TL;DR: Mobley v. Workday (N.D. Cal.) is now the leading case on AI hiring vendor liability. A July 2024 ruling found Workday can be liable as an employer's agent under federal law. A June 22, 2026 ruling added California FEHA liability, finding that AI tools designed and operated from California headquarters are subject to FEHA because the discriminatory conduct occurred in California. Employers and vendors face dual exposure. Seven steps every HR team must take before the next AI-screened hire.
The Workday AI Lawsuit: What Every HR Team Using AI Screening Must Do Now
Mobley v. Workday has moved from complaint to active collective litigation. In May 2025, a federal court granted preliminary certification of a nationwide collective action under the Age Discrimination in Employment Act, covering applicants aged 40 and older who were screened by Workday's tools. What makes the case significant is not just that AI screening was challenged. In an earlier July 2024 ruling, the court allowed claims against the AI vendor itself: Workday can potentially be liable as an "agent" of the employers using its software under federal employment discrimination law, not just as a neutral software provider passing tools to customers. In March 2026, the court rejected Workday's argument that the ADEA does not cover job applicants, keeping the case on track.
If you use any AI tool to screen applications, shortlist candidates, or score resumes, this case changes what your compliance checklist needs to cover. The legal theory that shielded vendors is cracking, and employers remain fully exposed.
What the Workday case actually said
Derek Mobley applied to over 100 positions at companies using Workday's AI screening system. He was rejected by that system each time. His claim: the tool discriminated against him on the basis of race, disability, and age, violating Title VII of the Civil Rights Act, the Americans with Disabilities Act, and the Age Discrimination in Employment Act.
The Northern District of California granted preliminary collective certification in May 2025. That is a meaningful legal threshold. It means the court found the proposed members were plausibly subject to a common policy with an alleged disparate impact, allowing the ADEA claim to proceed on a collective basis across potentially millions of applicants aged 40 and older. The collective was later clarified to include applicants screened by Workday's HiredScore AI features.
The court's key finding went beyond anything in prior AI hiring cases. Workday's system was not, in the court's view, a neutral intermediary that employers simply chose to use. The court found it could be treated as an "agent" of employers under employment discrimination law because it actively participated in screening decisions. It did not merely provide a database; it made recommendations that employment decisions turned on.
Employment decisions made by an AI are still employment decisions. That is the court's reasoning, stated plainly. An algorithm sorting and ranking applicants is performing a function that, had a human done it, would carry full legal accountability. The AI wrapper does not create a compliance gap.
The EEOC has held this position since at least 2022. In its technical assistance documents, the agency stated clearly that employers cannot shift their discrimination liability to AI vendors. The Workday case adds a new dimension: it suggests the vendor may share that liability, not that the employer's liability shrinks.
June 22, 2026: California state law extends the agent theory
On June 22, 2026, Judge Rita F. Lin issued a further ruling in Mobley v. Workday that opened a second front: California's Fair Employment and Housing Act. The ruling matters beyond the Workday case itself because of the theory the court accepted for extending state law to non-California employers.
Workday argued that its FEHA liability as an agent should depend on whether the employer-customers who used its software were themselves liable under FEHA. The court rejected this. Under California law, the court reasoned, a vendor acting as an agent in employment decisions is directly liable for discriminatory outcomes, regardless of whether the employer is also liable or whether the employer is even subject to California law.
The jurisdictional hook is significant. The plaintiffs argued, and the court agreed, that Workday's AI tools were "designed, developed, maintained, and controlled from its California headquarters" and that the "screening, scoring, and rejection" of their applications "originated in and was carried out from California." Because the discriminatory act, the AI scoring, happened in California, FEHA applied even to applicants who never worked in California and whose prospective employers were not California companies. The court explicitly rejected the label "extraterritorial application" — it found FEHA was applying to California conduct, not reaching outside the state.
This is not a Workday-specific exposure. The same theory applies to any AI hiring vendor that designs or operates its systems from California. Eightfold AI (Santa Clara, California) faces this question directly given its California headquarters. Any vendor whose AI model was built or is operated from California has the same potential nexus — regardless of where the company's legal address sits.
For employers, the June 22 ruling creates a practical obligation: find out where your AI hiring vendor's engineering and AI operations are actually located. "Headquartered in [state X]" is not the same as "designed and operated from [state X]." If the AI model was built in California, even by a vendor headquartered elsewhere, the FEHA theory may apply.
The FEHA is also more plaintiff-friendly than the federal framework in several ways. It covers employers with five or more employees, compared to Title VII's fifteen-employee threshold. Damages are broader. An employer in Ohio using a California-built AI hiring tool is not automatically exposed to FEHA liability. But they now have reason to ask questions they probably were not asking before June 22.
The Eightfold case: a separate problem
Mobley v. Workday is not the only AI hiring lawsuit to watch. In January 2026, a separate class action was filed against Eightfold AI, one of the larger AI talent intelligence platforms used by enterprise employers.
The Eightfold claim is different in kind. It does not focus on discriminatory outcomes but on data collection. The lawsuit alleges that Eightfold compiled and scored profiles on over one billion workers, drawing on employment history databases, public records, and other external sources, without providing the disclosures required by the Fair Credit Reporting Act. Workers whose career opportunities were affected by these scores never received notice. They did not know a profile existed, let alone that it influenced whether they were surfaced to employers.
This matters to HR teams for a specific reason. If your AI hiring vendor is using externally sourced data to build candidate profiles, you may have FCRA obligations regardless of whether you know exactly where the data came from. The FCRA framework applies when an employer uses a "consumer report" to make employment decisions. The question of whether AI vendor output qualifies as a consumer report is now directly before the courts.
