Below is a practical, 2025-ready guide to HR rules and regulations. It’s written for non-lawyers but cites the underlying laws and official guidance so you can go deeper where needed. Laws vary by country (and often by state or region), so treat this as a high‑level playbook—not legal advice.
Why this matters now
HR compliance is a moving target. In just the past two years we’ve seen the EU AI Act enter into force, reshaping how AI may be used across recruiting and people management; new U.S. federal protections for pregnant and nursing employees take effect; pay-transparency requirements expand across the EU and U.S. states; and landmark agency rules (like the U.S. FTC’s proposed non‑compete ban) get vacated in court. If your employee handbook or hiring workflow still looks like it did in 2022, you’re probably behind the curve.
Below you’ll find the essentials—organized by lifecycle—with jurisdiction‑specific pointers (U.S., UK/EU) and checklists you can lift straight into your SOPs.
1) Equal Employment Opportunity (EEO) & Anti‑Discrimination: Your baseline
U.S. (federal): Employers are bound by a core set of laws enforced by the EEOC, including Title VII (race, color, religion, sex, national origin), ADA (disability), ADEA (age 40+), GINA (genetic information), and the Equal Pay Act. Keep your policies, training, and complaint processes aligned to these foundations. Post the “Know Your Rights” notice in a conspicuous location (and on your intranet for remote workers).
Pregnancy & related conditions (U.S.): The Pregnant Workers Fairness Act (PWFA) requires reasonable accommodations (e.g., flexible breaks, seating, temporary task modifications) for known limitations related to pregnancy, childbirth, or related medical conditions—unless doing so would cause undue hardship. The EEOC’s final rule took effect June 18, 2024 and provides detailed examples and limits on documentation. In parallel, the PUMP Act expanded break‑time and space protections for nursing employees (a private, non‑bathroom space; time to pump; pay rules depend on whether the employee is relieved of duty). Update policies, manager training, and your interactive process flows accordingly.
Harassment: In 2024 the EEOC issued updated harassment guidance—but portions were vacated by a federal court on May 15, 2025. The agency marked vacated sections on its site. Bottom line: keep a robust anti‑harassment policy, training, prompt investigations, and a no‑retaliation culture, but don’t rely on vacated passages as binding EEOC interpretation.
UK/EU: The Equality Act 2010 (UK) and the EU equal treatment acquis prohibit discrimination on protected grounds; the EU Pay Transparency Directive (EU) 2023/970 deepens equal‑pay enforcement (salary range transparency, expanded pay‑gap reporting) and must be transposed by Member States by June 2026, with staged employer reporting thereafter. Start mapping roles to objective, gender‑neutral criteria now.
Hiring with criminal‑record data (U.S.): The EEOC’s guidance cautions against blanket exclusions based on arrests/convictions; policies should be job‑related and consistent with business necessity and include individualized assessment. Pair this with local “fair chance”/ban‑the‑box rules.
Selection procedures: If you use tests/assessments, validate them and monitor adverse impact under the Uniform Guidelines on Employee Selection Procedures (UGESP) (the “four‑fifths rule” is a screening signal, not a bright‑line defense).
Action checklist
Refresh EEO/anti‑harassment policies and complaint channels. Post EEOC, FLSA, and OSHA notices.
Implement PWFA accommodations workflow; train managers; add PUMP Act space & time procedures.
Validate selection tools; track selection rates for adverse impact.
Plan EU pay‑transparency compliance (salary ranges in job ads, reporting timeline).
2) Wages, Hours, and Leave
U.S. FLSA (federal): The Fair Labor Standards Act governs minimum wage, overtime, and recordkeeping. Maintain accurate time and pay records (generally three years; two years for records used to compute pay). Keep your exempt/non‑exempt classifications current and ensure overtime is paid correctly.
