50 poptastic trivia points to anyone who can spot that song title.
Welcome to the return of the Standswell blog…in which as ever I am going to take a wide-ranging often sideways glance across the world of AI/business/management science – focused on valuable, actionable and thought-provoking information.
SPOILER ALERT…much of the detailed research is done by and then checked by AI so will occasionally be, err, suspect. Our guest llm today is Opus 4.7 from Anthropic. Crucially the research questions and approaches are individually tailored by yours truly and are designed to inspire your own work.
Ok…so since I have been doing quite a lot of thinking about CVs recently I thought I would share some findings over 3 or 4 narrowly-focused blogs giving you the state of the nation as I see it and providing you with a stepping off point for further research. I will then round it off with a design of an ai cv maker. I am going to come at this from a candidates’ point of view initially but then will pivot to hiring.
TLDR: Abstract
As well as the ever-more powerful capabilities of ‘frontier’ large language models being applied to AI-augmented hiring processes, there are laws and ongoing court cases that are shaping the landscape. This blog reviews the latter, and will return to the former in the next edition, though there is some overlap.
TLDR: Conclusion
It always pays to be aware of your obligations and rights to ensure you avoid embarrassment or worse in the first place and to be aware of possible recourse if things should go wrong. However, there are more practical things that the legal framework signal as well…how to optimise for the things the bots are allowed to screen for and therefore probably do.
The good stuff: 10 law-related things to think about on your CV
1. Optimise for what the law lets the tool legitimately screen on. Skills, qualifications, experience duration, certifications, right-to-work are all fair game. Make them bulletproof: exact certification names (PRINCE2, AWS Solutions Architect, CIPD Level 5 β not “AWS certified”), standard job titles aligned to ESCO or O*NET, both forms of every skill (acronym + expansion), consistent date formats. These are the strongest legitimate signals AI is meant to be reading. I use this for standard skills definitions, tenses, competencies: SFIA
2. Don’t use formats that break parsers. Multi-column layouts, text boxes, graphics-only headers, image-based PDFs, contact details in headers/footers, non-standard section titles (“My Journey” vs “Experience”) β all cause parser failures indistinguishable from “unqualified” in the ATS (Applicant Tracking System). You can’t contest a rejection you don’t know happened. Use single-column, standard headers, text-based PDF or .docx, contact details in the body.
3. Don’t keyword-stuff a standalone skills section. Embedding rankers (Workday, iCIMS, SmartRecruiters) penalise skills appearing only in a list and not evidenced in work-experience bullets β confirmed by Wilson & Caliskan. It also reads as deceptive at the human-review stage you’re entitled to under DUAA / NYC LL144. Every skill should appear in a list and in a bullet showing use.
4. Don’t lie or stretch β Mobley and recruiter triangulation will catch it. Recruiters routinely cross-check CV against LinkedIn before interview, and ATS-LinkedIn integrations like LinkedIn RSC (Recruiter System Connect) make automated cross-flagging increasingly common. Rejection on integrity grounds is not a protected basis you can contest. Keep CV, LinkedIn, and application forms aligned.
5. Don’t leave employment gaps unexplained. The ICO November 2024 audit found tools using gaps as a filter β a discriminatory proxy for maternity, disability, or caring responsibilities. Defend yourself with a one-line plain-text explanation of any gap over three months so the AI categorises it correctly.
6. Use your transparency rights β find out what’s screening you. UK GDPR Articles 13/14 and (post-Feb 2026) DUAA (Data (Use and Access) Act 2025) require disclosure of AI use; NYC LL144 (New York City Local Law 144), Illinois, and Colorado require similar in the US. Check the careers-page privacy notice β heavily AI-screened employers (Workday, iCIMS, SmartRecruiters) reward parser-friendly CVs; human-led ones (Greenhouse, Ashby) reward narrative quality.
7. Don’t volunteer protected-characteristic data. The law (Equality Act 2010 in the UK; Title VII / ADEA / ADA in the US) prohibits discrimination, but the simplest defence is to not hand over the data: no photo, no DOB (Date of Birth), no marital status, no nationality (just “Right to work: Yes”), no religion, no disability declaration unless invoking reasonable-accommodation rights.
