Use Cases/HR Agents

Runtime authorization for HR and recruiting AI agents.

A recruiting agent with Greenhouse, Workday, or LinkedIn credentials can turn a model suggestion into an employment action. SSO establishes identity. It does not decide whether this specific agent may reject a candidate, run a background check, change a salary band, or pull protected-class fields. Veto authorizes the action before it executes.

NYC Local Law 144EU AI Act Annex IIIEEOC Technical Assistance 2023
Sign upRead docs

What can go wrong

HR is explicitly named in the EU AI Act's high-risk employment category, and AI hiring tools already sit inside regulator, auditor, and worker scrutiny. The failure modes below are the ones to control before an agent can act.

Disparate-impact screening

An agent ranks applicants on resume keywords correlated with zip code, school prestige, or perceived gender. A score that looks neutral becomes a rejection decision before anyone checks the pattern.

Bias-audit drift

NYC Local Law 144 requires an annual bias audit before an automated employment decision tool is used on a New York candidate. If the model, prompt, or workflow changes, the audit state needs to stay visible before the agent screens or ranks.

PII exfiltration

A sourcing agent prompted to "summarize the pipeline" returns SSN tails, date of birth, salary history, and visa status across thousands of candidate rows into a chat transcript that is then forwarded to a shared inbox.

Unauthorized offer changes

An onboarding agent is socially engineered through email into updating direct-deposit routing on a pending offer, or shifts a salary band with no comp-team review. Workday-style writes execute before the review loop catches up.

What Veto enforces

Policies live in YAML next to your application code, evaluate in-process on the local decision path, and route exceptions to the configured review channel or your ATS approvals queue. Four examples below cover the most common failure surfaces.

veto/policies/hr-agents.yaml
policies:
  - name: "Block protected-class fields on read"
    match:
      tool: ["ats.get_candidate", "ats.search_candidates"]
    rules:
      - condition: "fields includes_any ['date_of_birth','ssn','race','disability','sexual_orientation','salary_history']"
        action: deny
        reason: "Protected-class fields require comp/legal access, not agent access"

  - name: "Require fresh NYC Local Law 144 bias audit"
    match:
      tool: ["ats.advance_candidate","ats.reject_candidate","ats.rank_candidates"]
    rules:
      - condition: "candidate.work_location.state == 'NY' && audit.days_since_last > 365"
        action: deny
        reason: "AEDT bias audit older than 365 days; candidate notice flag missing"
      - condition: "candidate.work_location.state == 'NY' && audit.notice_sent == false"
        action: deny

  - name: "Human approval before rejection"
    match:
      tool: "ats.reject_candidate"
    rules:
      - condition: "session.rejections_last_hour > 25"
        action: require_approval
        approvers: ["recruiting-lead@approved.example"]
      - condition: "candidate.demographic_bucket.rejection_rate_session > 0.6"
        action: require_approval
        approvers: ["dei@approved.example","legal@approved.example"]
        reason: "Disparate-impact threshold tripped"

  - name: "Offer and payroll write maker-checker"
    match:
      tool: ["workday.update_offer","workday.update_payroll"]
    rules:
      - condition: "args.field == 'base_salary' && abs(args.delta_pct) > 10"
        action: require_approval
        approvers: ["comp@approved.example"]
      - condition: "args.field == 'bank_account' || args.field == 'routing_number'"
        action: deny
        reason: "Payroll bank details require human-owned write path"

Evidence hooks

EU AI Act, Annex III § 4

Recruitment, screening, evaluation, and termination can fall into the Act's high-risk employment category. Veto routes high-impact decisions to humans and keeps the event record attached to the action.

NYC Local Law 144

Annual bias audit, candidate notice, and disparate-impact ratios. Veto can enforce freshness and notice flags, and export per-candidate decisions for the audit firm.

EEOC technical assistance (2023)

Employer is liable for Title VII disparate impact caused by AI vendors. Veto's session-level rejection ratios surface the four-fifths rule before damage compounds.

GDPR Article 22 & 30

Solely automated decisions producing legal effects are restricted. Veto's "require_approval" route creates evidence for human involvement and feeds Article 30 records of processing.

Where HR agents need hard stops

Recruiting agents sit on candidate records, ranking tools, assessment scores, background-check workflows, and offer data. The review point is not model output. It is the action that changes a candidate's status, score, compensation band, or access to opportunity.

Veto gives those actions a review boundary: bias-audit freshness, candidate-notice flags, protected-field access, rejection decisions, and offer changes can all be checked before the ATS or HRIS write happens.

Frequently asked questions

How does Veto support NYC Local Law 144 evidence for automated employment decision tools?
Local Law 144 requires an annual independent bias audit and candidate notice before an automated employment decision tool (AEDT) is used. Veto does not perform the bias audit, but its decision records give reviewers a per-candidate record to inspect: which agent ranked or filtered a candidate, the score returned, the input features, and the policy version active at decision time. Veto policies can also block a tool call until the audit timestamp is fresh and the notice flag is true.
How does this map to EU AI Act high-risk employment systems?
Annex III treats recruiting, screening, evaluation, and promotion or termination systems as high-risk when the system and use case fall within the Act. Covered deployers need human oversight, event records, monitoring, and worker-facing notices. Veto supports that operating model by routing rejection, ranking, and offer-modification tool calls to a human reviewer and logging each blocked, approved, or auto-allowed agent action.
Can an HR agent still read PII for legitimate tasks?
Yes. Policies allow scoped reads, for example a scheduling agent sees name, email, and interview time but not protected characteristics, salary history (illegal to ask in many jurisdictions), or resume free-text. Background-check agents are bound to a single candidate ID per session and cannot enumerate the ATS. Governed reads can be logged for GDPR Article 30 records of processing.
What about EEOC liability if the agent inadvertently discriminates?
EEOC guidance treats employer responsibility for AI hiring tools as a real risk, including vendor-provided tools. Veto policies can block tool calls that filter candidates by zip code, school name, age proxies, or other protected-class correlates and require human review when a decision pattern crosses your configured threshold. Logs export for internal review.

Related use cases

Enterprise Agents

Org-wide policy enforcement across HR, finance, and IT tooling.

Legal Agents

Counsel review gates for agents touching contracts or employment law.

EU AI Act

Article 14 oversight and Article 12 logs for high-risk employment systems.

Stop a single auto-rejection lawsuit. Pay for years of Veto.

Pick one ATS or onboarding tool boundary.

Sign upBook a call