Independent contractors vs. employees (U.S.): Worker status is a top enforcement priority. The DOL’s 2024 rule adopting a six‑factor “economic reality” test remains in effect for private litigation, but in 2025 the Wage & Hour Division issued a Field Assistance Bulletin signaling it will rely on longstanding principles in Fact Sheet #13 while litigation plays out. The IRS applies a separate common‑law control analysis for tax. Document your rationale and review high‑risk roles (gig/1099, fractional, creatives).
Family & Medical Leave (U.S.): The FMLA provides up to 12 weeks of job‑protected, unpaid leave (26 weeks for military caregiver) for eligible employees of covered employers, with continuation of health benefits and anti‑retaliation protections. Post the FMLA notice, train HR on eligibility (12 months/1,250 hours/50‑within‑75‑miles), and standardize notice/medical certification workflows.
Break time & lactation spaces (U.S.): The PUMP Act now covers most FLSA‑covered employees; ensure a private space (not a bathroom), reasonable break time, and proper compensation handling.
EU/UK working time: The EU Working Time Directive (2003/88/EC) sets minimum daily/weekly rest, paid annual leave (at least four weeks), and a weekly hours limit (with some opt‑outs in certain countries). UK rules mirror these via the Working Time Regulations. Ensure schedules, overtime, and rest breaks meet local transpositions.
Action checklist
Audit exempt/non‑exempt designations, overtime practices, and timekeeping.
Standardize FMLA notices, eligibility checks, tracking, and return‑to‑work.
Provide compliant lactation spaces & break procedures under the PUMP Act.
For EU/UK teams, map local working‑time rules and opt‑out requirements.
3) Health, Safety, and Retaliation Protections
U.S. OSHA: Employers must provide a workplace free from recognized hazards (the General Duty Clause) and may not retaliate against workers who raise safety concerns or cooperate with OSHA (Section 11(c)). Ensure hazard assessments, training, and safety logs are current and that anti‑retaliation is part of your code of conduct.
Action checklist
Confirm required safety training/postings; maintain your OSHA injury/illness records.
Build a clear, prompt anti‑retaliation response path for safety complaints.
4) Labor Relations & Concerted Activity
U.S. NLRA: Even in non‑union settings, employees have Section 7 rights (e.g., discussing pay or working conditions). Align handbooks and confidentiality, social‑media, and non‑disparagement provisions so they don’t unlawfully chill concerted activity. Note that the NLRB’s 2023 “joint‑employer” rule was vacated in March 2024 and, as of 2025, remains not in effect—but expect continued scrutiny of control over temps/franchisees.
Action checklist
Review policies through a Section 7 lens (pay talk, concerted complaints).
Evaluate staffing vendor/franchise arrangements for potential “joint control.”
5) Right‑to‑Work/Employment Authorization
U.S. Form I‑9 & remote verification: Employers must verify identity/work authorization on Form I‑9. Since 2023, DHS permits an alternative remote examination procedure for enrolled E‑Verify employers who meet conditions—use it correctly or stick to in‑person inspection. Train hiring teams and calendar re‑verification dates.
UK: Conduct Right to Work checks (manual, online share code, or via certified Identity Service Providers). Penalties for illegal working are significant, and increased in recent updates.
6) Data Privacy & Monitoring Employees
EU/UK (GDPR, DPA 2018): HR data is personal data; “special category” data (e.g., health) needs elevated safeguards and lawful bases. The UK ICO published targeted employment‑practices guidance (recruitment and selection, health data, workplace monitoring). If you monitor workers (productivity tools, keystrokes, cameras, biometrics), you must conduct a necessity/proportionality analysis, provide transparency, and implement safeguards; recent UK enforcement ordered an employer to stop using facial recognition/fingerprint scanning for attendance tracking.
U.S. state privacy (employees): Employee data is in scope under California’s CCPA/CPRA; in 2025 the CPPA finalized ADMT (automated decision‑making technology), risk assessments, and cybersecurity audit regulations, with obligations phasing in (beginning 2026 per agency announcements). Expect disclosure, access/appeal rights for automated decisions in hiring/performance contexts and risk assessments for high‑risk processing. Track Colorado’s AI Act timeline too (delayed to mid‑2026).
