Compare 14 AI bias auditing firms delivering independent fairness assessments, NYC Local Law 144 automated employment decision tool audits, EU AI Act high-risk conformity assessments, Colorado AI Act and California SB 1001 audits, and the disparate impact and proxy-discrimination testing required for credit, insurance, healthcare, and employment algorithms. Engagements cover the audit scope and impact assessment under NIST AI RMF 1.0 and ISO/IEC 42001, the data documentation and model card review, the protected-attribute and proxy testing using equal opportunity, demographic parity, equalised odds, and counterfactual fairness metrics, the disparate impact analysis under the four-fifths rule and adverse impact statistical tests, the model documentation and remediation reporting, the public summary required under jurisdictional rules, and the operational handover including monitoring, drift detection, and re-audit cadence. Listings cover specialist algorithm-audit firms, Big Four risk practices, civil-rights-aligned boutiques, accredited assurance bodies, and the India-heritage SIs building scaled audit capacity. No partner pays for placement on this directory.
AI bias audit programmes break into four workstreams. Scoping and impact assessment, where the partner defines whether the audit is a regulatory bias audit (NYC Local Law 144, Colorado AI Act, EU AI Act high-risk conformity, Illinois AI Video Interview Act), an internal assurance audit aligned with NIST AI RMF 1.0 or ISO/IEC 42001, or a litigation-readiness assessment, and identifies the protected attributes and proxies that apply under the relevant jurisdiction. Data and model documentation, where the partner reviews the training data lineage, the data documentation under ISO/IEC 5259 or Datasheets for Datasets, the model card and intended-use documentation, the deployment context, and the model lifecycle controls aligned with the partner's governance framework. Fairness testing and disparate impact, where the partner runs the metrics that apply to the use case (demographic parity, equal opportunity, equalised odds, predictive parity, counterfactual fairness), performs the four-fifths rule adverse impact analysis required for US employment, applies the statistical adverse-impact tests (Fisher exact, chi-square, Mann-Whitney) appropriate to sample size, and documents the proxy and intersectional analysis. Reporting and remediation, where the partner produces the audit report and the jurisdiction-specific public summary, designs the remediation plan with re-test criteria, and stands up the ongoing monitoring and re-audit cadence.
Three procurement archetypes recur. Algorithm-audit specialists and civil-rights-aligned boutiques (BABL AI, ORCAA, Holistic AI, Credo AI, BNH.AI, Eticas) lead at organisations where audit independence, methodology rigour, and public credibility determine the outcome. They are the default for NYC Local Law 144 and EU AI Act conformity work. Big Four AI risk practices (Deloitte, PwC, KPMG, EY) lead at programmes where the audit sits inside a broader AI governance, ISO 42001, or enterprise risk transformation, and where management-level reporting and audit-committee acceptance matter. India-heritage SIs (TCS, Infosys, Wipro) lead at scaled programmes where dozens of models need cyclical audit and unit cost and managed run dominate. Friction point: regulatory bias audit requirements are fragmenting. NYC Local Law 144 demands narrow scope and a public summary, Colorado AI Act requires impact assessments, EU AI Act conformity demands a notified body for high-risk systems, and US federal proposals continue to shift. Buyers should expect to redo audits when jurisdictions diverge, and partners that promise one audit covering all regimes are usually oversimplifying. Many audits also fail to address proxy discrimination, which is where most disparate impact actually originates.
For complementary research see AI governance platforms, MLOps platforms, model monitoring tools, data documentation tools, and GRC platforms. For adjacent services see AI governance consulting, ISO 42001 implementation, EU AI Act compliance, AI red teaming, LLM evaluation services, and MLOps services.
Tell us what you're evaluating and we'll send a tailored shortlist of vendors that actually fit — no vendor funding, no pay-to-play.
6,000+ vendors · 893 comparisons · 48 country guides · Independent & vendor-neutral