Is Your ATS Vendor HB 3773 Compliant? How to Find Out

Three out of five HR Directors we talk to assume their ATS vendor is "handling compliance." Almost none have asked the vendor in writing. Worse, even when vendors are doing real work — bias audits, notice templates, opt-out flows — that work doesn't transfer to the employer's file unless the employer documents the diligence.

Here's how to actually evaluate your ATS vendor's HB 3773 posture, with the questions you should send and the artifacts you should collect.

Why the vendor question matters

Under HB 3773, the employer keeps the duty to provide notice, to use the tool lawfully, and to document diligence. You cannot outsource that obligation to the vendor's terms of service. But — and this is the part that's actually leverageable — the vendor's own compliance posture directly affects yours. A bias audit completed by the vendor, if you can document that you reviewed it, is part of your file.

The seven-question vendor checklist

1. What AI features are in your product? Have the vendor list every AI-enabled feature, including features that are off by default.
2. Is there a published bias-audit report? Ask for the most recent one, the methodology, and the audit firm. Compare against NYC LL 144 standards even if you're not in NYC — the framework is widely adopted.
3. What notice text does the platform deliver to candidates? Get the exact language and the trigger point (when notice is shown).
4. Is there an opt-out path? What happens to a candidate who declines AI evaluation — are they re-routed or excluded?
5. Where does the data go? Training data, retention, third-party sharing, sub-processors.
6. What does your contract say about AI-related claims? Look for indemnification language, audit-cooperation clauses, and termination rights tied to compliance failures.
7. What changed in your AI features in the last 24 months? Most ATSs added matching or scoring quietly. Force the vendor to disclose.

What good vendor responses look like

Vendors that have done the work will respond promptly, in writing, with cited documents. They will offer to walk you through their bias-audit report. They will share their notice template and explain how it's triggered.

Vendors that haven't done the work will respond with vague reassurance ("we take compliance very seriously"), point you at a high-level whitepaper, or — most telling — go quiet. That silence is the answer. The remediation list writes itself.

What to put in your vendor diligence file

• The vendor's written response to each of the seven questions
• Copy of the bias-audit report (or evidence of refusal)
• The notice template the vendor delivers, with screenshots of the candidate flow
• The relevant sections of your contract addressing AI
• A dated memo summarizing your conclusion and any remediation steps

That memo is what makes the vendor's work part of your file. Without it, you have nothing to show under a demand letter.

When to switch vendors

Most vendors will fall somewhere in the middle: some real work, some gaps, willingness to improve. That's manageable through a documented remediation plan with timelines. The cases where switching is the right answer are usually the vendors who can't or won't provide a bias audit, won't share their notice flow, and won't put AI commitments into contract. Those vendors aren't worth the institutional risk.

The standalone option

If your company isn't ready for a full Compliance Engagement, the Vendor AI Diligence Review is a $4,500 focused engagement that produces this exact file for your HR-tech stack — typically 5–10 vendors in 2–3 weeks. Frequently the on-ramp to a full build. Book a Risk Review to talk through scope.

Lakeshore is a compliance consultancy, not a law firm. This article is general information and not legal advice.