Action checklist
Maintain data maps and retention schedules for HR data; apply data‑minimization.
Provide privacy notices for applicants/employees; assess monitoring tools (DPIAs where required).
For CA teams, scope the new ADMT/risk‑assessment obligations and build intake/appeal channels for automated hiring decisions.
7) AI in Hiring and People Management
EU AI Act: Since August 1, 2024, the AI Act is in force. AI used in recruitment, selection, task allocation, performance evaluation, promotion/termination, or monitoring is treated as “high‑risk” (Annex III), triggering obligations (provider and deployer) that phase in through 2026–2027. Expect requirements around risk management, data quality, transparency to candidates/employees, human oversight, logging, and post‑market monitoring—plus AI literacy for staff as early as 2025. Start with an AI register, vendor attestations, and DPIAs paired with provider documentation.
U.S. local/state rules: New York City’s Local Law 144 restricts use of Automated Employment Decision Tools unless you perform an independent bias audit, give notice, and publish results. States are moving too; Colorado’s broad AI law (covering employment decisions) was delayed to 2026, while California finalized privacy regulations touching automated decision‑making with 2026 effective dates. If you recruit or employ in these jurisdictions, build an audit/readiness program now.
Action checklist
Inventory AI in HR (sourcing, screening, video interviews, performance tools).
Secure vendor documentation; implement bias testing/monitoring; add AI notices to candidate/employee privacy disclosures.
Train HR/TA on human‑in‑the‑loop requirements and appeals/escalation paths.
8) Pay Transparency (EU & U.S. examples)
EU: The Pay Transparency Directive (EU) 2023/970 requires salary range disclosure in job ads/offers and gender‑pay gap reporting with staged timelines (large employers first). Member States must transpose by June 2026. Multinationals should plan for cross‑border job architecture and standardized pay bands.
California: Employers must include pay scales in job postings and keep pay data reports; check official guidance by the Civil Rights Department.
New York State: Requires wage ranges in advertisements and retention of job description records.
Colorado: The EPEWA requires range and benefits disclosure in postings and internal advancement notices; 2024 guidance tightened rules around remote roles.
Action checklist
Standardize job architectures and pay bands; embed ranges in ATS templates for covered locations.
Stand up a repeatable pay‑gap analysis cadence ahead of EU reporting deadlines.
9) Non‑Competes & Restrictive Covenants (U.S.)
The FTC’s 2024 non‑compete rule will not take effect: in September 2025, the FTC voted to accede to vacatur after adverse court rulings. Non‑competes are still largely governed by state law (many states restrict or ban them, especially for lower‑wage workers). Prefer narrowly tailored NDAs, non‑solicit, and confidentiality clauses; review by state.
10) WARN, Safety Posters & Core Recordkeeping
WARN (U.S.): For covered employers, provide 60 days’ notice of certain plant closings/mass layoffs (states can have “mini‑WARNs” with different thresholds).
Required postings: EEOC Know Your Rights, OSHA “It’s the Law,” FLSA minimum wage, and state‑specific posters; make them digitally accessible to remote workers.
Recordkeeping: Under the FLSA keep core wage/hour records for three years (two years for items used to compute pay); EEOC rules generally require at least one year for personnel/employment records (longer when a charge is pending). Document retention policies should reflect these floors and stricter local rules.
11) Jurisdiction snapshots (quick hits)
U.S.:
EEO baseline (Title VII, ADA, ADEA, GINA, EPA); PWFA accommodations; PUMP Act lactation rules.
FLSA wage/hour & recordkeeping; FMLA leave.
NLRA Section 7 rights; 2023 joint‑employer rule vacated.
I‑9/E‑Verify with remote alternative procedure option.
Expanding state privacy/AI rules (NYC AEDT; CA CPPA ADMT; Colorado AI Act delayed).
