The 4 Most Common HB 3773 Compliance Gaps in Illinois Companies

We've now had enough conversations with Illinois HR Directors and General Counsel to see the pattern. The same four gaps come up over and over. They aren't exotic. They aren't anyone's fault, exactly — they just sit in the seam between HR, IT, and Legal, and they never become anyone's specific job.

Gap 1: No complete AI inventory

By far the most common starting position. Companies have a sense of some of their AI use — the ATS, the video-interview tool — but no comprehensive map. That makes every downstream artifact unreliable, because you can't draft accurate notices, write a defensible policy, or claim vendor diligence on tools you haven't catalogued.

The fix: a structured inventory that covers every system, vendor, and informal workflow. See How to Build an AI Inventory for the methodology, and What Counts as an "AI Tool" for the taxonomy you'll need to apply.

Gap 2: Missing or generic notices

Companies either have no candidate or employee notice at all, or they have a generic template pulled from a vendor and pasted into a privacy policy. Generic doesn't survive a challenge well — courts and regulators treat "clear and conspicuous" literally.

The fix: notices tailored to your actual AI use (which you can't write until Gap 1 is closed), delivered in plain language at the right point in the workflow, with proof of receipt. See the deeper take in The HB 3773 Notice Requirement.

Gap 3: A policy memo that was never implemented

Employment counsel wrote a 14-page memo. Maybe a one-page policy. Then the file sat. No one converted it into an internal policy, a workflow, or a training. The memo is good work. It's just not implementation.

The fix: turn the memo into an adopted policy, a documented workflow, and a trained team. Your attorney does interpretation. You do (or someone does) implementation. The full take on the memo problem is here.

Gap 4: No vendor due diligence file

Companies rely heavily on HR-tech vendors but have rarely documented whether those vendors are themselves compliant — bias-audit posture, notice and opt-out flows, contract language. That's the gap a plaintiff's attorney will probe first, because vendor failures often mean both the vendor and the employer are on the hook.

The fix: a documented review of each AI-touching HR vendor, with vendor-by-vendor risk scores and a remediation list. We do this as part of every engagement, and offer it as a standalone Vendor AI Diligence Review for companies that aren't ready for a full build.

The pattern that closes all four

Each gap is an artifact, not an opinion. None requires legal interpretation; all require operational discipline. That's why a 90-day audit-style engagement closes them faster than another round of meetings. Book a Risk Review and we'll walk through your specific posture in 20 minutes.

Lakeshore is a compliance consultancy, not a law firm. This article is general information and not legal advice.