8. Preserve your right to human review. DUAA Articles 22Aβ22D and the EEOC (Equal Employment Opportunity Commission) position in Mobley v. Workday both rest on a human-review escape valve. Keep records β application date, JD, CV version, rejection notice (especially suspiciously fast or out-of-hours; the Mobley 1:50 a.m. rejection became evidence).
9. Use vendor bias-audit data. NYC LL144 forces vendors to publish bias audits β see iCIMS’s published position and the ACLU’s tracker of all published LL144 audits. If your group is shown disadvantaged, push harder on human review and make the screened elements unambiguous.
10. Strip protected-characteristic proxies. The ICO (Information Commissioner’s Office) November 2024 audit found tools inferring gender/ethnicity from names and disability from gaps; Wilson & Caliskan (2024) showed near-100% disadvantage for Black male-associated names. You can’t change your name, but you can deny the secondary proxies: explain gaps in plain text, omit school-leaver dates, no DOB, no marital status, no photo.
The Evidence
Those of you with a keen sense of the law of diminishing returns can stop here, but if anyone is still awake:
UK Law on AI Resume Screening
Core legal stack
UK law operates through three overlapping regimes, none AI (Artificial Intelligence)-specific.
Equality Act 2010 β anti-discrimination across nine protected characteristics. The key concept for AI screening is indirect discrimination (s.19): a neutral criterion that disadvantages a protected group and isn’t objectively justified. Liability is absolute on the employer β it cannot be passed to the ATS (Applicant Tracking System) or AI vendor. Confirmed in the DSIT (Department for Science, Innovation and Technology) Responsible AI in Recruitment guide.
UK GDPR (United Kingdom General Data Protection Regulation) and DPA 2018 (Data Protection Act 2018), regulated by the ICO (Information Commissioner’s Office):
- Article 22 β right not to be subject to solely automated decisions with significant effects. The DUAA (Data (Use and Access) Act 2025) (in force 5 February 2026) replaces the prohibition with Articles 22Aβ22D, permitting automated decisions on a legitimate-interests basis subject to transparency, contestability, and meaningful human intervention safeguards.
- Article 9 β special category data. The ICO has confirmed inferred data (ethnicity from name, disability from gaps) triggers Article 9, requiring explicit consent.
- Article 35 β DPIA (Data Protection Impact Assessment) mandatory before deployment.
HRA 1998 (Human Rights Act 1998) β applies to public sector employers, adding Article 8 (privacy) and Article 14 (non-discrimination) considerations.
Key UK guidance
- ICO AI Tools in Recruitment Audit Outcomes Report (Nov 2024) β most authoritative source; ~300 recommendations to audited vendors, all accepted. See press release and procurement guidance.
- DSIT Responsible AI in Recruitment (March 2024) β non-statutory but treated as standard of care.
- ICO Guidance on AI and Data Protection including the fairness chapter.
- House of Commons Library briefing.
Practical employer obligations
DPIA before deployment; lawful basis under Articles 6 and (if applicable) 9; transparency notice; contestability route; meaningful human review; bias monitoring on directly-collected demographic data; data minimisation; controller/processor allocation in vendor contracts.
Enforcement and consequences
ICO fines up to Β£17.5 million or 4% global turnover. Equality Act claims via Employment Tribunal β uncapped damages. No UK equivalent of NYC’s bias-audit law; UK relies on existing statutes plus guidance. No UK Mobley-equivalent yet, but firms are warning clients to expect tribunal claims on the same template β see Lewis Silkin, Slaughter and May, Osborne Clarke, Farrer & Co, A&O Shearman.
The EU AI Act (Regulation 2024/1689) classifies recruitment AI as high-risk; doesn’t bind Great Britain but applies in Northern Ireland and to UK vendors selling into the EU.
US (United States) Law on AI Resume Screening
Core legal stack
No federal AI statute β pre-existing civil rights statutes plus a fast-growing state/city patchwork.
Federal civil rights statutes, enforced by the EEOC (Equal Employment Opportunity Commission):
- Title VII Civil Rights Act 1964 β race, colour, religion, sex, national origin (covers disparate impact).
- ADEA (Age Discrimination in Employment Act 1967) β workers 40+.
- ADA (Americans with Disabilities Act 1990) + ADAAA (ADA Amendments Act 2008).
The EEOC’s 2023 technical assistance confirms the four-fifths rule applies to AI tools.
