The Governance Questions Only HR Is Equipped to Answer
Amazon's Tool: Amazon abandoned a biased hiring tool trained on a decade of male-dominated hiring data.
Bias Concerns: AI system evaluation lacked focus on fair outcomes, leading to unchecked biases and governance gaps.
Governance Roles: HR is pivotal in AI governance to ensure fair outcomes and transparent processes for employees.
High-Risk AI: EU AI Act classifies AI in employment as high-risk, requiring strict documentation and oversight.
HR's Challenge: HR lacks authority in AI governance, requiring C-suite support to set standards and accountability.
In 2018, Amazon scrapped a machine learning tool it had been developing for years to screen resumes. The system had been trained on a decade of hiring data that reflected the company's historical preference for male candidates in technical roles.
The model learned from that pattern and replicated it, downgrading resumes that included words like "women's" and penalizing graduates of all-women colleges. Amazon's engineers tried to correct it. They couldn't guarantee the bias wouldn't surface in other ways, so they shut it down.
The story is often cited as a cautionary tale about AI and bias. What gets less attention is the structural question it surfaces. Whose job was it to catch that in the first place?
Keep Reading—and Keep Leading Smarter
Create a free account to finish this piece and join a community of forward-thinking leaders unlocking tools, playbooks, and insights for thriving in the age of AI.
Have an account? Log In
The technical teams building the system were focused on whether it worked. Legal was likely focused on liability exposure. No one, apparently, was focused on whether the system was producing fair outcomes for the people it was screening, at least not as a primary governance function.
That problem hasn't been resolved in most organizations. If anything, as enterprise AI deployment has expanded and accelerated, it's become an even harder thing to nail down.
The Two Questions Being Answered Now
Most enterprise AI governance frameworks were built to answer two categories of questions.
The first is legal: what liability exists if this system fails, produces a discriminatory outcome, or exposes regulated data?
The second is technical: what are the failure modes, what data is the system trained on, where are the security vulnerabilities? Both categories matter. Neither is sufficient on its own, because neither was designed with a primary obligation to the people the systems affect.
That's not a criticism of legal or IT. Those functions built governance frameworks to answer the questions they were hired to answer. The problem is that enterprise AI adoption moved fast enough to outpace any deliberate conversation about who owns the remaining questions and most organizations defaulted to the frameworks already in place.
According to PwC's 2025 Responsible AI survey, 56% of executives say their first-line teams — IT, engineering, data, and AI — now lead responsible AI efforts. HR doesn't appear in that figure in any meaningful way.
According to Pacific AI's 2025 Governance Survey, three-quarters of organizations have established AI usage policies, yet only 36% have adopted a formal governance framework, meaning defined roles, controls, and enforcement. The distance between a policy document and functional accountability is exactly where the people questions go unanswered.
The EU AI Act, which began phasing in enforcement requirements in 2024, classifies AI systems used in employment and workforce management as high-risk by category. That designation covers tools used for recruitment, performance evaluation, task allocation, and monitoring. Essentially, the suite of systems most enterprises are now deploying at scale.
High-risk classification means stricter documentation, transparency, and human oversight requirements. It does not specify who inside an organization is responsible for meeting those requirements. That question gets handed back to the enterprise.
In most organizations, the answer has been "whoever already owns governance". That typically means legal, compliance, or IT security — the functions with established frameworks. HR often gets looped in as a stakeholder or consulted during implementation. Rarely does it lead.
The Questions Being Skipped
The questions that determine whether AI is actually harming people don't map neatly onto legal risk or technical failure. They require a different starting point.
Is this system producing biased outcomes across demographic groups?
Answering that question requires knowing what fair looks like in a specific employment context, not just what defensible looks like in a legal one. Those are different standards.
A system can be legally defensible and still produce outcomes that are systematically worse for one group of employees than another. Catching that requires someone who understands what equitable employment practice looks like and has the standing to flag when a system deviates from it.
Are employees being evaluated on data they don't understand or weren't told was being collected?
According to Owl Labs' 2025 workplace survey, 20.5% of employees are unsure whether monitoring is happening at all, and 12.8% don't know what's being tracked.
This is not a peripheral issue. 61% of US companies now use AI-powered analytics to measure employee productivity or behavior. Whether employees know this is happening, understand how it factors into their evaluations, and have any avenue to contest what the system produces are all employment relationship questions. They belong to the function that owns the employment relationship.
