HR executives could be personally sued for how their organization uses AI, but there are ways to protect themselves
When an employment decision made with the help of an AI tool goes wrong, the question of who's legally responsible isn't always obvious. David Miklas, a Florida-based employment attorney with 27 years of experience advising HR leaders, says the liability exposure is more personal than most HR professionals realize.
"The employer will almost always have liability," Miklas said. "And believe it or not, the HR professional may actually have liability personally."
It's a reality that's easy to overlook as AI becomes standard practice across HR functions, from resume screening and candidate ranking to performance management and termination decisions.
When HR becomes personally liable
Miklas says the liability typically flows from three sources: failure to properly vet an AI vendor before deployment, failure to secure candidate consent where required, and failure to catch or address disparate impacts on protected groups. None of those failures require intent to trigger a claim. Negligence is enough to create exposure.
Miklas points to two federal statutes as particularly significant sources of risk. The Fair Labor Standards Act (FLSA) and the Family and Medical Leave Act (FMLA) both define "employer" broadly enough that they can reach individual HR professionals who exercise operational control over employment decisions.
"Both of those statutes define employer very broadly to the fact that it can even include a person acting directly or indirectly in the interest of an employer," Miklas said.
In practice, that means personal liability can be triggered when an HR professional blindly relies on automated tools rather than exercising meaningful oversight.
Miklas described a scenario involving FMLA. If an HR professional configures an AI system to automatically reject intermittent leave requests, or to flag protected medical absences as triggers for termination warnings, that professional can be sued individually for an FMLA violation, even if the AI made the decision automatically.
Miklas said the same logic applies to timekeeping. Automated systems that round employee hours or apply deductions based on predicted lunch behavior, rather than actual time worked, can create FLSA wage violations. If an HR professional approved or implemented those settings, they can be on the hook personally.
The risk extends to layoffs as well. If an AI tool is used to select employees for a reduction in force and disproportionately flags workers who are on FMLA-protected leave, the HR professional who ran that process can be individually named in an FMLA-related lawsuit.
The hiring discrimination risk
Hiring is another area where the discrimination risk is particularly visible. AI screening tools can introduce bias at scale, filtering out candidates from protected groups not through any deliberate intent but through patterns baked into the underlying data or the way a model was trained. As HRD America has reported, AI hiring tools can pass bias audits and still discriminate by race and role, meaning a clean audit report isn't necessarily proof of a clean tool.
Miklas noted that some jurisdictions have moved to regulate AI in hiring more specifically. New York City, for example, requires independent bias audits before employers can deploy automated decision tools, and failing to conduct one can expose an HR professional to individual liability.
The Workday case shows how quickly these claims can escalate. A federal judge allowed a landmark class action against the company to proceed, with the plaintiff alleging he was rejected from more than 100 positions at companies using the platform's AI screening tools. As HRD America has reported on the Workday bias case, the ruling made clear that algorithmic hiring decisions can carry real legal consequences.
The consent and confidentiality traps
Miklas flags two additional risk areas that get far less attention than they deserve.
The first is consent. In states with two-party or all-party consent requirements, including Florida, AI note-taking software used in interviews requires affirmative disclosure.
"If you're interviewing someone and you don't have something that pops up and says, if you continue on with this interview, you consent to it being recorded or to AI transcription, that could be a violation," Miklas said.
The second issue is confidentiality. Miklas describes a pattern he's seeing where managers upload confidential performance reviews, personnel records, and sensitive documents into open AI platforms like ChatGPT to speed up routine tasks, and says it's something HR should be policing.
If protected information gets uploaded to a public AI tool, an employer's ability to later claim that information was a trade secret or confidential can be seriously undermined. Courts have found that uploading material to an open platform is inconsistent with treating it as confidential. According to a Resume Now survey released in May, more than half of workers are using AI tools their employer hasn't approved, in many cases sharing confidential business information with external systems.
Miklas says every employer with a handbook should have an AI policy in place, and not a vague one. The policy should identify which tools are permitted, what they can be used for, and who to contact with questions. He notes that even the prompts employees enter into AI platforms may be discoverable in litigation.
"At this point in 2026, every single employer that has an employee handbook should have an AI policy," he said.
How HR professionals can protect themselves
Miklas says there are concrete steps HR professionals can take to protect themselves once they understand the risks, starting with one most haven't considered.
The first is insurance. Standard general liability and workers' compensation policies don't cover AI-related employment liability, and Miklas says what most HR professionals don't realize is that they may need their own coverage. The starting point is Employment Practices Liability Insurance, known as EPLI. Many corporate EPLI policies define "insured" broadly enough to cover HR staff acting within the scope of their duties, but Miklas says professionals should verify that their policy's definition actually includes them, not just the company's directors and officers.
One gap worth knowing about is that EPLI typically covers FMLA-related issues but often excludes FLSA wage and hour violations explicitly. That matters because the timekeeping and overtime scenarios Miklas described earlier fall squarely into FLSA territory.
For HR professionals who find their company's EPLI policy doesn't cover them, or whose employer won't purchase one, Miklas recommends looking at errors and omissions insurance. It can be negotiated as part of a compensation package, or secured individually.
The other protection Miklas recommends is a formal corporate indemnification agreement. This is a contractual commitment from the employer to advance defense fees and cover judgments on behalf of the HR professional, provided they acted in good faith. It's the kind of agreement he encourages HR professionals to negotiate before taking on any high-risk AI implementation.
The broader picture for HR leaders grappling with AI governance is one of compounding exposure. The tools are moving fast, and the legal frameworks are still catching up. But as the EEOC has made clear in its guidance on AI and employment discrimination, existing anti-discrimination law will apply. The person who configured the system, approved the vendor, or signed off on the AI-assisted termination can find themselves personally named in the lawsuit.
"There are definite risks," Miklas said. "The smartest thing would be for HR to identify these risks. And if the powers that be decide to keep doing it, even if HR isn't comfortable with something, then the backup is to make sure there's coverage that covers those things."