HR Rules and Regulations 2026: Guide for US Employers

Confused about which HR rules and regulations apply to your business, and worried you might already be out of compliance? US employers navigate one of the most layered HR compliance landscapes in the world: 180+ federal laws administered by the DOL alone, 50 state systems, hundreds of city ordinances, and a wave of 2025-2026 changes around AI hiring, pay transparency, and worker classification.

This guide breaks down every major category of HR rules and regulations US employers need to know in 2026, including federal anti-discrimination statutes, wage and hour laws, benefits, safety, immigration, data privacy, and the newest state-level rules.

What are HR rules and regulations and why do they matter?

HR rules and regulations are the federal, state, and local laws and administrative rules that govern the employment relationship in the US. They define what employers can and cannot do across the full employee lifecycle, from job postings and interviews to pay, benefits, safety, and terminations.

Federal rules come from statutes (Congress) and regulations (agencies like DOL, EEOC, OSHA, IRS). State and local laws layer on additional protections that often exceed the federal floor, with the more protective rule applying in any conflict.

Why HR rules and regulations matter for your business:

• Legal risk: Non-compliance triggers DOL audits, EEOC charges, OSHA inspections, class actions, and personal manager liability.
• Financial exposure: Penalties range from $1,000 per I-9 violation to $165,514 per willful OSHA violation, plus back wages, liquidated damages, and attorneys' fees.
• Talent and retention: Workers expect pay transparency, leave benefits, and clear anti-harassment policies. Compliance is table stakes.
• Investor and customer confidence: Clean compliance records reduce diligence friction in fundraising, M&A, and enterprise reviews.

Compliance is rarely about one big risk; it's about all four hitting at the same time

What are the most important HR rules and regulations every US employer must follow?

The federal HR laws below touch nearly every US employer. The table maps each major law to its core protection, the enforcing agency, and the employer-size threshold that triggers coverage.

Beyond this federal core, state and local laws add paid sick leave, paid family leave, pay transparency, salary history bans, ban-the-box, predictive scheduling, cannabis protections, and AI-in-hiring rules, all covered later in this guide.

What workplace discrimination laws should every US employer know?

Equal Employment Opportunity (EEO) laws are the foundation of US HR compliance. The EEOC enforces federal anti-discrimination laws that apply at every stage of employment, from job postings to termination.

The seven federal protected classes are:

• Race and color (Title VII)
• Religion (Title VII)
• Sex, including sexual orientation and gender identity (Title VII, post-Bostock, 2020)
• National origin (Title VII)
• Age 40 or older (ADEA)
• Disability (ADA)
• Genetic information (GINA)

Pregnancy is covered through the Pregnancy Discrimination Act (1978) and the PWFA (effective June 27, 2023), which requires reasonable accommodations for pregnancy-related limitations. EEOC final PWFA regulations were published April 19, 2024.

Key federal anti-discrimination statutes at a glance

The EEOC also enforces federal harassment standards. The April 2024 EEOC guidance, the first comprehensive update in 25 years, covers remote-work harassment, digital communications, and gender identity. Every covered employer should maintain a written anti-harassment policy, train managers, and operate a documented complaint procedure.

What are the key wage and hour rules under the FLSA?

The Fair Labor Standards Act (FLSA), signed in 1938, is the foundation of US wage and hour law. The DOL Wage and Hour Division enforces it across minimum wage, overtime, recordkeeping, and child labor.

Federal minimum wage and overtime

• Federal minimum wage: $7.25 per hour, unchanged since July 2009. Most states and cities set higher rates; pay the higher of the two. (For employers hiring abroad, India minimum wage rates vary by state and skill level.)
• Overtime: Non-exempt employees must be paid 1.5x the regular rate for hours over 40 in a workweek.
• Salary threshold for exemption in 2026: $684 per week ($35,568 per year). The DOL's 2024 rule that would have raised it to $1,128 per week was vacated by a Texas federal court in November 2024.
• Highly compensated employee threshold: $107,432 per year (reverted to the 2019 level).
• Duties test: A salary alone does not make an employee exempt. Executive, administrative, professional, computer, or outside sales duties must be met.

Five states require higher 2026 overtime salary thresholds: California ($1,352/week), Colorado ($1,111.23/week), New York ($1,237.50-$1,275/week depending on region), Washington (~$1,541.70/week), and Maine ($871.16/week). Always apply the rule most protective to the employee.

Other FLSA obligations

• Child labor restrictions: minors under 14 generally cannot be employed; 14-15 year olds face hour and occupation limits; 16-17 year olds cannot work in 17 hazardous occupations.
• Recordkeeping: payroll records must be kept for at least 3 years; time and wage computation records for 2 years.
• Break time for nursing mothers: the PUMP Act (2022) extended FLSA protections to nearly all nursing employees.
• Tip credit and tipped employee rules under Section 3(m).