Mobley v. Workday β landmark case establishing AI vendors can be held directly liable as “agents” of employers. July 2024 ruling allowed agency theory to proceed; May 2025 collective certification covers all 40+ applicants since September 2020 β potentially millions of class members. See Fisher Phillips, Proskauer, Holon Law, University of Miami Law Review, Harvard Undergraduate Law Review, Quinn Emanuel, FairNow tracker. Harper v. Sirius XM (2025) tests the same theory under Title VII race grounds.
State and city laws
NYC LL144 (New York City Local Law 144) (in force July 2023) β most-cited specific AI-recruitment statute. Requires annual independent bias audit, public summary, 10 business days’ notice to candidates, alternative assessment for AEDTs (Automated Employment Decision Tools). Penalties modest ($500/$1,500). The narrow definition of “AEDT” (tools that substantially assist decisions) explains why Greenhouse refuses algorithmic ranking, while iCIMS (bias audit summary) and SmartRecruiters comply. Critical analysis in this Taylor & Francis paper.
The growing patchwork:
- Illinois AI Video Interview Act 2020 β consent and disclosure for AI video interviews.
- Maryland HB 1202 (House Bill 1202) (2020) β facial recognition consent.
- Colorado AI Act (SB 24-205) (Feb 2026) β high-risk AI framework with impact assessments and notice.
- Illinois HB 3773 (Jan 2026) β discriminatory AI use unlawful under Illinois Human Rights Act.
- California AB 2930 + CCRC ADS regulations β extends FEHA (Fair Employment and Housing Act) to AI tools, recognises intersectional discrimination.
- New York State, New Jersey, Texas, Washington, Tennessee β all advancing similar laws.
Federal regulatory activity
EEOC actively investigating; filed amicus brief in Mobley. iTutorGroup settlement (2023) β first AI hiring settlement, $365,000 for software auto-rejecting candidates by age/sex. OFCCP (Office of Federal Contract Compliance Programs) treats AI as selection procedures under UGESP (Uniform Guidelines on Employee Selection Procedures). ACLU complaint against HireVue/Intuit (March 2025) on AI video interview accessibility.
Practical employer obligations
Validate against UGESP; four-fifths rule adverse-impact analysis; NYC LL144 compliance if applicable; state-by-state patchwork (especially Illinois, Colorado, California); ADA-compliant alternatives; vendor liability allocation; meaningful human review (defends against Title VII and avoids Mobley delegation findings); selection records 1β2 years.
Enforcement and consequences
EEOC charges, federal litigation, or class certification (as in Mobley). Title VII compensatory/punitive damages capped $50,000β$300,000 by employer size. ADEA back pay uncapped + liquidated damages for willful violations. Mobley-style class actions could reach eight or nine figures.
Side-by-side comparison
| Dimension | UK | US |
|---|---|---|
| Primary legal framework | Equality Act 2010 + UK GDPR + DUAA | Title VII / ADEA / ADA + state patchwork |
| Specific AI-recruitment statute? | No β guidance-based (DSIT, ICO) | Yes β NYC LL144, Colorado AI Act, Illinois HB 3773 |
| Mandatory bias audit? | DPIA required; bias monitoring expected | Mandatory in NYC; spreading |
| Vendor direct liability? | Employer absolutely liable; vendor only via contract | Being established by Mobley under “agent” theory |
| Inferred protected characteristics | Article 9 UK GDPR captures inferred data | Covered by disparate-impact proxy analysis |
| Right to human review | Strong (Article 22 / DUAA 22Aβ22D) | Weaker (case-by-case under ADA accommodations) |
| Candidate transparency | Strong (UK GDPR 13/14 + DUAA s.80) | Weaker federally; specific in NYC, Illinois, Colorado |
| Maximum employer fine | Β£17.5 million or 4% turnover (ICO); uncapped tribunal damages | Title VII caps $50kβ$300k; ADEA uncapped back pay |
| Direction of travel | Form liberalising (DUAA), substance tightening | Tightening β state proliferation + Mobley |
Bottom line: UK exposure sits primarily on the employer, enforced through ICO + Employment Tribunal under absolute Equality Act liability. US exposure is increasingly being pushed onto vendors via Mobley-style agency claims, with NYC LL144 as the de facto template for the spreading state-level patchwork.