The U.S. Department of Justice (DOJ) and Department of Homeland Security (DHS) released a joint guidance bulletin on December 19, 2023, clarifying what’s required for Form I-9 compliance when using electronic systems.
Why it matters: As more companies adopt digital onboarding tools, many aren’t aware that not all I-9 software is compliant—and that puts HR teams and employers at risk of civil fines, discrimination claims, or failed ICE audits.
The new guidance isn’t just a suggestion—it’s a compliance checklist that ICE auditors and DOJ investigators will likely use during enforcement.
The agencies jointly outlined six major areas where digital I-9 platforms must comply:
1. Software Design Must Prevent Discrimination
Systems cannot auto-populate, skip fields, or guide users in ways that could lead to discriminatory practices. For example, prompting document choices for employees is a violation.
2. Employers Are Still Fully Liable
Even if your software made the mistake, ICE will fine your business—not the software vendor. Employers must actively review their system’s compliance features.
3. You Must Be Able to Present “Legible Copies”
If ICE requests an inspection, your system must be able to produce printable, readable I-9s in a format that mirrors the paper form. That includes signatures, timestamps, and audit trails.
4. Security and Access Control Are Mandatory
Systems must protect data with secure access controls, encryption, and logging. This
applies to all three retention phases: completion, storage, and retrieval.
5. Systems Must Track Changes (Audit Trails)
Every change to the form (who did what, when, and why) must be logged. Lack of audit logs = major violation.
6. Retention and Purge Logic Must Match USCIS Rules
Your system should automatically apply the I-9 retention rule: maintain I-9s for 3 years after hire or 1 year after termination, whichever is later.
Read the full fact sheet from DOJ and DHS.
Even some well-known platforms fall short. Here are frequent compliance gaps flagged in ICE audits:
Reminder: The employer—not the vendor—is held responsible if any of these lead to violations.
Most HR teams assume their system is compliant, but few have checked against the DOJ/DHS checklist.
Use our I-9 Software Compliance Checklist to evaluate:
ICE is ramping up audits in 2025—and software design flaws are fair game. The DOJ has also taken increased action on I-9-related discrimination, especially for foreign-born workers or EAD holders.
If your platform suggests which documents to present or lacks secure access, you could be flagged—even if it wasn’t intentional.
1. Audit Your Existing I-9 System
Use the DOJ/DHS checklist to compare your platform’s features against the federal requirements.
2. Request Compliance Documentation from Your Vendor
Ask for security audits, discrimination prevention features, and retention logic protocols.
3. Train Your Team
Ensure HR and managers understand what the software can—and can’t—do, and how to stay compliant during completion and reverification.
4. Switch to a Trusted
Platform If Needed Many HRIS platforms were built for payroll or benefits first and only bolted on I-9 functionality later. The result? Gaps in compliance that often go unnoticed until an audit. If your current system doesn’t provide airtight I-9 processes—or if you’re relying on a platform better known for payroll than for compliance—it may be time to migrate before those weaknesses are exposed.
At i9 Intelligence, our platform was built to exceed DOJ and DHS guidance—because we’ve helped clients through ICE audits where noncompliance nearly cost them their business:
Want to know where your current system stands? Book a Free Compliance Call or try our I-9 Risk Calculator to get started.
