tool that passes a top-line adverse impact test can still systematically filter out candidates with disabilities at the parse stage, or candidates from non-traditional backgrounds at the taxonomy stage. Audit every stage.

How to choose a tool that won't get you sued

Six questions every vendor must answer before you sign.

1. Can the tool be configured to never auto-reject? Yes or no. If yes, demand a screenshot of the setting. If no, walk.

2. Does the vendor publish a current bias audit? Get the document. Check the date. Check the auditor. Check the methodology.

3. Is the model trained on your historical data? If yes, ask about adverse impact testing post-training. If no, ask what the model is trained on.

4. What's the disclosure flow for candidates? Should be visible before application, not buried.

5. What's the audit log retention policy? Should be at least 7 years for ADEA/Title VII compliance.

6. How does the vendor handle accommodation requests? Should be clearly documented in the product.

If a vendor can't answer all six clearly, the risk transfer is too one-sided. Walk.

The implementation playbook

How to actually roll this out without breaking your funnel or your compliance posture.

Week 1: audit your jurisdictions. Where do you hire? Where do you plan to hire in the next 12 months? Map every state and country. Identify the strictest applicable regime.

Week 2: vendor evaluation. Run the six-question filter on every shortlisted vendor. Eliminate anyone who can't answer all six. Request demos from the survivors.

Week 3: calibration test. Take 100 historical resumes (50 hires, 50 rejects). Run them through the top two vendors. Compare rankings to actual outcomes. The vendor whose rankings best match your actual best hires is the one to pick.

Week 4: pilot deployment. Deploy with one role only. Configure for ranking and surfacing, never auto-reject. Recruiter reviews every decision. Track time-to-first-screen and quality of shortlist.

Week 5-8: scale. Add roles one at a time. Continue tracking adverse impact metrics weekly. Document everything for the eventual bias audit.

Quarter 2: bias audit. Engage an independent auditor. Publish results. Update candidate notices. Schedule annual renewal.

Related guide: this article is part of our pillar on AI recruiting in 2026. For the full category map covering tools, legal stakes, pricing, and the implementation playbook, see The Complete Guide to AI Recruiting in 2026.

FAQ

Is AI resume screening just an upgraded ATS?

No. A traditional ATS is a database and workflow tool. It stores resumes, tracks stages, runs keyword searches. AI resume screening adds semantic matching (understanding meaning, not just words), skill inference, and similarity-based ranking. Most modern ATS embed AI screening as a feature now, but the AI is the new layer, not the underlying ATS.

How accurate is AI resume screening, really?

Vendor accuracy claims are misleading because they measure agreement with the recruiter's existing choices. That metric only tells you the AI imitates the recruiter. The metric that matters is false-negative rate: how often does the AI filter out qualified candidates? Harvard Business School's "Hidden Workers" report (2021) found that 88% of employers surveyed said qualified, high-skilled candidates were rejected outright by their hiring process because the candidates did not exactly match the system's criteria (Fuller et al., HBS, 2021). AI screening tools that train on historical reject decisions inherit and amplify this. The honest measures are efficiency gains (SHRM 2025 found that 89% of HR professionals using AI in recruiting report time savings, and AI-enabled teams complete 66% more candidate screens per week than manual teams) combined with quality-of-hire tracking 12 months out.

Can candidates beat AI resume screening?

Yes. Candidates increasingly use AI tools to write resumes that score well against AI screeners. Match the job description language, use canonical skill names, format cleanly, avoid graphical elements that break parsers. This isn't gaming the system, it's adapting to how the system works. The arms race is real. Smart employers focus less on "beating" detection and more on whether the candidate can do the job once hired.

How much does AI resume screening cost in 2026?

Every figure here was verified on May 14, 2026 against the vendor's pricing page or aggregated buyer reports where the vendor is sales-led. Pricing moves, so the date stamp matters.

Free options (verified May 14, 2026): Yander offers a free tier ($0, 200 sourced candidates to try, no credit card). JuiceBox AI has a free plan covering one seat with limited monthly searches.

Paid SMB tier with published pricing (verified May 14, 2026): Manatal $19 to $59 per user per month, Yander Pro $89 per user per month, Yander Max $249 per user per month, JuiceBox Starter $99 per seat per month, JuiceBox Growth $149 per seat per month.

Mid-market (verified May 14, 2026): Workable $169 to $599 per month with AI sourcing locked to the $299 Standard tier or above, Fetcher $379 to $849 per month per recruiter, Ashby Foundations from $360 per month on annual billing.

Enterprise (sales-led, no public pricing): aggregated buyer reports as of mid-2026 put Eightfold at $30,000 to $250,000+ per year, Paradox at $50,000 to $500,000+ per year, HireVue typically starting around $35,000 per year, and Phenom at $50,000+ per year. Get the actual quote in writing.

Hidden costs that don't show up on vendor pricing pages: an independent bias audit runs $5,000 to $20,000 per year, legal review of candidate notices and accommodation policy runs $5,000 to $25,000 one-time then annual updates, and DPIA documentation for EU operations runs $3,000 to $15,000 per significant tool change. Build them into the budget.

Are there free AI resume screening tools?

Yes, more than there were two years ago. Yander offers a free tier with 200 sourced candidates to try, no credit card required, which is the easiest place to start for sourcing plus qualification. JuiceBox AI has a free plan with one seat and limited monthly searches. Manatal offers a 14-day free trial that's a real product test, not a feature-limited demo. Recruit CRM offers a similar 14-day trial. For DIY, you can build a functional resume screener with GPT-4 and a structured prompt for about $0.30 per resume. The DIY route is fine for first-pass filtering but lacks the audit logs, bias testing, and compliance documentation you need for any serious deployment. Use it to learn what AI screening can do, then move to a real tool for production.

Will AI replace recruiters?

No, and the legal landscape is the reason. Every major AI hiring law explicitly requires human oversight. Mobley v. Workday is specifically about what happens when humans are removed from the loop. Recruiters will spend less time on first-pass filtering and more time on the candidate conversations that actually predict good hires. That's a better job, not a smaller one.

The honest summary: AI resume screening works, the law is catching up fast, and the line between defensible deployment and a class action is whether humans stay in the loop for decisions. Use the AI to do the work humans hate (sourcing, qualification, ranking). Keep humans on the decisions that matter (advancing, rejecting, hiring).

If you want to see what AI screening looks like when it's designed around the human-in-the-loop principle from the start, that's what we built Yander for.