Who decides when an AI recommendation gets overridden, and on what grounds?
In organizations where AI tools influence or inform decisions about hiring, promotion, performance ratings, or termination, the override question is among the most consequential governance decisions an enterprise can make.
Getting it wrong in one direction means AI recommendations go unchecked. Getting it wrong in the other means the system's outputs are treated as advisory theater, or expensive infrastructure that no one trusts.
Calibrating that threshold requires understanding both how the tool works and how managers make decisions, where bias enters human judgment, and what accountability looks like when outcomes are disputed.
None of these questions have homes in most enterprise governance frameworks. They require domain expertise that sits in HR and organizational design, not in legal or engineering.
The Accountability Map
What belongs to HR in AI governance isn't a matter of preference or organizational politics. It follows from function. HR is the enterprise function with a primary obligation to employees, from their fair treatment to their development and their rights within the employment relationship.
That obligation doesn't go away when AI enters the process, but it does become more complicated.
Several accountability decisions are HR's by nature rather than by assignment.
Bias auditing in employment AI is the most direct
Technical teams can test whether a model performs consistently across inputs. Only HR can assess whether consistent performance translates to equitable outcomes in context and whether the performance management tool that rates everyone on the same rubric is, in practice, generating ratings distributions that disadvantage employees in certain roles, geographies, or demographic groups.
This requires access to HR data, understanding of employment law and equity standards, and the organizational standing to act on what's found.
Transparency obligations to employees
Employees have an interest in understanding when AI is being used to inform decisions about them, what data is being used, and how conclusions are drawn.
In some jurisdictions, they have legal rights to that information. Whether an organization meets those obligations through policy, training, or process design and whether it treats those obligations as a minimum floor or a genuine standard is down to HR practices.
The power to override
Human override design is more nuanced and more consequential than it typically gets credit for. The question of when a human can or must override an AI recommendation involves understanding where AI tools are likely to fail, where human judgment is more reliable, and how to build accountability into override decisions so they don't simply become a new vector for bias.
That requires someone who understands both the tool and the organizational behavior around it. HR, working in close coordination with the teams deploying AI, is best positioned to own this design.
Employee recourse
What happens when someone believes an AI-influenced decision was wrong belongs in HR governance. Not just because HR manages grievance processes, but because designing recourse requires thinking through how disputes involving AI outputs get investigated, what evidence is available, and what remedies are possible.
Legal defines the minimum. HR defines whether the organization actually takes it seriously.
Technical Expertise
There's a reasonable objection to the premise of HR-led AI governance, and it's worth addressing directly. HR doesn't always have the technical expertise to evaluate AI systems.
That's true. But governance authority and technical evaluation are different things. Legal doesn't code and finance doesn't run the engineering processes it audits.
The function that owns a governance domain doesn't need to do the technical work necessarily, it needs the standing and expertise to set the standards, evaluate the outcomes, and hold others accountable.
What HR needs to lead AI governance isn't a computer science team. It's clarity about what questions it's obligated to answer, the organizational authority to ask them, and access to the technical and data resources required to answer them.
In most enterprises right now, HR has limited versions of all three. The organizational authority is often the hardest one to build, because it requires CHROs to claim governance territory that other functions have occupied by default.
That claim has to happen at the C-suite level. An AI governance committee that sits entirely within legal and IT will produce legal and technical risk frameworks. Adding HR as a participant in someone else's framework doesn't change whose questions get answered first.
CHROs I speak to who've built effective people-centered AI governance have typically done it by establishing HR's accountability clearly before deployment decisions are made, not by trying to retrofit influence into a process that's already structured around other priorities.
The Amazon hiring tool failure happened because the organization that built it didn't have a function with clear ownership of the question "are these outcomes fair to the people being screened?" Legal asked about liability. Engineering asked about performance. Neither question captured what was actually going wrong.
Enterprise AI is now making or influencing decisions about who gets hired, who gets promoted, how performance is rated, and how work is monitored at a scale that dwarfs what any individual manager could produce. With full EU AI Act enforcement for employment systems arriving in August, that ambiguity is becoming a liability in more ways than one.
HR was hired to protect people inside organizations. AI governance is now one of the primary contexts in which that obligation has to be exercised. The function either claims that ground or cedes it to frameworks built for different questions.
