New Jersey has no AI Act — but your AI hiring tools are now squarely liable

New Jersey never passed a standalone “AI Act.” If you have been scanning the bill trackers waiting for one, you can stop — it is not coming, and that is precisely why New Jersey is so easy to underestimate. Instead, the state did something quieter and arguably sharper: it pointed its existing civil-rights law at algorithmic decision tools and, in December 2025, codified the most comprehensive state-level disparate-impact rules in the country. If an AI tool helps you hire, screen, or rank people, you are already inside the regulated zone — and an individual can sue you for it directly.

This is the “enforcement through existing civil-rights law” model, the same posture Illinois has long taken. The difference is that New Jersey has now hardened it with written rules that explicitly reach automated employment tools, backed not just by a regulator but by private lawsuits. The result: there is no new statute to comply with, and that is the trap. The obligations are real, they apply today, and they turn on outcomes you may not even be measuring.

The vehicle: the Law Against Discrimination, not a new bill

New Jersey regulates AI through the New Jersey Law Against Discrimination (LAD) — the state’s long-standing civil-rights statute — via two actions. First, on January 9, 2025, the New Jersey Attorney General and the Division on Civil Rights (DCR) issued formal guidance making clear that the LAD applies to algorithmic discrimination from automated decision tools. It applies across the tool’s design, training, and deployment, exactly as it applies to any other form of discrimination. There was no grace period and no audit mandate written into the guidance — covered entities were expected to comply immediately, and testing was strongly implied.

Second, on December 15, 2025, the DCR formally adopted disparate-impact rules, codified at N.J.A.C. 13:16. These are described as the most comprehensive state-level disparate-impact regulations in the country, and they are not limited to employment — they span employment, housing, places of public accommodation, credit and lending, and contracting. For most companies the employment provisions are where the immediate exposure sits.

How disparate impact works here

The framework is a classic burden-shifting analysis, and understanding it is the whole game. A complainant first shows that a facially neutral practice — including an automated tool — produces a disproportionate adverse effect on a protected class. At that point the burden shifts to you, the respondent. You must prove the practice is necessary to achieve a substantial, legitimate business interest, and that no equally effective, less-discriminatory alternative exists.

Read that again, because it is the part most teams miss: once a statistical disparity is shown, the law presumes against you and makes you justify the tool. “The vendor said it was validated” is not that justification. You carry the burden of proving necessity and the absence of a better, less-discriminatory option — which you cannot do without your own outcome data.

What counts as an automated tool — broadly

The rules reach automated employment decision tools and they define them broadly: any software, system, or process that aims to automate, aid, or replace human decision-making relevant to employment. That sweep is deliberate and wide. It includes:

• Resume-screening algorithms that filter or rank applicants.
• “Online application technology” that screens applicants by criteria such as scheduling availability.
• Facial-analysis and video-based assessment tools.
• Any tool that generates scores, rankings, predictions, classifications, or recommended actions about candidates.

Two things make this scope unusually hard to escape. First, these tools receive the same disparate-impact analysis as a human decision — automating a judgment does not launder it. Second, the rules regulate by function, not by label. They do not turn on whether a vendor calls something “AI” or “machine learning.” If it aids an employment decision, it is in scope, full stop. You cannot argue your way out by claiming the tool is “just a filter” or “not really AI.”

The point that changes everything: effort is not a defense

Here is the provision that should reshape how you think about vendor tools. Taking “reasonable steps” to ensure compliance is not a complete defense if those steps do not actually prevent or mitigate the disparate impact. You can be held liable for a tool’s discriminatory outcome even if you did not build the tool, and even if you took reasonable-but-ineffective steps. Effect governs, not effort.

This is the opposite of a checkbox regime. In many frameworks, documenting a good-faith process gives you cover. Not here. If the outcome is discriminatory, your diligence file does not save you. The only thing that actually protects you is outcomes-based bias testing and correction — measuring whether the tool produces disparate results, and fixing or replacing it when it does. And because liability attaches to the user, not only the builder, the vendor’s assurances are not your shield.

What to do now

• 1. Inventory every automated tool that touches hiring. Resume screeners, application filters, video or facial-analysis assessments, scoring and ranking engines — including vendor tools running behind your own brand. You cannot test or defend a tool you have not inventoried.
• 2. Run outcomes-based bias testing. Measure each tool for disproportionate adverse effects across protected classes. Effort is not a defense; only results are. This is the work that actually protects you.
• 3. Build the necessity-and-alternatives record. For each tool you keep, document the substantial, legitimate business interest it serves and your search for an equally effective, less-discriminatory alternative — the exact burden the LAD shifts onto you.
• 4. Stop relying on vendor validation alone. Liability attaches to you as the user. Demand outcome data, contractual support, and your own independent testing — not just a vendor’s assurance.
• 5. Treat the private right of action as the real risk. Plan for individual lawsuits, not just regulator inquiries, and make sure counsel and HR are aligned on what your testing shows.

An honest limitation

We are summarizing a framework, not giving you a verdict on any specific tool. Whether a given screener produces a disparate impact is a fact-specific, statistical question that depends on your applicant pool and your data — we cannot answer it in the abstract, and neither can your vendor. The N.J.A.C. 13:16 rules are new as of December 2025, and the contours of how courts and the DCR apply them will develop. What will not change is the structure: the burden shifts to you once a disparity is shown, effort is not a defense, and a private plaintiff can put all of it in front of a court. You can only meet that burden with evidence you have actually gathered.

New Jersey is the cleanest example of a state that regulates AI without ever naming it — existing civil-rights law, now hardened with codified disparate-impact rules and a private right of action. Vendor-supplied hiring tools are the main exposure, and because outcomes govern, the protective work is concrete: inventory the tools, test the results, and keep the record that proves necessity. It is the same discipline that protects you everywhere — know which AI makes decisions about people, and make sure each one can be defended by its effect, not its paperwork.

This briefing is general information from Sentinel Assurance Group, not legal advice. Regulatory dates and requirements change — we maintain these briefings, but verify against primary sources and counsel before acting. Last reviewed June 11, 2026.

See how a Gap Assessment maps your exposure →