Family and Medical Leave Act (FMLA)

The FMLA (1993) gives eligible employees 12 weeks of unpaid, job-protected leave in a 12-month period for birth or adoption, a serious health condition (their own or a family member's), or qualifying military exigencies. Military caregiver leave extends to 26 weeks. It applies to private employers with 50+ employees within 75 miles, plus all public agencies and schools. Eligibility requires 12+ months of employment and 1,250+ hours in the prior 12 months.

Fourteen states plus DC now require paid family and medical leave (CA, CO, CT, DE, ME, MA, MD, MN, NJ, NY, OR, RI, WA). Coverage thresholds, contribution rates, and benefits vary. (For comparison, India's Maternity Benefit Act mandates 26 weeks of paid maternity leave, and paternity leave in India is sector-dependent.)

What HR rules apply to hiring and onboarding?

The hiring stage is where most discrimination claims and immigration violations originate. Every job posting, application, interview, and offer is subject to multiple rules.

Anti-discrimination in hiring

• Job postings cannot signal preference for protected classes ("recent graduate," "digital native," "Christian environment" have all triggered EEOC charges).
• Interviewers cannot ask about age, marital status, disability, pregnancy, religion, national origin, or arrest records (in most jurisdictions).
• Pre-employment medical exams are restricted under the ADA; medical questions can only be asked after a conditional offer.
• Salary history bans now apply in 21+ states and cities.
• Pay transparency laws require salary ranges in job postings in CA, CO, HI, IL, MD, MN, NY, WA, and DC (and are influencing global HR policy design).

Form I-9 and work authorization

Every US employer must verify identity and employment authorization for every new hire (citizen or noncitizen) by completing Form I-9 within three business days of start. The current edition was published August 1, 2023. I-9s must be kept for 3 years after hire or 1 year after termination, whichever is later.

• E-Verify: Free DHS/SSA tool. Mandatory for federal contractors and certain employers in 22+ states.
• Anti-discrimination in I-9: Employers cannot demand specific documents or treat noncitizens differently. The DOJ's IER enforces.

Background checks and FCRA

Third-party background checks are governed by the Fair Credit Reporting Act. Employers must provide a standalone written disclosure, obtain written authorization, follow a two-step adverse action process, and comply with state "ban the box" laws.

Hiring is where most compliance violations start, so a clean intake process is the single biggest payoff in HR risk reduction

What employee benefits regulations must US employers comply with?

Even small employers usually touch four federal regimes: ACA, ERISA, COBRA, and HIPAA. Larger employers and those offering retirement plans face additional rules.

Affordable Care Act (ACA)

The ACA (2010) requires employers with 50+ full-time equivalent employees (Applicable Large Employers) to offer affordable minimum essential coverage to at least 95% of full-time employees and dependents under 26. Non-compliance triggers the employer shared responsibility payment, exceeding $2,970 per full-time employee in 2025. Annual reporting on Forms 1094-C and 1095-C is required. "Affordable" in 2025 means the employee-only premium does not exceed 9.02% of household income.

ERISA

ERISA (1974) sets federal standards for private-sector retirement and welfare benefit plans (health, dental, vision, disability, life). Required: written plan documents, summary plan descriptions (SPDs), fiduciary standards, claims procedures, and Form 5500 filings. Failing to provide an SPD within 30 days of a written request can cost up to $190 per day in 2025.

COBRA

COBRA applies to employers with 20+ employees offering group health coverage. Qualified beneficiaries can continue coverage for up to 18 or 36 months after a qualifying event. Failures can trigger IRS excise taxes of $100 per day per beneficiary plus ERISA penalties.

HIPAA

HIPAA protects the privacy and security of protected health information (PHI). Group health plan sponsors and any HR staff handling PHI must safeguard it through administrative, physical, and technical controls. Civil penalties range from $137 to $68,928 per violation in 2025, capped at $2.07 million per year for identical violations.

Other benefits rules to watch

• Mental Health Parity and Addiction Equity Act (MHPAEA): coverage parity for mental health and substance use disorders, with expanded enforcement under 2024 final rules.
• Section 125 cafeteria plans and nondiscrimination testing for self-insured health plans, HRAs, 401(k)s, and flexible benefit programs.
• SECURE 2.0 Act (2022): expands retirement plan coverage, auto-enrollment, student loan matching, and emergency savings through 2027.

Benefits compliance touches more federal agencies than any other HR area, and the cost of a missed filing usually outweighs the cost of the benefit itself

What workplace safety laws must US employers follow?

The Occupational Safety and Health Act of 1970 requires almost every private-sector employer to provide a workplace "free from recognized hazards." OSHA enforces it.

