The Digital Services Act is a new EU law that regulates digital services and requires companies to assess risks, outline mitigation efforts, and undergo third-party audits for compliance. The Act applies to hosting services, marketplaces, and online platforms that offer services in the EU, regardless of their place of establishment. Key provisions of the Act include transparency and algorithmic accountability and a risk governance approach to AI systems. Non-compliance with the Act can attract penalties of up to 6% of the company's annual turnover in the European Union and companies will also be exposed to civil suits and liability. The Act will be in full effect starting February 17th, 2024.

The U.S. Equal Employment Opportunity Commission (EEOC) has released a "technical assistance document" advising employers on how to assess adverse impact in software, algorithms, and artificial intelligence used in employment selection procedures under Title VII of the Civil Rights Act of 1964. The document provides key definitions for software, application software, algorithm, and artificial intelligence, and emphasizes that employers are accountable for any disproportionate impacts caused by AI selection tools. The document also encourages employers to regularly self-audit selection tools to assess any adverse impact on protected groups and modify the tool to minimize such effects. The EEOC's stance reaffirms the agency's position that AI systems and tools must adhere to laws and regulations concerning equal employment opportunity.

New York City's Bias Audit Law, or Local Law 144, which comes into force on July 5th, 2023, requires that employers and employment agencies using automated employment decision tools (AEDTs) to evaluate candidates for employment or employees for promotion have undertaken a bias audit of the tools and announced procedures for notification. However, the definition of key elements of the legislation has evolved throughout the rulemaking process, with the final version providing clarification on definitions for machine learning, statistical modeling, data analytics, or artificial intelligence, simplified outputs, substantially assisting systems, independent auditors, calculating impact ratios, summary of results requirements, and using historical and test data. While the adoption of AI and automation in HR is becoming ubiquitous, concerns about existing biases being perpetuated and amplified, novel sources of bias, and a lack of transparency about the system's capabilities and limitations remain.

The EU AI Act is a piece of legislation proposed by the European Commission to regulate the AI systems available in the EU market. The Act takes a risk-based approach to regulation, classifying systems as posing minimal risk, limited risk, high risk, or unacceptable levels of risk. The December 2022 text defined AI as a machine-based system designed to operate with autonomy that can generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments. The adopted text specifies eight broad high-risk applications of AI, with important updates to biometric and biometrics-based systems. A new Fundamental Rights Impact Assessment obligation has been introduced for users of High-Risk AIs, and prohibited practices now include AI models used for biometric categorization, predictive policing, and the collection of facial images for database construction. The EU AI Act will have important implications for the fairness and safety of AI systems available in the EU market, with deployers and users of AI systems facing a number of obligations.

New York City and New Jersey are introducing legislation to require bias audits of automated employment decision tools. New York City Local Law 144 will require audits of these tools from July 2023, while the New Jersey Assembly Bill 4909, which would introduce similar requirements if passed, has recently been introduced. The legislation is being proposed as concerns grow around the risks posed by technology including artificial intelligence. Companies will need to take steps to manage risks and procure any necessary interventions, such as bias audits, to remain compliant.