For FCRA details on what triggers disclosure requirements and what notices are required, see our companion article on FCRA and AI hiring disclosure requirements.
7 steps HR teams must take now
Step 1: audit which AI systems touch hiring decisions
Start with an inventory. List every AI-assisted tool involved anywhere in the hiring process: resume screening, application scoring, video interview analysis, background check processing, skills assessment scoring, and any ranking or shortlisting features within your ATS. Tools to check include Workday Recruiting, Greenhouse, Lever, HireVue, Pymetrics, Eightfold, and any LinkedIn Recruiter AI features your team uses.
If AI touches the decision at any stage, it is in scope.
Step 2: get your vendor's discrimination audit results in writing
Request a formal response from each vendor: Has this tool been tested for disparate impact across race, sex, age, and disability groups? Do you have an independent audit report? When was it last run?
If the vendor cannot produce a bias audit, treat the tool as unaudited. Restrict its use to low-stakes early filtering stages and never let it serve as the sole reason a candidate exits your pipeline.
Step 3: add human review at every rejection point
AI screening can continue as a filter. Every rejection that ends a candidate's progress in your hiring process must have a human reviewer confirm the decision. That review should be documented: who reviewed it, when, and on what basis.
This step does two things. It gives you a human accountability layer if a rejected candidate files a discrimination complaint. It also creates the documentation trail that demonstrates your process was not purely algorithmic.
Step 4: check your vendor contract for discrimination liability terms
Most SaaS vendor agreements include broad disclaimers of liability for employment law violations. Those disclaimers have historically been difficult to challenge. After Mobley v. Workday, that calculus is shifting. Vendors may now carry their own legal exposure, which gives you more bargaining power in contract negotiations.
Ask your vendor to add language acknowledging joint responsibility for EEOC compliance and for providing the data you need to conduct your own disparate impact analysis. If the vendor refuses, make sure your legal team understands your indemnification position.
Step 5: review FCRA disclosure obligations if your vendor uses external data
If your screening tool draws on data beyond what the candidate directly provided (employment history from third-party databases, social media profiles, public records), you may have FCRA obligations. These include a standalone written disclosure to the candidate before ordering the report, written authorization from the candidate, a pre-adverse action notice with a copy of the report if you plan to reject, and a final adverse action notice after a waiting period.
Talk to employment counsel about whether your current process meets these requirements. Do not assume the vendor is handling FCRA compliance on your behalf.
Step 6: document the role AI played in each hiring decision
For every position where AI screening was used, maintain a record of: which tool was used, what output it produced (score, recommendation, ranking), what human review occurred, and what the final hiring decision was with the rationale. Store these records separately from general interview notes.
This documentation is your primary defense if a rejected candidate files a charge with the EEOC or a state agency. Without it, you cannot demonstrate that a human exercised independent judgment.
Step 7: train your HR staff on the tool's limits
Your HR team should understand what the tool measures, which characteristics it is prohibited from using, how to override its recommendations, and what to do if they believe the tool produced a suspicious outcome. Annual training is table stakes. Make sure the person conducting a final hiring review knows they are exercising genuine judgment, not just ratifying the algorithm.
What "the algorithm did it" actually means legally
The Workday case makes this explicit in a way that prior agency guidance did not fully resolve. If your AI screening tool produces discriminatory outcomes, pointing to the vendor's algorithm is not a defense. Employers remain liable for the decisions their tools make.
This has been the EEOC's position since 2022. What is new is that the vendor may now share that liability at the same time. But shared vendor liability does not reduce employer exposure at all. Both parties can be liable together. You are not protected because Workday is also a defendant.
The four-fifths rule remains the practical benchmark for disparate impact. If any protected group is selected at less than 80% of the rate of the highest-selected group, that disparity is evidence of discrimination. Apply that test to your AI screening data yourself. Do not wait for a complaint to find out.
A note on Illinois, EEOC, and state AI hiring laws
Illinois has the most specific statutory requirements for AI in hiring. The Illinois AI Video Interview Act requires employers to notify applicants before using AI to analyze video interview recordings, obtain written consent, and prohibits using AI analysis as the sole basis for a hiring decision. The Illinois AI employment disclosure law provides a full breakdown.
New York City Local Law 144 requires an annual independent bias audit of any automated employment decision tool used for NYC-based positions, with results published publicly. The audit must cover race, sex, and intersectional categories.
Several more states are moving similar legislation in 2026. Colorado's AI disclosure framework takes effect January 1, 2027. Connecticut enacted SB 5 (Public Act 26-15) in June 2026; its automated employment decision technology framework, including the rule that use of such a tool is not a defense to a discrimination claim, takes effect October 1, 2026, with disclosure and pre-decision notice obligations following on October 1, 2027.
The EEOC AI hiring guidance checklist covers what federal compliance looks like under current law, including the four-fifths analysis and recordkeeping expectations.
For a full vendor-level due diligence process, see the AI vendor due diligence checklist. For a broader governance framework across your organization's AI use, see the HR AI governance and hiring decisions guide.
The Workday case is not a reason to stop using AI in hiring. It is a reason to stop treating the vendor contract as a liability firewall. The compliance obligation is yours. Start there.
Related Reading
-
AI Hiring Compliance for Small Teams: The Complete Guide (2026)
-
AI Hiring Tool Compliance 2026: NYC, Illinois, Connecticut, Colorado: St
-
Colorado AI Act Overhaul: What Employers Must Know About SB 26-189 Befor
-
AI Bias Audit Requirements by State (2026): NYC, Colorado, Minnesota, Ne
-
California ADMT compliance for employers: pre-use notice and risk assessment templates
-
Apple vs OpenAI Trade Secret Lawsuit: 7 AI Offboarding Gaps It Exposed
