Regulators covered
Which frameworks the hr and recruitment pack maps to today.
Adapter coverage
Upstream services Vortalis adapts for this vertical.
No Vortalis-side adapters ship for HR and recruitment. The calling system holds the ATS credentials (Greenhouse, Lever, Workday Recruiting, Ashby, or the tenant's bespoke ATS), the background-check provider credentials, and the email-provider tokens directly. Vortalis governs the action at the agent boundary; the operator's existing integrations carry the action through to the live ATS.
Action vocabulary
The policy template for this vertical.
Actions allowed
12
Each action gated by policy at the hot path.
Anticipated require_human actions
- candidate.rejected
- candidate.hired
Rate-limit posture
Two hundred scores per rolling 24-hour window on candidate.scored; one hundred outbound messages per 24-hour window on candidate.communication_sent; fifty rejections per 24-hour window on candidate.rejected. Defensible for a single-requisition engagement; raise after agreeing the volume with the tenant's recruiting lead.
Template path: policies/sectors/hr-recruitment/candidate-screening-template.yaml
Integration brief
The implementation guide your engineers read first.
Available
docs/governance/integration-briefs/hr-recruitment.md
Honest limits
What this sector pack does not do.
Vortalis does not perform the bias audit itself; it produces the audit-trail evidence that an independent bias auditor uses.
NYC Local Law 144 § 20-871(a) requires an independent bias audit conducted by an entity that has no role in developing, distributing, or deploying the AEDT. Vortalis is the governance layer that records every candidate-facing action into a tamper-evident chain; that chain is what the bias auditor reads, alongside the operator's demographic data and outcome data. The auditor's selection, scope, and findings remain the operator's responsibility, and the auditor's report is published on the operator's website per the bias-audit obligation, not on the Vortalis surface.
Counterparty certification with ATS providers, background-check vendors, and email providers is the operator's responsibility.
Per the public limitations page, Vortalis ships adapters as code, not as counterparty-certified production integrations. The HR and recruitment pack relies on the operator's existing ATS, background-check, and email-provider credentials; the conformance and data-processing terms of those upstream services are governed by the operator's contract with each one, not by Vortalis. The candidate's data-protection rights under GDPR Article 22 (where the candidate sits in scope) flow through the operator's controllership relationship with each upstream service.
Decisions on protected categories appear in the audit trail; the determination of which categories are protected is jurisdiction-specific and is the operator's responsibility to encode in policy.
The candidate-screening policy template marks candidate.date_of_birth and candidate.protected_characteristic as redacted at the policy boundary, so the agent does not see them on the scoring path. The set of categories that count as protected (race, sex, age, disability, religion, sexual orientation, gender reassignment, marital status, pregnancy and maternity, in UK Equality Act 2010 terms; equivalent under federal Title VII and state laws in the US; equivalent under EU non-discrimination directives) depends on the jurisdiction the candidate sits in. The operator encodes the right set into Tenant.config and the policy template's data_access.fields block; Vortalis enforces the policy as encoded. The annual bias audit reads the audit trail against demographic data the operator supplies separately.
candidate.rejected and candidate.hired always require human approval.
Both are listed in the policy template's anticipated Tenant.config['require_human_actions']. The require_human flow in Section 7 of the integration brief is mandatory before the engagement goes to production. A calling system that does not implement the four-part flow (persistent resumption state, approval discovery via polling, resume execution, post-hoc record) will appear functional during early testing and will fail silently the first time the agent reaches the funnel's end. The EU AI Act Article 14 human oversight requirement and the NYC LL 144 treatment of AEDTs as decision-support rather than decision-replacement both rest on this gate.
agent.action_blocked records client-side rejections; it does not enforce them.
The client-side rejection vocabulary lets the calling system tell Vortalis it refused an action the agent proposed. The audit chain logs that rejection so a bias auditor sees the complete decision history including the actions that never reached the upstream API (a candidate the agent considered scoring but skipped under a calibration band rule, a rejection the agent considered drafting but blocked under a fairness check). The enforcement itself sits in the calling system; Vortalis records the client-side decision, it does not duplicate it.
The general-purpose honest limits sit at /security/limitations; this list is specific to the hr and recruitment pack.
Bring Vortalis to your hr and recruitment agents.
Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.