SB 947 Cleared the Senate 29-9. Your AI Sourcing Stack Is Already Out of Compliance.
California's No Robo Bosses Act just passed the Senate 29-9. Here's what it means for AI sourcing and screening, and the audit recruiters need now.
The California Senate just approved SB 947, the No Robo Bosses Act, on a 29-9 vote. It heads to the Assembly with a governor who, two days after vetoing the predecessor bill last fall, signed Executive Order N-6-26 directing state agencies to study AI's workforce impact. The political signal is "yes." The recruiting question is whether your sourcing stack can survive an audit it was never built for.
Most coverage frames this as a discipline-and-termination story. It isn't. SB 947, layered on top of FEHA rules live since October 2025 and CCPA/ADMT rules in effect since January 1, 2026, reaches hiring, screening, targeted job ads, and almost every AI tool TA teams have bolted on in the last 18 months. If your "human in the loop" is a recruiter clicking approve on a Greenhouse stage transition, you already have a problem. SB 947 just makes the problem louder.
What SB 947 actually does
Senator Jerry McNerney's bill, co-authored by Sen. Eloise Gómez Reyes and sponsored by the California Federation of Labor Unions, bars employers from relying solely on automated decision-making systems (ADS) to fire or discipline workers. It requires human oversight and independent verification when ADS assists those decisions. It prohibits ADS that use personal information to predict worker behavior, infer protected statuses, or take adverse action against a worker for exercising legal rights.
The definition of ADS is broad: "any computational process derived from machine learning, statistical modeling, data analytics, or artificial intelligence" that replaces human discretion in issuing scores, recommendations, or decisions that significantly impact workers. That's not a definition that lets you carve out your sourcing tool because it "just ranks candidates."
The California Chamber of Commerce, through Ashley Hoffman's April 8 testimony, called SB 947 "actually broader than the bill that was vetoed last year," arguing it undoes amendments agreed to in SB 7. McNerney's response: the bill addresses Newsom's specific 2025 veto concerns about unfocused notification requirements and overly broad restrictions, replacing them with post-use notice and clearer prohibited scenarios. Combined with EO N-6-26, the read on Newsom's desk is: prepare, don't litigate the politics.
The compliance trigger already fired on January 1
Here's the part most TA leaders missed while waiting on Newsom. The FEHA Civil Rights Department regulations took effect October 2025, requiring employers to examine potential for discrimination when using ADS, mandating bias testing by both employers and third-party vendors, and requiring four years of retained documentation. Then the CCPA/ADMT rules, finalized September 23, 2025 and live January 1, 2026, layered on what Littler has called "the most stringent requirements in the United States" for any company over $26.6M in gross revenue or with large data volumes.
The ADMT regulations identify seven types of employment "significant decisions": hiring, allocation of work, compensation, promotion, demotion, suspension, and termination. Hiring is first on that list. And FEHA's amended definition of covered systems explicitly includes "AI- or algorithm-based resume screeners and targeted job advertising tools."
Translation: LinkedIn Recruiter's AI search, your sourcing automation, your outbound personalization, and your targeted ad spend on LinkedIn and Indeed are all in scope. Not just HireVue. Not just Workday. The tools your team adopted between Q4 2023 and now, almost certainly without a vendor bias audit, are the exposure.
Why "human in the loop" doesn't mean what your ATS says it means
The Resume Builder data cited in the SB 947 committee hearing is the number worth pinning above your desk: about 60% of managers use AI systems to make crucial employment decisions, and of those, 20% let the AI make the final call with no human involvement at all.
California's ADMT rule redefines adequate human review as a reviewer who: (a) knows how to interpret the ADMT's outputs, (b) analyzes the output alongside other relevant information, and (c) has authority to make or change the decision based on that analysis. Read that carefully. A coordinator pushing candidates from "AI Sourced" to "Recruiter Screen" because the score crossed a threshold doesn't meet (a), probably doesn't do (b), and may not have authority for (c).
A rubber stamp is not a human in the loop. The regulators have said so in writing. </pull> If your sourcing workflow is "AI surfaces, recruiter clicks, candidate enters funnel," and you can't produce documentation of how the recruiter interpreted the model, what other information they considered, and what authority they exercised, your defense in a disparate-impact claim is thin. Vendor SOC reports won't save you. FEHA regulations are explicit that "unsupported vendor representations or one-time reviews will carry little weight." ## The 90-day audit, in order of pain The Assembly calendar gives you a window. Use it. Here's the audit sequence that matters for sourcing and screening specifically, not the generic "appoint an AI governance committee" advice your law firm will send. ### 1. Inventory every tool that scores, ranks, or recommends people This is bigger than your ATS. Pull the list of every product with access to candidate data or decision authority: LinkedIn Recruiter (AI search and Recommended Matches), SeekOut, Gem, hireEZ, Eightfold, Paradox, HireVue, Pymetrics, Greenhouse AI features, Workday Skills Cloud, any outbound personalization tool, and any targeted job advertising platform. The Senate's release notes more than 550 "bossware" products on the market. Most TA orgs use eight to fifteen. For each tool, document: what decision it influences, who reviews the output, what training that reviewer has, and what the vendor has produced for bias testing. If the answer to any of those is "we don't know," that's your starting list. ### 2. Test your "in-scope" surface in plain English The fastest way to find your exposure is to ask sourcing questions the way a regulator would. Where did the AI narrow the pool before a human saw it? Where did targeted advertising decide who saw the role? Where did a resume screener filter before a recruiter opened it? This is one of the reasons we built [Refolk](/) the way we did. You describe the person you're looking for in plain English, and you get a ranked shortlist across GitHub, LinkedIn, and the open web with the reasoning visible. The recruiter can read why a candidate ranked where they did, compare against other information, and override. That's the structure California's ADMT rule actually asks for: interpretable output, real review, authority to change the decision. Tools that score in a black box and surface a number are the ones that will struggle.
