Description: A recruiter click isn't enough to avoid California's ADMT rules. The reviewer must understand the output, check other relevant information about the candidate, and have real authority to change the decision.
Date: 2026-05-18
Canonical: https://proofofreview.ai/record/human-in-the-loop-is-not-enough-under-california-admt-rules

# Human-in-the-Loop Is Not Enough Under California ADMT Rules

The cleanest compliance record in an applicant tracking dashboard often looks like this: Application received. Model scored. Recruiter assigned. Rejected at 11:47 a.m.

A click isn't enough on its own to satisfy California's ADMT [human involvement](/glossary#human-involvement) standard. The record has to show the recruiter understood what the model said, looked at something beyond the score, and could have moved the candidate forward if they'd wanted to. A timestamp shows none of that. It shows a button was pressed at 11:47.

California's [ADMT](/glossary#admt) rules don't turn on whether a human shows up in the workflow. They turn on whether that human does enough to keep the software from being the real decision-maker, and a timestamped click tends to make the gap easier to spot, not harder.

The test has three parts: the reviewer has to know how to interpret the output, has to review and analyze it alongside other relevant information, and has to have authority to make or change the decision. All three, provably. Most hiring platform implementations skip the last word.

A recruiter who has run an AI screening tool for six months might still not know what it concluded from a candidate's work history, what it treats as disqualifying, or where it tends to go wrong. An HR director signing off on a batch knows a candidate fell below the threshold, but not which lines on the resume put them there. Knowing the tool well enough to clear the queue is a different thing from knowing it well enough to catch it being wrong. Real review leaves marks: a note on why a recommendation was kept or reversed, a credential checked outside the model's criteria, a candidate moved up because the recruiter caught something the model missed. A queue where almost every low-scoring candidate is gone in under ninety seconds has none of those marks.

[Dwell time](/glossary#dwell-time) is one of the few numbers that can tell evaluation from rubber-stamping at scale. Sixty seconds isn't a magic threshold in the regulation; it's just that nobody reads a file and weighs it in eight.

The authority prong is just as easy to fail. Plenty of systems let a recruiter kick an odd case up to a hiring manager, but escalating isn't deciding. A recruiter who can flag a disagreement but can't actually change the outcome isn't the decision-maker, and an [override](/record/good-model-and-rubber-stamp-same-override-rate) that's allowed on paper but never once used is just set dressing. The standard has nothing against hiring AI. What it's against is the pretense, a human parked in the workflow for the record while the model does the deciding. On anything that drives employment, housing, credit, education, or healthcare, California wants to know which of the two it's looking at.

[Section 7153](/glossary#section-7153) won't let the vendor hide behind the employer, either. When a covered business runs a vendor's tool to make [significant decisions](/glossary#significant-decision), the vendor owes the customer the facts its [risk assessment](/glossary#risk-assessment) needs: the logic, the inputs and outputs, the assumptions, the limits. That holds even if the vendor never sends the rejection, never writes the adverse-action notice, and never lays eyes on the candidate.

There's a quieter trigger, too, off the significant-decision path entirely. Profiling built on [systematic observation](/glossary#systematic-observation) of applicants or employees can require a risk assessment even when no hiring decision ever follows. [An analytics tool that reads performance risk or engagement off behavioral data](/record/monitoring-triggers-admt-without-a-decision) doesn't get a pass just because a manager makes the formal call later.

Intentional [CCPA](/glossary#ccpa) violations run up to $7,988 per consumer, per violation, with no cap on the total. Ten thousand applicants is nothing for an enterprise recruiting platform, and at that rate a single bad pattern is $80 million of exposure. What decides a case like that isn't whether the platform can print a recruiter activity log. Anyone can print one. It's whether the log can show what the recruiter actually did: what was in front of them, how long they spent, what they changed, and why.

Most teams can show that a recruiter clicked something. What they usually can't show is what the recruiter understood, checked, or changed.

That gap, between a click and a decision, is what Proof of Review exists to record.