Bias built in, or accountability building? AI systems encode the values and blind spots of their training data. The harm shows up in hiring tools, hairstyle assessments, and credit scoring. The accountability mechanisms — in courts and legislatures — are beginning to catch up.
Craig Stanley Studio · The Debate · Issue 03 of 09 · craigstanley.work
AI systems don't have values — they have training data. That data reflects the world that produced it: its hiring patterns, its credit decisions, its hairstyle preferences, its historical inequalities. The question is not whether AI can be ethical in the abstract. It is whether the accountability mechanisms that exist are sufficient to catch the bias before it causes harm — and whether they currently arrive before or after the damage is done.
The evidence from 2025–2026 is that they largely arrive after. The Workday case — a federal judge allowing a collective action to proceed under the Age Discrimination in Employment Act in May 2025 — is a textbook illustration of the sequence: deploy, discriminate, litigate. The hairstyle scoring study, published August 2025, found that AI tools rated braids and natural Black hairstyles as lower in "intelligence" and "professionalism" than other styles. No one built that bias in deliberately. It emerged from training data that reflected a world where that prejudice already existed.
The regulatory response is real and accelerating. Colorado's SB 24-205, effective June 2026, is the first binding US state legislation requiring risk assessments and transparency notices for high-risk AI in hiring. South Korea's AI Framework Act is in force. The EU AI Act is in phased rollout. But laws are retrospective instruments applied to forward-moving systems: by the time legislation reaches the deployment it was designed to address, the next generation of tools is already in the field.
The sourced claims on both sides. The left column documents harm that has already occurred. The right column documents the accountability mechanisms being built in response. The gap between them — temporal as much as legal — is what this issue is about.
May 2025: a federal judge allowed a collective action to proceed under the Age Discrimination in Employment Act, alleging Workday's AI screening tools disproportionately disadvantaged job applicants over 40. The case is the most significant US legal test of employer liability for third-party AI tools in the hiring pipeline.
August 2025 study: major AI tools rating hairstyle images gave braids and natural Black hairstyles lower scores for "intelligence" and "professionalism" — bias encoded into assessments that appear neutral and objective to the end user deploying them.
Employers are fully liable under Title VII for AI hiring tools that produce a "disparate impact" on protected groups — regardless of whether they purchased the tool from a third-party vendor. The vendor relationship is not a defence. The harm accrues to the employer who deployed the tool.
Training data reflects historical discrimination. A model trained on past hiring decisions will re-encode the biases of those decisions unless those biases are explicitly identified and corrected before training. Most commercial hiring tools do not publish their correction methodology — or confirm that one was applied.
Colorado SB 24-205, effective June 2026: comprehensive requirements for employers using high-risk AI in hiring — mandatory algorithmic impact assessments, transparency notices to candidates explaining AI involvement in decisions, and "reasonable care" obligations. The first binding US state-level rule of its kind.
South Korea enacted the AI Framework Act, effective January 2026, mandating fairness and non-discrimination across AI systems used in healthcare and public services — establishing national standards for algorithmic accountability outside the EU and US frameworks.
The EU AI Act is in phased rollout 2024–2026, banning specific high-risk applications outright and requiring conformity assessments for others. Early audit findings are producing empirical evidence of bias — feeding directly into ongoing litigation and strengthening plaintiffs' discovery positions.
The Workday lawsuit and Colorado legislation illustrate the same structural dynamic: harm manifests at deployment, accountability arrives at litigation. That sequence — deploy, discriminate, litigate — is exactly what pre-deployment audit requirements are designed to interrupt. The question is whether the lag can be closed.
Whether regulation can keep pace with deployment is genuinely uncertain — laws take years to draft, pass, and enforce; models deploy in weeks and update continuously. But the direction of travel is clear. The Workday case, the Colorado legislation, and the hairstyle study are all evidence that the harm was already encoded in the system by the time it was deployed.
Pre-deployment accountability — mandatory audits, transparency notices, risk assessments before the tool goes live — is the only version of the accountability framework that catches the problem at the right point in the process. Post-litigation accountability is real and consequential, but it is remedial: it addresses harm after the fact, for plaintiffs who have the resources to pursue a case. For every Workday collective action, there are many individuals who experienced a discriminatory outcome and had no mechanism to identify it, let alone challenge it.
The audit requirement is the critical lever. Colorado's "reasonable care" standard requires employers to conduct algorithmic impact assessments before deployment and to notify candidates of AI involvement in decisions. That is not a burden on employers who are already running good process — it is a minimum floor for everyone else. The EU AI Act's conformity assessment requirement serves the same function at the developer level. Together, they represent the first serious attempt to shift the accountability moment from litigation to deployment.
Worth naming: where accountability falls when harm flows through a chain — developer, vendor, employer, manager — each party has an incentive to point at the next link. The DISA analysis shows that Title VII currently places the liability on the employer regardless of the chain's length. Colorado's "reasonable care" standard is the first attempt to define what due diligence in that chain actually looks like at the US state level.
The Workday case is the most watched live test of AI liability in the US hiring context. If the collective action succeeds on the merits, it will set a precedent that individual plaintiffs can aggregate algorithmic harm even without a single identifiable discriminatory decision — because the pattern of the tool's output is itself the evidence. That would significantly expand the practical scope of Title VII in an AI context, without requiring Congress to pass anything.
Three jurisdictions now have binding AI accountability rules in force or imminent: Colorado (June 2026), South Korea (January 2026), and the EU (phased 2024–2026). None of them is yet a global standard. The US federal government has not enacted comprehensive AI discrimination legislation. The patchwork of state-level rules creates compliance complexity for employers operating across jurisdictions — and potential arbitrage opportunities for those who choose their deployment states carefully.
Auditing AI tools for bias is technically possible but methodologically contested. What constitutes a "fair" outcome, how to measure disparate impact across intersectional groups, and who is qualified to conduct a conformity assessment are all open questions. The EU AI Act designates notified bodies for conformity assessment; Colorado leaves the "reasonable care" standard to be elaborated in litigation. Until there is a shared technical standard for algorithmic auditing — equivalent to financial audit standards — the accountability framework will remain porous at the critical point where harm is actually assessed.
Primary sources cited in this issue. Dates and URLs verified at time of publication.
Bias is not a malfunction — it reflects the data the model was trained on. The live question is whether accountability mechanisms are built before deployment or only after litigation. This issue covers the harm, the law, and the gap between them.
Every issue of The Debate presents the strongest sourced case on both sides of a live question in AI. The ledger is not a verdict. The bridge names what both sides leave unresolved. The line says where law and policy currently sit.
Craig Stanley Studio · craigstanley.work · The Debate series · Issue 03 of 09 · 2026