Your AI Hiring Tool Works Great. It's Also Illegal in Four Months.

Odoo HR ships AI candidate screening and scoring via native features and add-ons, but has zero compliance infrastructure for the Colorado AI Act (SB 24-205). June 2026 deadline, zero modules on the roadmap.

Affects: Colorado small businesses using Odoo, n8n, Zoho Recruit, or Manatal for AI-assisted hiring

Signal

Pain Point Radar detected a structural compliance gap across the AI hiring tool ecosystem — sharpest in Odoo HR, confirmed across n8n, Zoho Recruit, and Manatal. All four platforms ship AI-powered candidate screening, scoring, and automated rejection. None ship the compliance infrastructure that Colorado's AI Act (SB 24-205) requires by June 30, 2026. Across every platform — forums, GitHub, app stores, community discussions — zero mention of the Colorado AI Act, algorithmic bias auditing, or impact assessments.

Context

Colorado SB 24-205 classifies any AI system that plays a "substantial factor" in employment decisions as high-risk. Resume scoring, candidate ranking, and automated filtering all qualify. No revenue minimum. No employee count threshold. Every deployer must satisfy six obligations by June 30: a risk management policy, an impact assessment before deployment, pre-decision candidate notification, post-adverse-decision disclosure with human appeal, a public website statement on algorithmic discrimination, and a 90-day discrimination reporting duty to the Attorney General.

Penalties are $20,000 per violation — each affected candidate counts separately. A small deployer exemption relieves businesses under 50 employees from three of the six obligations, but only if they didn't train the AI on their own data. Even exempt deployers must still notify candidates, provide post-rejection disclosures, and report discrimination.

Gap Analysis

I went looking. Across the entire Odoo ecosystem — 16 million users, 16,000 modules, 4,500 community repositories — not a single mention of the Colorado AI Act. No bias auditing modules. No impact assessment templates. No candidate notification system. Nothing.

Odoo 18 natively includes candidate ranking and predictive scoring. Third-party add-ons use GPT-5 to parse resumes and produce evaluation scores for $0.01 per candidate. Odoo has certified partners in Denver and Colorado Springs deploying these tools right now. The same gap holds across n8n's 15+ AI hiring templates (one auto-rejects below a score of 40 with no human review), Zoho Recruit's Zia AI (sentiment analysis and emotional state detection in interviews), and Manatal's AI-first ATS (claims "no bias" without validation).

The gap is structural, not cosmetic. These tools provide the regulated capability but none of the mandatory governance layer. The software does the thing — but can't do the thing legally.

Impact

Colorado has roughly 27% business AI adoption, projected to hit 34% within six months — the highest in the country. Extrapolating national AI hiring adoption rates suggests 20,000–50,000 Colorado businesses may be in scope. The compliance consulting boom confirms it: fifteen-plus vendors now market Colorado AI Act services, and one developer on Hacker News put the math plainly — "$50K for a GRC platform, $500/hr for a law firm, or wing it."

The problem compounds for remote hiring. NYC Local Law 144, Illinois HB 3773, and California's incoming ADMT regulations each use different definitions, different obligations, and different enforcement. A Colorado company screening candidates across those states faces four overlapping frameworks. The tools don't help with any of them.

Options

1. Audit and build the compliance layer manually. Identify every point where AI touches candidate evaluation, then build notification templates, adverse decision disclosures, human appeal workflows, and a public website statement outside your ATS. The law doesn't require your software to handle compliance — it requires you to handle compliance.

2. Disable AI features and screen manually until compliant. The most disruptive option, but it eliminates the gap entirely. If your AI screening is a plugin or add-on, turning it off may be simpler than building governance around it.

3. Pressure your vendors. Odoo's open-source community built 49 country-specific localizations for tax and invoicing. The OCA has 1,500 contributors who know how to build compliance modules — they just haven't noticed this one yet. File the GitHub issues. Start the forum threads. The community built PEPPOL support when Europe required it. Same pattern applies here.

We can assess your exposure and map a compliance path before the deadline hits.