EU/UK:
EU Working Time Directive baseline; UK Working Time Regulations mirror it.
EU AI Act: HR uses often high‑risk; staged duties through 2026–2027.
EU Pay Transparency Directive: salary‑range rules and gender‑pay reporting.
UK ICO: strong guidance on employment data & monitoring; recent enforcement curbing biometric attendance systems.
12) 30‑60‑90 Day HR Compliance Roadmap (steal this)
Days 1–30: Baseline & high‑risk fixes
Confirm required posters and update your handbook to reflect PWFA accommodations and PUMP rules.
Inventory selection tools (assessments, AI/resume filters, structured interviews) and check for UGESP alignment and NYC AEDT coverage.
Audit exempt/non‑exempt classifications and overtime practices (FLSA).
Days 31–60: Process hardening
Stand up a PWFA interactive process SOP and manager training; deploy lactation space procedures.
Implement AI governance basics: AI inventory, vendor attestations, bias testing plan, candidate/employee notices, and human‑oversight checkpoints. Map EU AI Act impact if you hire or manage in the EU.
Refresh FMLA notices/forms and tracking; calibrate to state family‑leave overlays.
Days 61–90: Transparency & data hygiene
Embed pay ranges in job templates for CA/NY/CO and plan EU pay‑transparency implementation; train recruiters on range disclosures.
Publish/update applicant/employee privacy notices; for UK/EU, align to ICO guidance; for CA, scope upcoming ADMT and risk‑assessment obligations.
Revisit non‑compete strategy (state‑law compliant alternatives), noting the FTC non‑compete rule is not moving forward.
13) Policy & template starters (what “good” looks like)
EEO & Anti‑Harassment Policy (U.S./UK/EU‑friendly)
Clear statement of equal opportunity across protected characteristics; multi‑channel complaint intake; prompt, impartial investigations; anti‑retaliation clause; manager training duty.
PWFA Accommodation SOP (U.S.)
Intake form + interactive process checklist (document “known limitation,” discuss options, evaluate undue hardship, memorialize decision, schedule follow‑ups).
AI in Hiring & People Management Policy
Inventory and approval workflow before deploying tools; vendor documentation requirements; periodic bias testing; human‑oversight and appeals steps; candidate/employee notices; logging and retention. (Cross‑reference NYC AEDT and EU AI Act obligations if applicable.)
Pay Transparency SOP
How to set and publish pay ranges; internal mobility posting rules; standardized objective job‑evaluation criteria to support equal pay compliance (EU directive).
Data Privacy & Monitoring Policy
Purpose‑limited monitoring with DPIAs where needed; data minimization; transparency and choices where required; special treatment for health/biometric data; retention schedules. (See ICO guidance.)
14) Common pitfalls (and how to avoid them)
Relying on outdated harassment or leave guidance. Cross‑check updates (e.g., PWFA final rule; partially vacated EEOC harassment guidance).
Assuming vendor AI is “compliant by default.” You (the employer/deployer) still carry duties under NYC AEDT, EU AI Act, and (soon) California ADMT rules. Build your own controls.
Misclassifying workers and skipping timekeeping for “salaried” staff. Exempt status is about duties and salary basis, not the word “salaried.” Track hours where required.
Ignoring local pay‑transparency rules for remote jobs posted nationwide. Your ad may trigger obligations wherever the candidate sits (e.g., CO/CA/NY).
Assuming the FTC non‑compete rule is coming. It isn’t—focus on tailored, enforceable alternatives under state law.
Final take
A resilient HR compliance program balances clarity (clean policies, simple workflows) with adaptability (watchlists for legal updates, change logs, and training refreshers). If you do just three things this quarter, do these:
Operationalize PWFA + PUMP (policies, forms, manager training).
Inventory and govern AI in recruiting/people ops (bias audits where required; notices; human oversight).
Embed pay ranges in postings and plan for EU pay‑transparency reporting.
Do that, and you’ll reduce legal exposure while building trust with candidates and employees.