Skip to main content Skip to footer site map

Top Regulatory Issues of 2024: What Businesses Should Know and Prepare For

  • Compliance
  • Article
  • 6 min. Read
  • Last Updated: 12/04/2023

Employers should review their privacy and cybersecurity programs regularly to reflect changes to the business and keep up with AI

Table of Contents

You hear it every day, in every conversation, newscast on the TV, or in line at your favorite coffee shop; AI – artificial intelligence. You’ll continue to hear it throughout 2024 as AI surges into every facet of our lives, both personal and professional. It will, as it probably already has, impact your business.

The coming year will see legislation and regulatory action around AI. Some big players such as Google, Meta, and Microsoft, not to mention the European Union and the U.S. government have begun to shape the “dos” and don’ts” of the budding industry.

In 2024, businesses also will need to keep up with the impact of legislation and regulations aimed at advancing the employee experience, whether that is worker safety, workplace retirement plans, or an expected new overtime rule.

Our in-house compliance analysts at Paychex compiled a list of regulatory issues that could impact businesses the most in 2024 to help employers and HR professionals prepare for what could be coming down the road. 

Artificial Intelligence Regulation

AI is changing how we work and there is a potential huge upside for small- and mid-sized businesses to incorporate AI in to automating tasks or providing better access to information that can help improve decision-making.

And then there are significant risks, especially if a business doesn’t fully understand how the use of AI relates to its workflows.

Artificial intelligence has limitations, including the potential to introduce bias, threaten copyright protections, and weaken the protections around an individual’s personal privacy, to name a few. 

AI is, as its name indicates, “artificial” intelligence. It gets its power from the humans that control it, and understanding when to apply human traits such as compassion, creativity, and innovation can go a long way to harnessing the good AI can do. So, should AI be regulated?

Federal, state, and local governments have begun the task of catching up to the technology, focusing attention on regulatory action to ensure AI technology continues to be developed ethically and used responsibly. For example:

  • Executive Order on Artificial Intelligence announced by Biden administration to establish standards for safety and security, protect privacy, and promote innovation.
  • Takeaways included:
    • Requiring developers of AI systems to share safety test results with the federal government.
    • Developing standards and tools to detect AI-enabled fraud.

These examples are from the Safety and Security section of the executive order, one of six sections. Other section topics include privacy, equity and civil rights, consumers, and more.

Congress also continues to propose bills regarding the development and use of AI.

At the state level, a great deal of regulatory activities included focusing on the establishment of guardrails for the responsible use of artificial intelligence.

It is noteworthy that in a presidential election year, a great deal of attention has been given to political ads. Facebook and Instagram require disclosure on their platforms if AI is used to create a political ad, while Meta’s policy includes the use of labels. Microsoft has a tool that allows digital watermarks to be inserted on their political content to validate its authenticity.

Internationally, the release of the EU AI Act by the European Union could serve as a global framework around the governance of the use and sale of AI, which addresses the risks of AI technology with the goal of safeguarding health, safety, and fundamental rights. 

AI can help improve efficiency and raise productivity, but employers need to assess the risks of using tools that leverage AI and implement safeguards as they seek to enhance their internal business processes. Business owners also need to be aware of all the regulatory requirements in the various jurisdictions where they conduct business, including audits and disclosure requirements at the state and local levels.

Data Privacy and Cybersecurity

Data is everywhere in our interconnected world, leaving businesses with the challenge of protecting their employees’ and customers’ most-vital information from cyberattacks. Data breach notification and data protection laws continue to broaden across most states, which means small- to mid-sized businesses must remain vigilant to stay compliant.

No business is immune, even those who have high-quality cybersecurity systems. Take the breach at MGM Resorts in Las Vegas in September 2023, for example, that forced one of the world’s largest casinos to shut down its system to thwart further exposure of customers’ personal details, including contact information, date of birth, and driver’s license numbers.

Now consider your own business, which has the same responsibility of protecting the important personal data of your customers or clients.

Employers should review their privacy and cybersecurity programs regularly to ensure they reflect changes to the business since the previous review.

Workplace technology solutions such as biometrics, facial recognition, and geolocation continue to evolve. However, employers need to be aware of privacy laws, regulations, and best practices governing each solution. 

Eleven states have consumer data privacy laws and five went into effect in 2023 – California Consumer Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act. Florida, Montana, Oregon, Texas, and Washington have privacy laws taking effect in the coming year.

Also, in 2024, businesses can expect to see more efforts to control the collection, storage, and use of this type of data, so it is important that the solution you are considering complies with the rules and regulations of your state.