refolk prompt: Find senior backend engineers in California who shipped payments infrastructure at fintechs under 500 people in the last 3 years. note: You get a ranked shortlist with the signals each match is based on, so your recruiter's review meets the ADMT interpretability standard instead of rubber-stamping a score. slug: tq02vsn4tf
### 3. Rewrite your reviewer training and document it
The four-year FEHA documentation requirement is the sleeper provision. You will need to show, retroactively, that the humans reviewing AI outputs knew what they were reviewing. That means written guidance for each tool: what the scores mean, what their known failure modes are, what the reviewer should cross-check, and what the override authority is. If you have one shared "AI sourcing best practices" doc from 2024, replace it with tool-specific training and log completion.
### 4. Get the vendor bias testing in writing, or stop using the tool
FEHA puts both employer and vendor on the hook for bias testing. If your vendor can't produce a recent, scoped, methodologically defensible audit, ask for one with a deadline. Regulators and courts will assess whether testing occurred and its quality, scope, recency, results, and the employer's response. A one-time review from launch won't survive. Neither will a vendor citing aggregate SOC 2 controls in place of subgroup analysis.
### 5. Kill predictive behavior features you don't need
SB 947 specifically prohibits ADS that conduct predictive behavior analysis, infer protected status, or predict whether workers will exercise legal rights. Some sourcing and "talent intelligence" tools sell exactly this: predicting flight risk, "engagement," cultural fit, or likelihood to accept. If you can't articulate the legitimate business need and survive a disparate-impact challenge, turn the feature off. The Amazon warehouse case study cited in legislative testimony, where unpaid-time-off thresholds auto-generated firing paperwork, is the kind of pattern this bill was written to end. The same logic reaches "predicted-to-decline" filters in sourcing.
## The sourcing implication most teams will miss
The regulation pushes the industry toward interpretable, query-driven sourcing and away from black-box recommendation feeds. That's a strategy shift, not just a compliance one.
If your sourcing motion has depended on opaque LinkedIn Recommended Matches or Eightfold's affinity scores, the audit trail you need to produce in 2026 doesn't exist inside those products. You can write a policy around them, but the underlying decision logic is still vendor-proprietary. The teams that will move fastest are the ones whose tools generate human-readable reasoning by default, where every candidate on a shortlist has a "here's why" that a recruiter can read, challenge, and override. That's the bar California's ADMT rule sets, and it's the bar Refolk was designed against from the start.
Refolk's internal index shows over 64,000 active US recruiters, sourcers, and TA professionals. Top employers are staffing firms like Robert Half and RCM Healthcare Services. Almost none of those practitioners have rewritten their sourcing workflow for the regime that already took effect in January, much less SB 947. The first wave of disparate-impact claims under FEHA-amended rules will hit the firms with the most volume and the least documentation. That's a predictable trade.
## What to do this week
Three things, in order:
One, send the tool inventory request to your TA ops lead with a two-week deadline. You cannot audit what you have not listed. Include sourcing tools, targeted advertising platforms, and any LinkedIn AI features in active use.
Two, pull your AI sourcing workflow and ask whether the recruiter reviewing the output could pass the ADMT three-part test (interpret, analyze, change). If not, you have a training gap or a tooling gap. Usually both.
Three, draft the vendor letter. You need recent bias testing, scoped to employment decisions, with methodology and results. Vendors who can't produce it in 30 days are vendors you replace, because their exposure is now your exposure. Lorena Gonzalez and Liz Shuler reportedly delivered Newsom an ultimatum in February. The political appetite for letting this slide is gone.
You have an Assembly calendar's worth of runway. Use it before the bill lands on Newsom's desk and the documentation requirement becomes a deposition exhibit.
## FAQ
### Does SB 947 apply to sourcing or just to firing and discipline?
The headline is about discipline and termination, but the operative regime for sourcing is already in effect. FEHA's amended ADS definition explicitly covers AI-based resume screeners and targeted job advertising tools, and the CCPA/ADMT rules that went live January 1, 2026 name hiring as one of seven covered "significant decisions." SB 947 hardens the discipline side, but the hiring rules are already binding under FEHA and ADMT. Treat sourcing as in-scope today.
### Is using a third-party vendor like LinkedIn or Eightfold a defense?
No. FEHA makes employers responsible for how third-party tools are used in employment decisions, and the regulations require both employer and vendor to test for bias and retain four years of documentation. Regulators have said explicitly that unsupported vendor representations and one-time reviews carry little weight. Vendor SOC 2 reports do not substitute for scoped, recent, subgroup-level bias testing tied to your actual use case.
### What counts as adequate human review under the new rules?
The California ADMT rule requires that the reviewer know how to interpret the AI's outputs, analyze those outputs against other relevant information, and have authority to make or change the decision. A coordinator advancing candidates because an AI score crossed a threshold does not meet that standard. You need tool-specific reviewer training, documented override authority, and a record that real analysis occurred, not just a click.
### How does Refolk fit a compliant sourcing workflow?
Refolk is query-driven and interpretable by design. You ask in plain English, get a ranked shortlist across GitHub, LinkedIn, and the open web, and see the signals behind each match. That structure supports the ADMT three-part review test: the recruiter can interpret why a candidate ranked where they did, weigh it against other information, and change the outcome. It replaces opaque "Recommended Matches" feeds with a sourcing motion you can actually audit.