HRStak / Blog / HR Compliance Checklist 2026

Small Business HR Compliance Checklist for 2026

Published March 7, 2026

Missing a single compliance requirement can cost your small business thousands in fines, lawsuits, or back wages. This checklist covers every federal, state, and local obligation you need to meet in 2026.

Why HR Compliance Matters More in 2026

Enforcement is not slowing down. The DOL recovered over $274 million in back wages in recent years, and EEOC charges keep climbing. For small businesses running without a dedicated HR team, compliance gaps are quietly the most expensive risk on your plate — and usually the last one anyone is tracking.

We have organized this checklist by category so you can work through your compliance status without getting lost. Each item tells you the employee threshold that triggers the requirement and what you actually need to do about it. So what does this mean in practice? It means you can move through this section by section, check your status, and know exactly where your exposure is. But here is the real question: when was the last time you actually sat down and reviewed your compliance obligations from top to bottom?

1. Hiring and Onboarding Compliance

New Hire Requirements

  • I-9 verification -- You've got 3 business days from the hire date to complete Form I-9. Keep an eye on document expiration dates and reverify before they lapse. Applies to all employers, no headcount minimum.
  • W-4 and state withholding forms -- Collect federal and state tax withholding elections before you run that first payroll. Easy to overlook, painful to fix retroactively — and the longer it goes uncorrected the more paperwork and back-calculations you are dealing with when someone finally catches it.
  • New hire reporting -- Most states want new hire reports within 20 days — some want them faster. All employers, regardless of size.
  • E-Verify -- Federal contractors must use it. So do employers in AZ, MS, AL, SC, TN, UT, GA, NC, and a growing list of others. Check your state's current rules.
  • Background check disclosures -- FCRA requires written consent before you run any background check. Also, many states and cities have ban-the-box laws that restrict when you can even ask about criminal history — and the list keeps growing. Are you sure your application forms are still compliant with the latest rules in every state where you hire?
  • Offer letter essentials -- Every offer letter should include the position, compensation, at-will status if applicable, start date, and any contingencies. And if you're posting jobs in states that now require pay range disclosure, that is not optional anymore.

2. Wage and Hour Compliance

FLSA and State Wage Laws

  • Minimum wage -- The federal floor is $7.25/hr, but 30+ states and dozens of cities have set higher rates. If you have employees in multiple jurisdictions, you need to check each one — these rates change every year.
  • Overtime classification -- Employees earning below the FLSA salary threshold must be classified non-exempt and paid overtime. Misclassification is, by far, the most common wage violation we see small businesses stumble into — and it's one that compounds fast when you factor in back pay across multiple employees.
  • Pay transparency -- At least 10 states now require salary ranges in job postings. Colorado, California, Washington, New York — and others are following. Check where you're hiring.
  • Pay stub requirements -- Most states require detailed pay stubs: hours worked, pay rate, deductions, net pay. What exactly you need to show varies by state.
  • Final paycheck timing -- States set their own deadlines here. California, for instance, requires same-day payment on involuntary termination. Other states give you more time. Know your state's rules before someone walks out the door.
  • Independent contractor classification -- Both the IRS and DOL have tests to determine whether a worker is truly a contractor. Getting this wrong triggers back taxes, penalties, and benefit obligations. It is not a gray area you want to guess at, especially when the penalties include back taxes, benefits obligations, and potentially years of compounded liability across every misclassified worker on your books.

HRStak's AI Compliance Autopilot monitors these requirements automatically and alerts you when deadlines approach or laws change.

3. Anti-Discrimination and Harassment

Equal Employment Obligations

  • EEO-1 reporting -- Required if you have 100+ employees, or 50+ as a federal contractor. You're submitting annual demographic workforce data — missing the deadline isn't a small thing.
  • Anti-harassment policy -- Many states require a written policy that covers sexual harassment, retaliation, and how employees can report incidents. It needs to reach every employee, not just sit in a drawer — and it is not enough to distribute it once during onboarding and assume everyone remembers.
  • Harassment training -- CA, CT, DE, IL, ME, NY, and others mandate it. How often and how long the training needs to be differs by state — and you need to track completion dates.
  • Reasonable accommodation -- ADA's interactive process applies at 15+ employees, though many states set lower thresholds. When an employee asks for an accommodation, ignoring it is not a legal option.
  • Religious accommodation -- Title VII requires you to accommodate sincerely held religious beliefs unless it creates genuine undue hardship. Applies at 15+ employees.
  • Pregnancy accommodation -- The Pregnant Workers Fairness Act now requires reasonable accommodations for pregnancy-related conditions at 15+ employees. This one's newer — make sure your managers know about it.

4. Leave and Benefits Compliance

Mandated Leave and Benefits

  • FMLA -- 12 weeks of unpaid, job-protected leave for qualifying events. Kicks in at 50+ employees within 75 miles. You need to track eligibility, issue required notices, and maintain health benefits throughout the leave.
  • State paid family leave -- CA, NY, NJ, WA, MA, CT, CO, OR, MD, DE, and MN have programs either active or rolling out. Contribution rules and benefit structures vary significantly — this is not one you can generalize across states.
  • Paid sick leave -- 15+ states and a long list of cities now mandate paid sick leave. Accrual rates, caps, and carryover rules are different nearly everywhere. Worth auditing annually.
  • ACA compliance -- If you're an Applicable Large Employer (50+ full-time equivalents), you must offer affordable minimum essential coverage. Annual 1095-C filings are part of the deal.
  • COBRA -- At 20+ employees, you're required to offer continuation coverage for 18–36 months after qualifying events. The notice deadlines are strict — do not wing it.
  • Workers' compensation -- Nearly every state requires it, for nearly every employer. Get coverage, post required notices, and report injuries promptly. This one is non-negotiable.

5. Workplace Safety and Postings

OSHA and Workplace Requirements

  • OSHA recordkeeping -- If you have 10+ employees in most industries, you're maintaining an OSHA 300 log of workplace injuries and illnesses. The annual summary goes up February 1st and stays posted through April 30th.
  • Required workplace postings -- Federal law requires FLSA, FMLA, EEO, OSHA, and EPPA posters, plus whatever your state requires on top of that. Poster requirements change, so do not assume last year's set is still current.
  • Safety training -- OSHA mandates training for specific hazards. General industry and construction standards have their own detailed requirements — one-size training does not work here.
  • Workplace violence prevention -- California now requires a formal workplace violence prevention plan. Other states are watching. Honestly, even where it's not mandated yet, having a plan is just good practice.

6. Recordkeeping and Data

Document Retention

  • Personnel files -- Hold onto these for at least 3 years after termination, longer for some record types. Secure storage, limited access — not a shared drive folder anyone can browse. How confident are you that your current storage setup meets these requirements?
  • Payroll records -- FLSA says 3 years. Time cards and schedules need 2 years minimum. Some states want more. When in doubt, keep longer.
  • I-9 forms -- Retain for 3 years from hire date or 1 year after termination, whichever comes later. Store them separately from personnel files — this is an audit requirement, not just a suggestion.
  • Employee data privacy -- States are passing employee data privacy laws faster than most HR teams can track. The general direction: collect only what you need, store it securely, and give employees access when they ask.
  • Medical records -- ADA requires these to live in a separate file from the general personnel record, with restricted access. Keep them for the full duration of employment plus one year after — and make sure whoever manages your files actually knows that rule.

7. Termination and Separation

Offboarding Compliance

  • WARN Act -- 60 days advance notice is required for plant closings or mass layoffs affecting 50+ employees. Many states have mini-WARN acts with lower headcount thresholds and longer notice windows. Check before you announce anything.
  • Final paycheck -- Deadlines are state-specific. Some require immediate payment on involuntary termination. Where state law requires it, that final check needs to include accrued, unused PTO.
  • COBRA notice -- You have 44 days from the qualifying event. That breaks down as 14 days for you to notify the plan administrator, then 30 days for the administrator to notify the employee. Miss those windows and you're exposed.
  • Unemployment insurance -- Respond to claims on time. Sloppy separation records make it hard to fight fraudulent claims — and fraudulent claims drive up your tax rate.
  • Non-compete enforceability -- The FTC and a growing number of states are restricting or outright banning non-competes. Any agreements you have already issued are worth reviewing with an employment attorney before you try to enforce them. When was the last time you had yours reviewed?

Automate Your HR Compliance

HRStak's AI Compliance Autopilot monitors requirements, generates compliant documents, and alerts you before deadlines hit. We cover 20 compliance tools across US, Canada, and UK employment law — so you're not doing this manually.

Get Early Access

Your Monthly Compliance Rhythm

Let's be honest — compliance is not something you audit once and forget. Build these activities into how you actually run the business:

  1. Monthly: Check new hires for I-9 completion, look up any minimum wage updates in your jurisdictions, confirm workers' comp covers any new roles you've added.
  2. Quarterly: Audit overtime classifications, scan for state-specific leave law changes, and swap out any workplace postings that have gone stale.
  3. Annually: Refresh the employee handbook, pull harassment training completion records, audit your ACA obligations, file EEO-1 if you're required to, and post the OSHA 300A summary on February 1st.

Is it worth the time investment? Here's what the math looks like: a single FLSA misclassification case can run $10,000–$50,000 in back wages and penalties, and an ADA accommodation failure can easily hit six figures when you factor in legal fees, settlement costs, and reputational damage. The time you put into getting this right now is nothing compared to what it costs when something goes wrong.

If you're handling HR for a small business without a compliance team behind you, AI-powered tools can keep you current as regulations shift and generate compliant documents when you need them. That's exactly what we built HRStak to do.

More from the HRStak Blog

Onboarding Best Practices How to Choose HR Software