Core OSHA obligations include:

• Complying with industry-specific standards (construction, healthcare, general industry, agriculture, maritime).
• Providing training in a language workers understand.
• Maintaining the OSHA 300 log of work-related injuries and illnesses for establishments with 11+ employees in covered industries.
• Reporting any work-related fatality within 8 hours, and any inpatient hospitalization, amputation, or loss of an eye within 24 hours.
• Posting the OSHA "Job Safety and Health: It's the Law" poster and protecting employees from retaliation under Section 11(c).

Maximum 2026 OSHA penalties: $16,550 per serious or other-than-serious violation, $165,514 per willful or repeated violation. OSHA is actively rulemaking on a federal heat illness prevention standard.

Workers' compensation

Workers' compensation is administered at the state level (federal employees under FECA, longshore workers under LHWCA, railroad workers under FELA). Every state except Texas requires most employers to carry coverage.

Workers' comp provides medical care and partial wage replacement for work-related injuries without regard to fault, in exchange for being the exclusive remedy.

How do immigration laws affect HR compliance?

US immigration compliance sits at the intersection of DHS (USCIS, ICE), DOL, DOJ, and DOS. The Immigration and Nationality Act (INA) prohibits hiring or continuing to employ anyone not authorized to work in the US, and prohibits citizenship-status discrimination against work-authorized individuals.

• I-9 verification: Required for every new hire within 3 business days of start date.
• Visa-sponsored workers: H-1B, L-1, O-1, TN, E-3 visas each carry distinct documentation, wage, and posting obligations. H-1B wages must meet or exceed the DOL prevailing wage. (US employees relocating to India face their own dual-tax and payroll setup.)
• ICE I-9 audits: Record audits in 2024-2025. Fines: $281-$2,789 for paperwork violations; up to $27,894 per worker for knowingly employing unauthorized people.
• Anti-discrimination: Document abuse, national origin, and citizenship-status discrimination are prosecuted by the DOJ's Immigrant and Employee Rights Section.

Immigration mistakes are among the easiest to make and the hardest to defend, since every new hire and every visa renewal is its own compliance event

How do data privacy rules apply to employee information?

There is no single federal employee privacy law, but a patchwork of federal statutes (HIPAA, GINA, FCRA, ADA) and rapidly evolving state laws. A written data protection policy (DPP) has become essential for multi-state employers.

• California (CCPA/CPRA): Since January 1, 2023, employee, applicant, and contractor data is fully covered. Employers must provide notice at collection, honor access and deletion rights, and execute compliant vendor contracts.
• Other state consumer privacy laws: VA, CO, CT, UT, TX, OR, MT, IA and 10+ more have comprehensive privacy laws, though most exempt employee data. Confirm jurisdiction by jurisdiction.
• Biometric data: Illinois (BIPA), Texas, and Washington restrict collection and use of biometric identifiers. Illinois statutory damages are $1,000-$5,000 per violation.
• AI hiring tools: NYC Local Law 144, Colorado AI Act (effective 2026), and Illinois HB 3773 regulate automated employment decision tools, requiring bias audits, candidate notice, and (in Colorado) algorithmic risk management.

Privacy is no longer just an IT issue; HR owns it for every employee record, vendor contract, and hiring tool

How do state-level HR rules add complexity to compliance?

Federal law sets the floor. State and city laws set the ceiling. For multi-state employers, the state layer is usually where 70-80% of compliance work happens. These are the categories that vary most:

In practice, an HR team running payroll across CA, NY, TX, and IL is running four compliance programs in parallel. Tooling and a written state-by-state matrix become essential past five states.

What are the main types of HR compliance?

HR rules fall into four broad categories. Understanding the type helps assign ownership and build the right control.

• Statutory compliance: Government-mandated employment laws (FLSA, Title VII, OSHA, FMLA, ACA, INA) that apply automatically based on size, industry, and location.
• Regulatory compliance: Agency rules and guidance (EEOC regulations, DOL opinion letters, OSHA standards, IRS rulings) that interpret the underlying statutes.
• Contractual compliance: Obligations from employment agreements and offer letters, CBAs, separation agreements, and vendor contracts.
• Union and labor relations compliance: NLRA obligations around organizing, bargaining, and protected concerted activity, including non-union employers.

Knowing which type a rule falls under tells you who owns it, where it lives, and how often it changes

What emerging HR rules and regulations should employers watch in 2026?

Five areas are shifting fastest. Each is already on the books somewhere and spreading state by state.

AI and algorithmic decision-making in hiring

NYC Local Law 144 (July 2023) requires bias audits and candidate notice for automated employment decision tools. The Colorado AI Act takes effect February 1, 2026, requiring risk management programs and impact assessments for high-risk AI systems in employment. Illinois HB 3773 makes discriminatory AI use in employment decisions unlawful under the Illinois Human Rights Act effective January 1, 2026.

Pay transparency expansion

Salary-range-in-posting laws have passed in California, Colorado, Hawaii, Illinois, Maryland, Minnesota, New York, Washington, and DC. Expect 2026-2027 expansion to New Jersey, Massachusetts, and Vermont.

Worker classification

The DOL's January 2024 final rule on independent-contractor classification returned to a six-factor "economic reality" test, making it harder to classify workers as contractors. California (AB 5), Massachusetts, and New Jersey apply ABC tests. Misclassification triggers back wages, payroll taxes, and benefit liabilities.

Pregnant Workers Fairness Act and harassment guidance

The PWFA's 2024 final regulations expanded employer obligations beyond ADA accommodations. The EEOC's April 2024 harassment guidance is the first comprehensive update in 25 years.

The end of the federal non-compete ban

The FTC's nationwide non-compete rule was vacated in August 2024. The FTC withdrew its appeals in September 2025 and confirmed a case-by-case enforcement approach. State law now fully governs.

Federal rules are stuck, states are moving fast, and compliance plans need to watch both

What are the penalties for non-compliance with HR rules and regulations?

Legal fees, settlements, and brand damage usually exceed the statutory fine, but penalties are the most visible cost. Strong compliance management across these statutes is what separates audited-clean employers from those caught flat-footed. Here is what 2026 looks like across the major statutes:

When even one of these slips, the cost shows up in the next audit or lawsuit, not in next quarter's HR review.

What are the most common HR compliance challenges?

Even well-staffed HR teams hit the same five walls. Spot them early and the rest of compliance gets easier.

• Keeping up with constantly changing law: States pass hundreds of employment bills a year. Subscribe to government update feeds and use a compliance-tracking platform.
• Multi-state and multi-city compliance: Even at 25 employees, a remote-friendly employer can touch 8-10 jurisdictions. Build a state-by-state compliance matrix.
• Worker classification: Misclassifying employees as contractors or non-exempt as exempt are the most expensive FLSA mistakes (and the same risk exists in cross-border contractor arrangements). Run an annual classification audit.
• Documentation and recordkeeping: Most enforcement actions are won or lost on documentation: personnel files, I-9s, EEO-1 reports, payroll records, OSHA logs, FMLA notices, and a current employee handbook.
• Manager training: Managers make most day-to-day people decisions and are the largest source of compliance risk (which compounds when leading cross-cultural teams). Train new managers within 30 days of promotion.

None of these are one-and-done. They're recurring habits, and the teams that build them quietly avoid the cases everyone else ends up settling.

What are the best practices to maintain HR compliance in 2026?

Five practices distinguish HR teams that pass audits from those that get caught:

• Build a written compliance calendar: Map every required filing, training, posting, and notice (EEO-1, OSHA 300A, ACA 1094-C, Form 5500, state pay reports) into a single compliance calculation workflow.
• Conduct annual self-audits: I-9, payroll classification, wage-and-hour, benefits plan, and harassment policy reviews.
• Update your handbook every 12 months: Cover every state where you employ workers; include addenda for paid leave, sick time, cannabis, and pay transparency.
• Train managers, not just HR: Mandatory harassment prevention training in CA, CT, DE, IL, ME, NY, WA.
• Use technology with compliance built in: HRIS, payroll, ATS, and global employment platforms with state-specific updates dramatically reduce risk versus spreadsheets.
• Document everything: Every accommodation request, leave designation, performance conversation, complaint, and investigation.

Audit-ready isn't a one-time project; it's a system you build once and tend to monthly.

How does Wisemonk help US companies stay compliant when hiring globally?

US HR rules are demanding enough. The moment your team includes a single employee outside the US, the compliance map doubles in size.

Wisemonk is the leading Employer of Record (EOR) in India, now expanding into the US and UK to help global teams stay compliant on both sides of the border. We layer local labor compliance (EPF, ESI, gratuity, professional tax, state Shops and Establishments rules, the four new Labor Codes) on top of your US-side employment relationship.

Here is what we do for 300+ global companies:

• EOR from $99/employee/month: Hire in India in 24-48 hours without a legal entity. Full statutory compliance, payroll, benefits, HR support.
• Compliant employment contracts: Drafted under the Indian Contract Act and state Shops and Establishments Act, with IP and confidentiality clauses.
• Managed payroll: USD/EUR/GBP in, INR out. Full FX transparency. All statutory filings handled (EPF, ESI, TDS, professional tax, LWF).
• Dedicated India HR manager: Named contact for hiring, employee queries, and compliance updates.
• Risk mitigation: Protection from misclassification, non-compliance penalties, and accidental Permanent Establishment exposure in India.