Plus, with the hybrid work environment the norm, employers will have to be more diligent with:

  • Training workers about best data protection practices
  • Educating workers on how to recognize the various forms of a potential cyberattack (e.g., phishing, smishing, malware, ransomware, etc.)

Wage and Hour Regulations

Following listening sessions that date back to 2022 and a public comment period on the proposed rule, the U.S. Department of Labor is getting ready to announce the final overtime rule. The final rule, expected to increase the white-collar salary threshold exemption significantly, is likely to be challenged in court, much like overtime rulemaking attempts in prior administrations.

Businesses should know that, if it stands as proposed, the salary threshold exemption would be just a few hundred dollars shy of doubling the current weekly salary threshold exemption.

Despite the uncertainty of when this final rule will be published, employers should prepare for the potential impacts to their business, including which employees will be impacted, how it will affect budgets, procedures related to payroll, and even morale if wage compression comes into play.

For employers who must also consider state, local, and even industry-specific wage and hour laws and regulations, it’s no surprise that wage and hour compliance presents a major challenge.

Non-compliance can be costly, too, including potential monetary civil penalties for each violation under the Fair Labor Standards Act (FLSA) in addition to any fines or penalties that exist at the state and local levels.

Minimum wage is always on the minds of employers, especially if you have businesses located in multiple states and local jurisdictions. The following states will see minimum wage increases Jan. 1, 2024:

  • Alaska, Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Michigan, Minnesota, Missouri, Montana, Nebraska, New Jersey, New York, Ohio, Rhode Island, South Dakota, Vermont, and Washington.
  • Most of these increases were previously scheduled.
  • Nevada’s minimum will increase on July 1, 2024, due to a ballot measure that eliminated its tiered minimum wage based on whether health benefits were offered.
  • Michigan could see additional developments around minimum wage depending on the outcome of ongoing litigation.

Additionally, the elimination of sub-minimum wage rates and tip credits in certain jurisdictions have occurred at the state and local level, including Washington, D.C., and Chicago. Industry-specific requirements in the hospitality, retail, and healthcare sectors continue, too.

In California, the signing of a law (AB 1228) in September 2023 repealed the Fast Food Accountability and Standards (FAST) Recovery Act while establishing new regulations in the state’s fast-food industry. The minimum wage will increase to $20 starting April, 1, 2024, and a council has the ability to raise the minimum on January 1 of every year, and set different minimums based on the region. 

In mid-October 2023, a law (SB 525) was signed in California that gradually would raise the minimum wage for any employees working in healthcare to $25 per hour. This includes medical technicians, nursing aides, and custodians, to name a few.

Using California is just one example of the complexity of multi-tiered requirements that employers must track and understand to stay compliant with wage and hour laws and regulations.

Another such tiered requirement is in New York state, where there are different minimum wages in New York City, Long Island and Westchester County, and the rest of the state. And in Maryland, where the minimum wage increases to $15 in January 2024, employers can pay workers who are younger than 18 only 85% of that per-hour wage.

OSHA/Workplace Safety

Worker safety standards are evolving, so the Occupational Safety and Health Administration (OSHA) and OSHA-approved State Plans continue to reflect that changing environment. Businesses must stay informed to comply with the current standards because the requirements and enforcement of those requirements are increasing.

Plus, businesses could require OSHA certification and training to avoid violations that could be discovered during an OSHA inspection.

In fact, to conduct more inspections, federal OSHA proposed a clarification to a rule that would broaden the definition of a third-party representative. An employee or non-employee from a third party may be authorized to walk an inspection if it is determined by a compliance officer that the individual’s presence is reasonably necessary. Also, third-party representatives don’t have to be safety engineers, for example, but rather possess knowledge and experience on workplace conditions or even language skills that can assist in communicating with employees.

The U.S. DOL does have another revised rule that goes into effect Jan. 1, 2024, that requires designated high-hazard industries with 100 or more employees to submit reports electronically on injury and illness information. Forms must be submitted for the 2023 calendar year by March 2, 2024. The DOL includes manufacturing, construction, grocery stores, retail, and even performing arts among its high-hazard industries.

Employers need to:

  • Check on the applicability of this rule to their business
  • Assess their record-keeping procedures
  • Find out if there are additional requirements from their state

Heat and heat-related illness is a hot-button topic, so while OSHA continues developing a rule it also has noted that it will increase inspections and enforcement. Businesses can be proactive in protecting their employees by establishing policies and strategies based on OSHA recommendations such as acclimation of new workers through shorter work shifts to build tolerance to the heat conditions, training that includes identification and recognition of symptoms, etc.

