Penalty Example
An employer with 500 I-9s on a system without a proper audit trail (§ 274a.2(g)).
Federal law sets specific requirements for any electronic I-9 system — from audit trails to electronic signatures to data integrity. As of March 2026, system failures are substantive violations with no correction window.
Most employers now use some form of electronic I-9 system — whether a specialist platform, an HCM module from Workday, SAP, ADP, or UKG, or a hybrid of electronic and paper.
Most employers also assume their software handles compliance automatically. In December 2023, the Department of Justice and ICE issued joint guidance explicitly warning against this assumption:
"Using a Form I-9 software program does not guarantee an employer's compliance with federal law."
ICE delivered over 5,200 audit notices in February 2025 alone. The March 2026 fact sheet update raised the stakes: electronic system failures are now substantive violations — immediate fines with no correction window.
The gap between what employers think their system does and what the law actually requires is where audit liability lives.
Federal regulations at 8 CFR § 274a.2 establish specific requirements for any employer using an electronic system to complete, store, or manage Form I-9. These are legal requirements — any system that fails to meet them puts the employer at risk of substantive violations during an ICE inspection.
What this means in plain English
Your system must include controls that ensure I-9 data is complete and correct. No data corruption, no missing fields, no silent failures.
What this means in practice
- The system must prevent unauthorized changes to completed I-9 records
- Data must remain intact through system updates, migrations, and platform changes
- If you migrate from one system to another, the data must survive without corruption or loss- The system must have safeguards against data entry errors
Practical test: Can you pull up an I-9 completed three years ago and confirm every field contains exactly what was entered on the day it was completed?
Common failure: During system migrations, Supplement B (reverification) data is frequently lost. One enterprise migration from SAP revealed fewer than 20 Supplement Bs across 20,000 employees. A separate migration from Workday resulted in zero Supplement B data transferring.
What this means in plain English
The system must detect and prevent unauthorized or accidental creation, alteration, deletion, or deterioration of stored Form I-9 data, including electronic signatures.
What this means in practice
- Role-based access controls (view vs. edit vs. delete)
- Authentication requirements for anyone accessing the system
- The system must identify every person who touched a record
- Electronic signatures must be protected against alteration
Practical test: Can your system produce a report showing exactly who accessed each I-9 record, when, and what they did?
Common failure: HCM platforms often grant broad access through general HR roles. UKG's E-Verify Connector hardcodes "Yes" for the Verified field on all employees regardless of actual E-Verify status.
What this means in plain English
Every change to a Form I-9 since creation must be electronically stored and accessible to inspectors. This is not optional logging.
What this means in practice
- Every creation, access, correction, and change must be logged
- The log must capture who, what, and when (date and time)
- The audit trail must be tamper-proof
— cannot be edited or deleted
- Must be retained for the same period as the I-9 itself
- If you migrate systems, you may need to maintain the old system for years
Practical test: Can your system produce a complete history of every action taken on a specific I-9, with timestamps and user identities, in a format an ICE inspector can review?
Common failure: HCM platforms (Workday, SAP, ADP, UKG) generally do NOT meet USCIS standards for I-9 audit trails. When migrating away, audit trail data often does not transfer.
What this means in plain English
The system must include a regular quality assurance program that evaluates the system AND periodically checks stored Forms I-9.
What this means in practice
- Must be documented and regular
— not a one-time setup check
- Must evaluate the system itself and periodically verify stored I-9s
- Electronic signatures must be part of the QA scope
- Must be demonstrable during an inspection
Practical test: Does your organization have a documented QA process for its I-9 system? When was the last time you verified stored forms are complete?
Common failure: SAP SuccessFactors: until January 2026, Section 2 was completable without uploading documents. Paylocity allowed I-9 "completion" without inspecting documents.
What this means in plain English
Any Form I-9 must be findable immediately during an inspection. Forms must be highly legible on screen and in print.
What this means in practice
- Records searchable by employee name, hire date, or other identifiers
- Reproducible in original format including supplements and corrections
- Must produce records within 3 business days of an ICE request
- Must provide "hardware, software, and personnel to reproduce records from ALL systems"
Practical test: If ICE serves a Notice of Inspection tomorrow, can you produce every I-9 from the last three years in a readable format within 3 business days?
Common failure: ADP contracts often contain no provisions for historical data export. If you leave ADP, your I-9 records may not come with you.
Employers can use electronic signatures on Form I-9 — both employee (Section 1) and employer (Section 2). But the system must meet specific standards.
The electronic signature must be covered by ALL five requirements above. In addition:
On March 16, 2026, ICE published a revised fact sheet reclassifying numerous common I-9 errors — including electronic system failures.
Technical violation: 10 business days to correct. If fixed, no fine.
Substantive violation: No correction window. Fines apply immediately.
Previously, many electronic system deficiencies were treated as technical. That grace period is gone.
An employer with 500 I-9s on a system without a proper audit trail (§ 274a.2(g)).
Some systems were built from the ground up around 8 CFR § 274a.2. Others bolted I-9 onto an HCM platform as one of dozens of modules.
Ask your vendor these questions. If they cannot answer clearly, your system may not comply.
Federal regulations at 8 CFR § 274a.2, subsections (e) through (i), establish five categories: integrity/accuracy controls, unauthorized change prevention, complete audit trail, inspection/QA program, and indexed retrieval with legibility. As of March 2026, failure to meet these is a substantive violation.
No. The DOJ and ICE explicitly warned in December 2023 that using a Form I-9 software program does not guarantee an employer's compliance with federal law. Employers are responsible regardless of vendor claims.
Technical violations give the employer at least 10 business days to correct with no fine. Substantive violations have no correction window and fines apply immediately. The March 2026 ICE fact sheet reclassified electronic system failures from technical to substantive.
Yes. Both Section 1 (employee) and Section 2 (employer) can use electronic signatures if the system meets 8 CFR § 274a.2(e) through (i). The signature must capture identity, attestation, and date, and must be under the signer's sole control.
A system-generated log recording every action on each I-9: who accessed it, what changed, and when. It must be unalterable and retained for the same period as the I-9 itself. If incomplete during an ICE inspection, that is a substantive violation.
No. The federal government does not approve, endorse, or certify any I-9 software. The DOJ/ICE guidance warns employers to be wary of vendors making this claim.
Yes. Any U.S. employer can voluntarily enroll in E-Verify regardless of state requirements. Over one million employers are currently enrolled, and approximately 1,500 new employers enroll each week.
Typically 3 business days from receiving a Notice of Inspection. For electronic records, you must provide hardware, software, and personnel to reproduce records from all systems, including legacy systems.