An employer's applicant tracking log shows the same entry for two hiring decisions: user ID, action, timestamp, reason code. In one version, a recruiter spent fourteen minutes reviewing a candidate's materials, noted credentials the model had downweighted, and advanced someone the AI scored below threshold. In the other, a recruiter clicked confirm on two hundred rejections in forty-five minutes after the model had already filtered the queue. Both entries look identical in the record. The liability question isn't in the record.
What that record leaves out is the heart of Mobley v. Workday. Derek Mobley applied to more than 100 jobs at companies using Workday's hiring platform between 2017 and 2023 and was rejected every time. He filed a class action not against any of those employers but against Workday directly. The Northern District of California, in a July 2024 ruling from Judge Rita Lin, allowed the case to proceed on the theory that Workday can be directly liable as an agent of its employer-customers under Title VII, the ADA, and the Age Discrimination in Employment Act. The EEOC filed an amicus brief supporting that theory. By May 2025, the case was certified as a class action. Workday disclosed that its AI screening tools had processed 1.1 billion rejected applications across the class. The employers' compliance records showed that a human reviewed each application. The question is what the human reviewed.
A vendor that builds, trains, updates, and sells a model as a decision-making system controls which applications a reviewer ever lays eyes on. The employer's reviewer waved through the candidates the model forwarded and dropped the ones it filtered. If the model screened out protected applicants before a human saw anything, the employer's record is accurate and beside the point at the same time. The agent-theory ruling doesn't ask whether any employer's reviewers misbehaved. It asks whether Workday's model, by deciding what every reviewer got to see, was the real decision-maker across all of them at once. That points at the vendor, not the deployer.
It's tempting to read Workday as just shifting the exposure onto vendors, which would let deployers breathe easier. The UnitedHealth case says otherwise. UnitedHealth's Medicare Advantage plans put coverage calls in the hands of clinical staff and physicians, at least on paper. Its subsidiary NaviHealth ran an AI model, nH Predict, that used population recovery data to cut off post-acute care, and more than 90% of those cutoffs were overturned on appeal. The breach-of-contract claims that made it past the February 2025 motion to dismiss don't target NaviHealth. They target UnitedHealth, which signed the policies, sent the denials, and took the premiums. The model belongs to the subsidiary; the liability belongs to the parent that made the promise.
The insurance question lands in the gap between the two cases and stays unsettled in both. A vendor's errors-and-omissions policy answers for product failures that hurt the vendor's customers, and Workday's customers are the employers, not the applicants suing it, people who never signed a thing with Workday and whom the employers' records show were turned down after a human review. A deployer's employment-practices or general-liability policy answers for the deployer's own actions. A rejection that an employer's reviewer rubber-stamped but a vendor's model actually decided sits in both places at once, in the employer's file and in the vendor's model, and each side bought coverage written for only one of them. Section 7153 of California's ADMT rules makes vendors give deployers the facts a risk assessment needs, but handing over documents doesn't move the insurance.
The FTC's 2023 case against Rite Aid shows the same split one layer down, at deployment. Rite Aid ran facial recognition across hundreds of pharmacies, and when the system threw a match alert, store staff acted on it with no verification step, no training, and no rule about what to check before treating the alert as grounds to act. The FTC didn't argue the vendor's model was inaccurate. It argued that Rite Aid deployed the system without the basic safeguards that would make acting on its output reasonable. The vendor supplied the tech; Rite Aid owned the deployment, the training calls, and the liability. When the harm landed, the vendor's product coverage and Rite Aid's general liability were each pointed at a different party, and neither one covered the space in between.
The trouble isn't that these companies skimped on insurance. It's that whatever they bought assumes a decision has one owner. A vendor builds a product, and E&O answers when the product fails. A deployer makes a call, and employment or professional liability answers when the call causes harm. AI deployments produce calls that belong to two parties at once, the vendor steering the model and the deployer holding the paperwork. Workday is the case where the vendor's control creates liability even though the deployer kept the record; UnitedHealth is the case where the deployer's record creates liability even though the model sat with a subsidiary. Both are still in discovery as of mid-2026.
What neither case has answered yet is whose insurance is on the hook when one party owns the model and another owns the record.