TrueStep HR
Browse Tools
Preview of the AI in HR Policy and Risk Checklist
The scored risk checkSet five plain factors for each tool, decision stakes, human control, data used, jurisdiction, and vendor testing, and the workbook scores it out of ten and rates it Low, Medium, or HighXLSX

Real pages from the kit files. Example tools and details are illustrative.

AI policy and risk kit

AI in HR Policy and Risk Checklist

Put one written policy behind every AI tool that touches hiring or HR, and a risk check in front of it. Inventory the tools you use, score each one Low, Medium, or High from five plain questions, adopt a policy your team can follow, and keep the notices, testing, and reviews on a tracker, with the kit marking where to bring in counsel.

$89USD

One-time purchase, no subscription. Instant download.

Built by expert HR practitioners and leaders

  • A Field Guide to AI in HR: where AI shows up across hiring and HR, the five risks that create liability, the federal spine and the four-fifths rule, the state, local, and EU layer, and the six governance moves a small team can run
  • An adoptable AI policy: a seven-section policy in Word with fill-in fields and owner notes, covering allowed and not-allowed uses, human review of consequential decisions, notice, bias testing, data, records, and vendors
  • A scored risk check for every tool: five plain factors, decision stakes, human control, data used, jurisdiction, and vendor testing, give each tool a score out of ten and a level of Low, Medium, or High, before you approve it and again when it changes
  • A register and a governance tracker: one list of every AI tool in use with an owner, a status, and a risk level, and a tracker for the notices, bias testing, audits, and reviews that recur, ten standing actions included
  • Vendor due diligence and a decision record: the questionnaire to send before you sign, covering the data, the bias testing, the audit, and the overrides, and a one-page record of who approved each tool and why

The kit structures the inventory, the scoring, and the record. It does not approve a tool for you, and it routes the legal calls to qualified counsel.

One-time purchase Instant download Editable files 14-day guarantee

A policy, checklists, and a risk workbook, and general business information, not legal or tax advice. The rules for AI in hiring and HR are new, vary by state and city, and change quickly, so confirm the current requirements everywhere your people work, and bring in qualified counsel before an AI tool factors into a hire, pay, discipline, or a termination, or where a specific AI law reaches you.

Not the right fit? Take the 60-second match.

Last reviewed June 2026

Buying for clients or multiple entities? The White-Label tier is in the license.

One-time purchaseNo subscription
Instant downloadFiles you keep
Editable filesExcel, Word, PDF
14-day guaranteeMoney back
Secure checkoutSSL encrypted
What you get

Four files that put a policy behind your AI tools and a check in front of them

Read the Field Guide first for the lay of the land. Adopt the policy so the rules are written down, list your tools on the register, score each one through the risk check, and keep the recurring work on the tracker. Built to be used together.

PDFStart here

Start Here

A one-page map that sets the order: read the Field Guide, adopt the policy, list your tools on the register, score each one, track the recurring work, and confirm the rules everywhere you hire. It also carries the habit behind the kit, treat each tool the way you would treat a new manager.

PDFRead first

The Field Guide (14 pages)

The plain-language map in twelve sections: you own what the tool decides, what counts as AI in HR and everywhere it shows up, the five risks, the federal spine and the four-fifths rule, the state and local layer, the EU AI Act and who it reaches, six governance moves, the risk check, vendor due diligence, notice and human oversight, and the review cadence and when to get help.

DOCXWord

The Policy and Checklists

A seven-section policy written to be adopted, with shaded fill-in fields and owner notes, covering principles, allowed and approval-first and not-allowed uses, human review, notice, testing and audits, data and records, and vendors. Plus three working checklists: a per-tool AI risk assessment, a vendor AI due diligence questionnaire, and an AI decision record.

XLSXExcel

The AI Risk Workbook

The working system: an AI Tool Register for every tool in use, a Risk Assessment that scores each one from five factors, a Governance Tracker with ten standing actions for the notices, testing, audits, and reviews, and a plain-language Definitions tab. It works in Excel or Google Sheets, with a worked example through the tools.

How it works

The method in the order the system runs

Name the tools, score the risk, write the policy down, vet the vendors, and keep it alive on a cadence. The kit structures each step; you make the calls, and counsel covers the close ones.

STEP 01

Read the landscape, then name every tool

Read the Field Guide once for the lay of the land: the risks, the federal spine, and the state, local, and EU layer. Then list every AI tool that touches an HR decision on the register, including the AI features quietly added to tools you already had. You cannot govern what you have not named, and a tool that is not on the list has not been vetted.

STEP 02

Score each tool from five plain questions

Run each tool through the Risk Assessment: the stakes of the decision it touches, how much a person is really in control, the data it uses, whether your people sit in a regulated location, and what the vendor can show for its testing. Each factor adds zero, one, or two points toward a score out of ten and a level of Low, Medium, or High, and a tool that decides alone with no override is High no matter what else.

STEP 03

Adopt the policy and name an owner

Open the Word file, fill in the shaded fields, and act on the owner notes. Set the uses that are allowed with normal review, the ones that need written approval first, and the ones that are not allowed, and name a real person to own the policy and the tool list. Have it reviewed before you adopt it, then put the version and date on the record.

STEP 04

Vet the vendor and keep the record

Send the due diligence questionnaire before you sign: what the tool does, the data it uses and keeps, how it was tested for bias, whether you can get a current audit, and whether a person can override it. A claim in a brochure is not an audit, so ask for the actual evidence and file the answers with the tool entry, and record each approval on the decision record.

STEP 05

Give notice, keep a person on the call, and review on a cadence

Tell candidates and staff when an AI tool is part of a decision, where a law requires it and as a fair default everywhere, and be ready to offer an alternative or a human review. Keep meaningful review on every consequential decision, a named person with a real way to say no. Then re-run the check at least once a year, whenever a tool changes, and on the tracker, confirm the rules for every place you hire.

The standard

Every tool named, scored, and on the record

AI in HR goes wrong in patterns: a tool nobody listed, a review that rubber-stamps, no notice, a vendor claim taken on faith, and rules assumed to sit still. The fix is a small system, an inventory, a repeatable risk check, a written policy, notice, and a review date, and this kit gives you all of it, with the moments to stop and get qualified help marked.

You own what the tool decides. Across federal and state law, the employer carries the liability for a discriminatory outcome even when an outside vendor designed or ran the software, and the federal yardstick is older than every AI law on the books: the four-fifths rule was set in 1978. The newer layer moves fast. New York City can fine an ongoing audit or notice failure up to $1,500 per day after a $500 first violation, five states and cities now regulate AI in employment, and more pass measures each session, so the durable pattern is the one the kit builds: test for bias, tell people, and keep a person in charge of the call.
Inventory first: you cannot govern what you have not named. List every AI tool that touches an HR decision, including the AI features quietly added to tools you already had, an applicant tracker that ranks, a scheduler that optimizes, a dashboard that flags. A tool that is not on the register has not been vetted, and is not approved.
Human review means a real way to say no. A manager who clicks approve on every recommendation is not oversight; that is the tool deciding with a human signature. For any decision that affects a job, name who reviews the output, give them the authority and the information to disagree, and expect them to use it sometimes.
Treat agency mood as weather and the statutes as climate. Federal guidance on AI has come and gone, and a December 2025 federal executive order directs challenges to some state AI laws, but Title VII, the ADA, and the ADEA apply to an AI decision exactly as they apply to a human one, and disparate impact still applies. Build to the climate, and confirm the current state rules before you rely on a tool.

The kit tells you when to call a lawyer

Most AI tools can be governed in-house with the register, the risk check, and the policy. Some moments sit near a legal line, and the kit marks them, so you get qualified input before a tool affects a real decision. Advice before you act is far cheaper than defending an outcome after.

Before an AI tool factors into hiring at scale, pay decisions, discipline, or a termination Before you operate where a specific AI law reaches you: a New York City bias audit, Illinois notice, California or Colorado duties, or anything touching the EU A candidate or employee challenges an AI-influenced decision, or asks for an alternative or a human review and you are unsure what applies A selection pattern that could be a disparate impact, or a tool that screens out a protected group at a different rate AI anywhere near a denied accommodation, a medical or disability question, or video, biometric, or other sensitive data A vendor cannot or will not produce its bias testing or audit, and you are deciding whether to rely on the tool anyway

Who does what

Governing AI in HR splits the work between you, the kit, and your counsel. Here is the split, stated plainly.

  • The kit structures the system; you run it. The register, the risk check, the policy, and the tracker organize the work and keep it consistent. Naming the owner, filling the register, and keeping the cadence are yours to do.
  • The workbook scores the risk; you make the call. Five factors give each tool a score and a level. A High result is a prompt to pause and dig in, and a Low result is routine use with normal records, never a clearance to stop watching.
  • The kit flags the legal lines; counsel rules on them. An AI tool near a hire, pay, discipline, or an exit, a possible disparate impact, or a specific law that reaches you is a signal to get qualified input. The kit tells you when a matter needs a lawyer; counsel tells you what to do about it.
  • The kit gives you the jurisdiction starting point; counsel confirms your locations. The Field Guide maps the federal spine and the most active state, local, and EU rules as of its review date, and they are moving. Current requirements for every place you hire are confirmed with qualified counsel before you rely on them.
  • The kit keeps the record, and the record is the point. A named register, a scored check, a written policy, vendor answers on file, and a decision record for each approval are what a defensible AI program looks like on paper.
Is this for you

Who it is built for

Who this kit fits, and where to go if that is not you.

Built for

  • An HR generalist, manager, or business owner whose applicant tracker, scheduler, or review tool quietly added AI features, and who wants a policy behind those tools and a check in front of them before something goes wrong.
  • An HR team of one, or a small HR function, that needs one consistent way to vet, approve, and track every AI tool across hiring and HR, instead of deciding each one from scratch.
  • An operations or people leader who has to answer for how AI is used on candidates and staff, and wants the register, the scores, and the approvals on a record someone can defend.

If you are looking for

  • A formal bias audit of your hiring tools, with a selection-rate log built on the four-fifths rule and ready candidate notices. The AI Hiring and HR Governance Kit drills into that audit; this kit sets the policy and the risk check across all of HR.
  • EU-specific obligations under the AI Act, because you operate in the EU or use AI on people there. The EU HR AI Risk Checklist is built for that path.
  • The broader compliance calendar, deadlines, postings, and document audits beyond AI. The HR Compliance Calendar and Document Audit Kit covers that ground.
Questions

Before you buy

What format are the files and can I edit them?
The Field Guide and the Start Here are print-ready PDFs, the Policy and Checklists are an editable Word file, and the AI Risk Workbook is an Excel file that also works in Google Sheets. Everything is yours to keep and adapt. Fill in the shaded policy fields, replace the example tools in the workbook with your own, and reuse the checklists for every new tool.
Is this legal advice?
No. It is general information and a working system for planning. The rules for AI in hiring and HR are new, vary by state and city, and change quickly, and the kit marks where to bring in employment counsel rather than determining that any tool or policy complies with the law. Take anything involving AI in hiring at scale, pay, discipline, a termination, or a specific AI law that reaches you to a qualified employment attorney before you act.
We only use one or two AI features inside tools we already had. Is this overkill?
That is the exact case the kit is built for, because quiet features are how AI arrives: resume scoring inside the applicant tracker, shift suggestions in the scheduler, a flag on the performance dashboard. The honest test the Field Guide gives you is one question, could its output change a decision about a person. Listing two tools on the register and scoring them takes minutes, and it is the difference between a feature you are using on purpose and one you would have to explain after the fact.
How is this different from a free AI policy template?
A free template gives you a document. This is a working system: the Field Guide that maps the risks and the rules, a policy with fill-in fields and owner notes so it can be adopted rather than just saved, a scored risk check you repeat for every tool, a vendor due diligence questionnaire, a decision record, and a governance tracker with the recurring work already listed. It is built on how AI tools fail in practice, and it marks the moments to stop and get counsel.
Does it cover the laws in my state?
At the level a national kit can. The Field Guide maps the federal anti-discrimination spine and the most active state and local rules as of its review date, New York City, Illinois, California, Colorado, and Texas, plus the reach of the EU AI Act, and the Governance Tracker carries a standing action to confirm the rules for every state and city you hire in. Because these laws are new and moving, the kit routes you to confirm the current requirement for your locations rather than stating it as settled.
What is the refund policy?
Digital products are covered by a 14-day money-back guarantee. See the refund policy for the full terms.
What happens after I buy?
Checkout delivers an instant download link, and a receipt with the same link arrives by email. Open the Start Here page first, then read the Field Guide before you adopt the policy or rely on a tool. If a file gives you trouble, email support@truestephr.com.
Can I expense this purchase to my business?

Most customers buy TrueStep HR tools for business use, and a tool you use for work often qualifies as a deductible business expense. Whether it does for you depends on your situation, so confirm with your accountant or tax professional. Your receipt arrives by email at checkout and works as documentation.

Free guide

The 6 red flags to check before you discipline or fire someone

A five-minute screen that catches the most common and most expensive people-decision mistakes before they happen. Free PDF, sent to your inbox. Unsubscribe anytime.

Get the kit

Put a policy behind your AI tools and a check in front of them

Name every tool, score the risk, adopt the policy, vet the vendors, and keep the notices and reviews on a tracker, in files you keep, with the kit telling you when to bring in counsel.

$89
One-time purchase, no subscription

A policy, checklists, and a risk workbook, not legal or tax advice. Last reviewed June 2026.