Hiring feels like a business activity, not a compliance one — you need someone, you find them, you make an offer. But the path from job post to signed offer letter runs through several legal checkpoints, and small businesses routinely walk past all of them without noticing. Here's the compliant version, stage by stage.
The job posting
Compliance starts before you've met a single candidate. A growing number of states and cities require pay transparency — a salary range, and sometimes benefits, disclosed in the posting itself — with real per-violation penalties. If you recruit across state lines (which most remote-friendly companies do), you may need to comply with the strictest jurisdiction you're hiring into. Beyond that, posting language matters: requirements that aren't truly necessary for the job, or wording that signals a preference around age, can create disparate-impact exposure.
The application
What you ask on an application is regulated more than most founders realize:
- Salary history bans in many states prohibit asking what someone currently or previously earned.
- Ban-the-box laws restrict when and whether you can ask about criminal history — often prohibiting it until later in the process.
- Disability and medical questions are off-limits pre-offer under the ADA.
The interview
This is where well-meaning small-company interviewers create the most risk, because interviews feel like conversations. Questions about family status, plans to have children, age, national origin, religion, disability, or health — even asked warmly and with good intent — are exactly the questions that surface in discrimination claims. The fix isn't to make interviews robotic; it's to train interviewers on what's off-limits and to keep questions focused on the ability to do the job. (This connects directly to manager training, since hiring managers are usually the interviewers.)
Background checks and assessments
If you run background checks, the federal Fair Credit Reporting Act imposes specific disclosure, authorization, and adverse-action steps — skipping them is a common and avoidable violation. Some jurisdictions add their own rules, and a few now regulate the use of automated/AI hiring tools. Whatever screening you use has to be applied consistently and be genuinely job-related.
The offer letter
The offer is where it all lands, and where small mistakes echo for years:
- At-will language and the right disclaimers, so the letter doesn't accidentally imply a contract or guaranteed term.
- Accurate classification — exempt vs. non-exempt — stated correctly from the start. (See exempt vs. non-exempt.)
- Consistency across similar roles in title, pay, and terms, to avoid pay-equity problems.
- Contingencies (background check, work authorization) stated clearly.
- Equity and IP/confidentiality agreements referenced and executed correctly — the documents that matter most in a future fundraise or acquisition.
The new-state trigger
The moment you hire someone in a state where you don't already have employees, you've triggered registration, policy, and tax obligations there. That's true whether they're your first hire or your fiftieth. Building this into your hiring process — rather than discovering it after the fact — is the core of multi-state hiring compliance.
The takeaway
None of this means hiring has to be slow or bureaucratic. It means the process should be designed once, correctly, so that compliance is built in rather than bolted on at the offer stage. A compliant hiring process is mostly a set of good defaults — the right posting language, a clean application, trained interviewers, proper screening steps, and a solid offer-letter template — applied consistently. Setting those defaults up is exactly the kind of foundational work our HR compliance service handles.
Written by David, founder of Bevel HR — 10+ years of HR inside startups, SaaS, and Fortune 500 brands. Bevel HR provides HR consulting, not legal advice.