When a vendor runs an AI bias audit and still ends up at the center of a nationwide collective action, it tells you something important about where AI hiring liability is heading. That is exactly what happened to Workday, and the case has only escalated since it began. This piece walks through the Mobley v. Workday lawsuit, why a bias audit did not insulate Workday from risk, where the case stands as of 2026, and what it means for any company that builds or buys AI hiring tools.
Workday AI Discrimination Lawsuit: Lessons in AI Governance and AI Risk Management
When a vendor runs an AI bias audit and still ends up at the center of a nationwide collective action, it tells you something important about where AI hiring liability is heading. That is exactly what happened to Workday, and the case has only escalated since it began. This piece walks through the Mobley v. Workday lawsuit, why a bias audit did not insulate Workday from risk, where the case stands as of 2026, and what it means for any company that builds or buys AI hiring tools.
Workday’s central defense was that it is not the employer and does not make hiring decisions. The court rejected that argument. Judge Rita F. Lin denied Workday’s motion to dismiss and allowed the case to proceed, holding that Workday could potentially be held liable as an “agent” of the employers who rejected Mobley’s applications. That single ruling is what makes this case a landmark: it opened the door to holding an AI vendor, not just the employer, responsible for discriminatory outcomes.
This lawsuit reflects concerns about AI bias in hiring that extend far beyond Workday. The American Civil Liberties Union has warned that AI hiring tools pose a serious danger of worsening existing workplace discrimination.
Why AI Hiring Tools Create Litigation Risk
Four dynamics in this case explain why AI hiring tools carry legal exposure that traditional software does not.
Inherent bias amplification. AI systems trained on historical hiring data often perpetuate the demographic biases already present in that data. Workday’s tools allegedly learned from past recruitment patterns that disadvantaged older applicants, embedding age-based discrimination into algorithmic decisions.
Opacity in decision-making. Many AI hiring tools operate as “black boxes,” offering no transparency into how candidates are scored or rejected. Plaintiffs argued Workday’s system gave no explanation for rejections, making bias nearly impossible to detect. Reasoning explanations could help, but only if they are thoroughly tested and paired with a human in the loop throughout the scoring and response process.
Third-party liability risk. Companies using third-party AI tools face legal exposure they may not anticipate. The court’s expanded reading of “employer” status means vendors and their clients alike may share responsibility for discriminatory outcomes, a risk that flows in both directions.
Escalating regulatory scrutiny. The Equal Employment Opportunity Commission filed an amicus brief supporting the lawsuit, signaling intensified regulatory focus on AI fairness. Non-compliance with evolving standards such as the EU AI Act risks penalties and reputational harm.
The Bias Audit Paradox: Why Workday’s Audits Weren’t Enough
Here is the detail that should concern every HR tech vendor and every employer relying on one: Workday did conduct AI bias audits and followed practices indicated by the EEOC. It still ended up in a certified collective action.
The gap lies in how these audits are typically conducted. Without separate, clean test data to compare against the HR system’s real-world outputs, audits generally rely on the Adverse Impact analysis known as the four-fifths rule. That method has a blind spot relevant to this case. New York City’s Local Law 144, the most prominent AI hiring audit mandate, focuses on race and gender, not age. Yet age, specifically discrimination against applicants over 40, is the core of Mobley’s allegations. An audit built around race and gender categories can pass while leaving the exact exposure at issue in this lawsuit unexamined.
In other words, a bias audit is evidence of due diligence, but a narrowly scoped audit is not a shield. The categories you test for, the quality of your test data, and whether a human reviews algorithmic reasoning all determine whether an audit actually reduces risk or merely documents that you ran one.
Where the Case Stands in 2026
The Mobley case did not wind down after the initial certification. It escalated. Here is the current trajectory for readers tracking the litigation.
May 16, 2025: Preliminary collective certification. Judge Lin granted preliminary certification of a nationwide collective action on the ADEA age discrimination claim, finding that applicants were alike in the way that mattered: they allegedly competed on unequal footing because of Workday’s AI recommendations. The judge noted that allegedly widespread discrimination is not a basis for denying notice to the collective.
July 7, 2025: HiredScore pulled into scope. The court held that the preliminary collective includes applicants whose applications were scored, ranked, or screened using Workday’s HiredScore AI features, rejecting Workday’s arguments that HiredScore was acquired later and was a separate product. Workday was required to identify customers using HiredScore so those applicants could be included.
Late 2025 to early 2026: Notice authorized. The court approved a plan for notifying prospective collective members on December 2, 2025. On February 17, 2026, the court authorized notice to potential class members, with an opt-in deadline of March 7, 2026.
March 6, 2026: Workday’s strongest remaining defense fails. In a landmark ruling, the court rejected Workday’s argument that the ADEA does not cover job applicants, the company’s strongest remaining dismissal argument. Workday had argued that en banc decisions of the 7th and 11th Circuits held the ADEA does not grant disparate-impact protection to applicants, but Judge Lin held that prior precedent affirming the ADEA’s coverage of applicants was not disturbed by the end of Chevron deference.
March 30, 2026: Amended complaint. Plaintiffs filed a new amended complaint reasserting previously dismissed California state-law and disability claims. As of mid-December 2025, and continuing into 2026, the case remains ongoing.
The direction of travel is unmistakable: the case has moved from a procedural question of whether a vendor can be sued at all into active litigation over the substance of AI hiring discrimination.
A Parallel Warning: The Eightfold AI Case
Mobley is no longer the only signal. In January 2026, a major class action was filed against Eightfold AI, alleging the company operated as a consumer reporting agency by collecting and scoring applicant data from unverified third-party sources without consent, in violation of the Fair Credit Reporting Act.
The two cases attack AI hiring from different angles, and together they widen the exposure. Where Workday establishes the theory that a vendor is an agent liable for discrimination, Eightfold frames the vendor as a consumer reporting agency subject to transparency mandates. One case attacks the outcome; the other attacks the process. A vendor or employer could plausibly face both theories at once.
Key Takeaways for Companies Using or Building AI Hiring Tools
Whether or not Workday ultimately proves its tools were free of embedded bias, the case has already reshaped the risk landscape. If you rely on AI tools to speed up hiring, or build AI into your own product, the questions are now concrete. Are you performing effective AI governance reviews on your technology vendors and their practices? Do you know who is responsible for what when a third-party tool increases litigation risk? If you are a technology company embedding AI in your product, can you demonstrate that your bias testing covers every protected category, not just the ones a single local law names?
Effective governance and documented reviews demonstrate the due care and due diligence that matter when AI risk becomes AI litigation. Established frameworks like ISO 27001 for information security, and emerging standards like ISO 42001 for AI management systems, help organizations align AI governance with broader risk management and apply best practices consistently across every deployment.
How Elevate Can Help
Navigating AI governance complexity takes specialized expertise. Elevate combines AI development and cybersecurity experience to help you build and test the AI governance controls that mitigate litigation and operational risk. We perform bias and transparency audits scoped to your actual exposure, not just the minimum a single law requires, and we provide the guidance and templates to stand up effective AI governance and risk management practices. Schedule an AI governance consultation to assess your vendor reviews and bias-testing coverage before a gap becomes a lawsuit.