States with OSHA-approved plans have gotten ahead of federal OSHA when it comes to rules on heat and heat illness, including for indoor settings. The following states have their own standards:

  • California, Colorado, Minnesota, Oregon, and Washington

Temperatures don’t have to get blistering hot for employers to have requirements. Cal/OSHA’s Heat Illness Prevention Standard is triggered when the temperature hits 80 degrees Fahrenheit, and employers would then have to provide water, shade, and even additional training.

The evolution of workplace and worker safety has evolved beyond falls or accidents. California passed legislation requiring most employers to implement a workplace violence prevention plan in 2024. Those plans must include the process/policy for addressing issues involving violence at the workplace and:

  • Training
  • Maintaining records
  • Communicating with employees

OSHA has taken note of some of these state initiatives and has begun discussion and developing potential rules at the federal level.

Retirement Planning

There is a beginning and an end to one’s professional life, and that goes for employers and employees. However, preparing and helping others be prepared for retirement can take place during one’s full working career.

SECURE Act and SECURE 2.0 Act have made preparing easier and the impact of those laws will continue to be felt for years to come.

Businesses can take advantage of a Pooled Employer Plan (PEP), which pools assets of many employers into one large plan. Employers can save time and money because most of the administration tasks are handled by a Pooled Plan Provider, which also helps reduce the fiduciary risks for the employer.  Tax credits also are offered through the SECURE Act – up to $16,500 over three years for starting a plan that includes auto-enrollment.

SECURE Act 2.0 expanded some of the tax credits available under the SECURE Act, which coupled with the continued growth of state-mandated workplace retirement programs has helped accelerate access to retirement plans. According to the U.S. Bureau of Labor Statistics, 69% of private-industry workers had access to employer-provided retirement plans as of March 20221

At the state level, 16 states have enacted laws for workplace retirement plans, with three – Maine, New York, and New Mexico – expected in 2024 to join the seven that have implemented their programs.

  • California
  • Colorado
  • Connecticut
  • Illinois
  • Maryland
  • Oregon
  • Virginia

As of October 2023, seven additional states have proposed legislation for workplace retirement savings programs.

In 2024, expect regulatory guidance on key provisions of SECURE 2.0, notably the need for clarity on student loan matching contributions, as well as scrutiny on the infrastructure needed to support several distribution types that the law permits – particularly, emergency distributions and distributions to victims of domestic violence.

Other Areas of Interest for Businesses To Consider

Paid Family and Medical Leave (PFML): Fourteen states and Washington, D.C., have passed paid family leave laws as of Jan. 1, 2024, including California, Colorado, Connecticut, Delaware, Maine, Maryland, Massachusetts, Minnesota, New Hampshire, New Jersey, New York, Oregon, Rhode Island, and Washington state.

State programs vary, so employers with employees in multiple states might need to accommodate different eligibility requirements, benefits, length of leaves, and even implementation dates in some cases. Employers will need to know what is expected to remain compliant, as well as understand that these programs are funded through payroll taxes paid by employees. In some cases, employer-paid payroll taxes also will help fund the programs.

E-Verify: This web-based system allows employers to verify that newly hired employees are eligible to work in the U.S. by matching the information provided on the completed Form I-9 with the information the Social Security Administration and Department of Homeland Security have on record about the employees.

E-Verify is a voluntary program, but employers, including private employers, might be required to utilize the program under either federal or state law. The following states have mandates that certain businesses use E-Verify, including Alabama, Arizona, Florida, Georgia, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Utah.

In 2024, E-Verify Next Generation is scheduled for release, further integrating the I-9 process with E-Verify and allowing a new employee to enter required information electronically, including uploading acceptable identification documents into a personal portal. Employers will be prompted to finish the E-Verify process including examining the documents submitted by the new hire.

1The Economics Daily, U.S. Bureau of Labor Statistics, Feb. 1, 2023.


We can help you tackle business challenges like these Contact us today

Cyber liability insurance can help mitigate the impact a cyberattack can have. 

From safety assessments and training to safety manuals and ongoing support. 

Find the right workplace retirement plan for your business and employees. 

* This content is for educational purposes only, is not intended to provide specific legal advice, and should not be used as a substitute for the legal advice of a qualified attorney or other professional. The information may not reflect the most current legal developments, may be changed without notice and is not guaranteed to be complete, correct, or up-to-date.

About Paychex

Paychex was founded over four decades ago to relieve the complexity of running a business and make our clients' lives easier, so they can focus on what matters most.

We provide: