You just hired your tenth employee. She’s in California. Within her first six months, California law requires you to provide her with at least one hour of sexual harassment prevention training. If she’s a manager, it’s two hours. You need to repeat this every two years. You need records proving it happened.
Most founders have no idea this is a requirement until an auditor or attorney tells them. By then, they’re already non-compliant.
Compliance training is one of those obligations that grows quietly alongside your headcount. One hire in the wrong state, and you’re on the hook for training programs you didn’t know existed. If you’re already juggling multi-state tax registrations and remote employee withholding rules, compliance training is another layer of state-by-state complexity you can’t afford to ignore.
This guide breaks down exactly what’s required, which states have mandatory training laws, and how to handle it without adding another line item to your already overloaded to-do list.
What is compliance training?
Compliance training is formal education that helps employees understand the laws, regulations, and company policies that apply to their roles. It covers topics like harassment prevention, workplace safety, data privacy, and anti-discrimination. In many states, certain types of compliance training are legally required.
For startups, the most common (and most urgent) type of compliance training is sexual harassment prevention training. Six U.S. states and two major cities currently mandate it for private employers. But compliance training also includes topics like HIPAA for companies handling health data, cybersecurity awareness, workplace violence prevention (now required in California as of 2024), and data privacy training under state laws like the CCPA.
The scope of what you need to provide depends on three things: where your employees are located, how many employees you have, and what industry you operate in.
Why does compliance training matter for startups?
Startups tend to think of compliance training as a big-company problem. It’s not. The requirements kick in based on employee count and location, and the thresholds are low. California’s harassment training mandate applies to any employer with five or more employees. Illinois requires it from all employers regardless of size. New York requires it from every employer in the state.
The practical risks of skipping compliance training fall into three categories.
1. Legal exposure
If an employee files a harassment claim and your company has no training program, you lose a critical legal defense. The EEOC (United States Equal Employment Opportunity Commission) considers regular, interactive training a key preventive measure. Courts in states like New Jersey have ruled against employers specifically because they failed to provide anti-harassment training. Without a documented training program, you’re significantly more exposed in any employment dispute.
2. Financial penalties
Penalties vary by state, but the costs add up fast. Beyond direct fines, litigation from a single harassment claim can cost tens of thousands in legal fees alone. For a startup burning through runway, an avoidable legal expense is the last thing you need. (This is one of the most common payroll and compliance mistakes that costs startups real money.)
3. Operational drag
When compliance training is done reactively (scrambling after someone flags a gap), it pulls founders and operators away from the work that actually moves the business forward. A proactive system that handles training automatically means you never have to think about it.
Which states require sexual harassment training?
Six states currently have mandatory sexual harassment prevention training requirements for private employers: California, Connecticut, Delaware, Illinois, Maine, and New York. Chicago and New York City have additional requirements on top of their state laws. (For a broader look at how state-specific obligations affect your payroll setup, see our state payroll tax guides.)
Here’s a breakdown of the current requirements.
| State | Who Must Comply | Duration | Frequency | Details |
|---|---|---|---|---|
| California | 5+ employees | 2 hrs (supervisors), 1 hr (everyone else) | Every 2 years | Includes seasonal, temporary, and unpaid interns |
| Connecticut | 3+ employees | 2 hours | Every 10 years | Supervisors at employers with fewer than 3 employees must also train |
| Delaware | 50+ employees | Not specified | Every 2 years | Must train within 1 year of hire |
| Illinois | All employees | Not specified | Annually | Chicago requires additional bystander intervention training |
| Maine | 15+ employees | Not specified | Within 1 year of hire | Must follow Maine DOL checklist |
| New York | All employers | Not specified | Annually | NYC has additional requirements on top of state law |
Four additional states (Colorado, Massachusetts, Rhode Island, and Vermont) encourage but do not mandate harassment training. For every other state, the EEOC still recommends it as a best practice. In practical terms, if you’re a multi-state startup with employees across several states, you should assume some form of training is either required or strongly advised.
Important: these requirements apply based on where your employees work, not where your company is incorporated. If you’re a Delaware C-corp with engineers in California and a sales lead in New York, you need to comply with California and New York training laws. The same logic applies to state tax nexus: a single remote hire in a new state can trigger both payroll obligations and training requirements.
What types of compliance training do startups need?
Sexual harassment prevention gets the most attention because it’s the most widely mandated. But depending on your industry, team size, and employee locations, you may also need to cover other topics.
Sexual harassment prevention
This is the baseline. If you have employees in any of the six mandatory states listed above, you need a compliant training program that covers the legal definition of harassment, how to report it, bystander intervention (required in some jurisdictions), and supervisor responsibilities. The training must be interactive, not just a PDF or slide deck.
Workplace violence prevention
As of July 2024, California requires all employers to provide workplace violence prevention training. This is a newer requirement that many startups miss. You need a written workplace violence prevention plan, employee training on the plan, and a log of any incidents.
Data privacy and cybersecurity
If your company handles personal data (and nearly every startup does), data privacy training is a best practice that’s quickly becoming a legal expectation. Twenty-one U.S. states have now passed comprehensive data privacy laws with requirements around data minimization, consumer rights, and security safeguards. Training employees on your company’s data handling policies reduces the risk of a breach and demonstrates due diligence to regulators.
HIPAA
If your startup handles any protected health information, whether you’re a healthtech company or simply administering employee benefits, HIPAA training is required. This must cover how to handle PHI, what constitutes a breach, and your company’s specific policies and procedures.
Anti-discrimination and DEI
While not mandated at the federal level, several states include anti-discrimination education as part of their harassment training requirements. Many startups also provide diversity, equity, and inclusion training as a culture initiative, especially as they scale past 20 to 30 employees.
How often does compliance training need to happen?
It depends on the state. California and Delaware require training every two years. New York and Illinois require it annually. Connecticut’s refresh cycle is every ten years. Maine requires training within one year of hire but does not specify an ongoing cadence.
For practical purposes, an annual training cycle is the safest default. It satisfies the requirements of the strictest states and keeps your records current. The real complexity comes with tracking deadlines per employee: each person’s clock starts when they’re hired, promoted to a supervisory role, or relocated to a new state. Tracking this manually across a growing team is a recipe for gaps. Warp’s free compliance calendar can help you keep track of key deadlines across all 50 states.
What happens if you don’t provide required compliance training?
The consequences range from fines to losing the ability to defend your company in court.
- Weakened legal defense. The EEOC and state courts look at whether an employer took reasonable steps to prevent harassment. No training program means no defense.
- Direct penalties. In states with mandatory training laws, failure to comply can result in fines issued by the state’s labor department or human rights commission.
- Higher litigation costs. Without documentation of training, settlements and judgments tend to be larger because the employer can’t demonstrate good-faith prevention efforts.
- Audit risk. Some states require employers to maintain training records for three to five years and make them available on request. Missing records during an audit compounds the violation.
Do startups need a learning management system (LMS)?
A learning management system (LMS) is software that delivers, tracks, and reports on employee training. It automates course assignments, sends reminders, stores completion records, and generates reports for audits.
For a five-person startup with everyone in one state, you might be able to get by with a spreadsheet and a third-party training vendor. But that approach breaks down quickly. Once you’re hiring in multiple states, each with different training requirements, different deadlines, and different content mandates, manual tracking becomes unsustainable.
The question isn’t really whether you need an LMS. It’s whether your LMS should be a separate tool or built into the platform that already manages your employees.
Most standalone LMS platforms require you to manually sync employee data, figure out which state-specific courses each person needs, set reminders yourself, and track completions in a separate system from your payroll and HR records. That’s a lot of admin for a team without a dedicated HR person.
The better approach is an LMS that’s integrated directly into your payroll and HR platform. Your system already knows where each employee works, when they were hired, and whether they’re a manager. It should use that data to automatically assign the right training, track completion, and store records alongside the rest of their employee file. (If you’re evaluating platforms, our comparison of the best payroll software for startups covers how the major providers handle compliance features.)
How should startups set up a compliance training program?
You don’t need a dedicated L&D team. You need a system that handles the work for you. Here’s the practical checklist.
1. Audit your employee locations
Pull a list of every state where you have at least one employee. Check which of those states has mandatory training requirements. If you’re using a payroll platform that tracks employee work locations, this data should already be available. Keep in mind that even a single remote worker can create state tax nexus and trigger compliance training obligations simultaneously.
2. Identify your training obligations
For each state, determine what training is required, who needs it (all employees vs. supervisors only), how long the training must be, how often it must be repeated, and the deadline for new hires. Cross-reference any city-level requirements (Chicago and NYC have their own rules in addition to state law).
3. Select compliant course content
Training must meet the content and interactivity standards set by each state. California, for example, requires that training be interactive and include practical examples, discussion questions, or hypothetical scenarios. A recorded webinar or PDF does not qualify. Make sure whatever content you use is validated for the specific states where your employees are located.
4. Automate enrollment and tracking
This is where most startups fall behind. Manual enrollment and spreadsheet tracking work until they don’t. The moment someone gets hired in a new state, changes roles, or misses a deadline, things fall through the cracks. Automate this by connecting training assignments to your employee data: state of residence, hire date, role, and supervisor status should all trigger the correct training automatically.
5. Store records for audits
Maintain completion certificates, timestamps, and course details for every employee. Most states require you to keep these records for at least three years. Store them in the same system as the rest of your employee records so they’re easy to pull during an audit.
6. Incorporate training into onboarding
The most effective time to assign compliance training is during onboarding, when new hires are already completing paperwork and getting set up. If your onboarding process already handles offer letters, I-9 verification, and payroll setup, compliance training should be part of that same flow. States like California and New York require training within specific windows after the hire date, so building it into day-one onboarding ensures you never miss a deadline.
How does Warp handle compliance training?
Warp is the only AI-native HR & Payroll platform built for startups. Instead of clicking through clunky dashboards or .gov websites for taxes, Warp’s AI agents open every state tax account, file every payroll form, and resolve every tax notice automatically.
Now, Warp includes a built-in learning management system that brings the same philosophy to compliance training. When you hire someone in California, Warp doesn’t just open their state tax accounts and set up payroll. It also assigns the required harassment prevention training based on their location and role. No manual lookup. No separate tool. No spreadsheet.
Here’s how it works.
- Automatic course assignment. Warp uses the employee data already in your system (work state, hire date, supervisor status) to assign the correct compliance training to each person. When someone relocates to a new state, their training assignments update automatically.
- State-specific content. Pre-built compliance courses cover the requirements for every state with mandatory training laws. Each course is validated for the jurisdiction it covers and includes the interactive elements required by states like California and New York.
- Reminders and tracking. Employees get reminders until they complete their assigned courses. You get a dashboard showing completion status, overdue assignments, and upcoming deadlines across your entire team.
- Audit-ready records. Completion certificates and training records are stored alongside each employee’s payroll and HR file. When you need documentation for an audit, it’s all in one place.
Every company on Warp also gets a dedicated Account Manager and Benefits Advisor who can help guide you through training requirements as you expand into new states. You don’t have to spend hours researching which states require what. With thousands of fast-growing startups already running on Warp, you can focus on building your business while we handle payroll, compliance, benefits, and now employee training.
Frequently asked questions about compliance training
Is compliance training required by federal law?
No. There is no federal law requiring private employers to provide compliance training. However, the EEOC strongly recommends regular, interactive anti-harassment training for all employees and considers it a key factor in determining whether an employer took reasonable steps to prevent harassment. Several states have enacted their own mandates.
Do remote employees need compliance training?
Yes. Training requirements are based on where the employee works, not where your company is headquartered. A remote employee in California triggers California’s training requirements even if your company is incorporated in Delaware. This mirrors how state income tax withholding works for remote teams: the employee’s work location determines the obligation.
What is the penalty for not providing harassment training in California?
California does not impose a specific per-incident fine for failing to provide harassment training. However, failing to train significantly weakens your legal defense in any harassment claim. Courts may view the lack of training as evidence that the employer did not take reasonable steps to prevent harassment, which can result in larger damages awards.
Can I use free online courses for compliance training?
It depends on the state. California requires training to be interactive, with practical examples and discussion or quiz elements. A passive video or PDF generally does not meet this standard. Illinois requires employers to either use the model training developed by the Illinois Department of Human Rights or develop a program that meets the same standards. Always verify that any course you use meets the content, interactivity, and duration requirements for the specific state.
How long does compliance training take?
It varies. California requires two hours for supervisors and one hour for non-supervisory employees. Connecticut requires two hours for all employees. Most other states do not specify a minimum duration. In practice, a comprehensive harassment prevention course takes 30 to 60 minutes for non-supervisors and 60 to 120 minutes for supervisors.
Do contractors need compliance training?
In most states, mandatory training requirements apply to employees, not independent contractors. However, California’s law covers unpaid interns, temporary workers, and seasonal employees. Some legal experts recommend including contractors in training programs to reduce liability, especially in states with broad definitions of covered workers. If you’re unsure about the distinction, our guide on offer letters vs. employment contracts and at-will employment can help clarify how different worker relationships affect your obligations.
Warp takes compliance training off your plate. When you hire in a new state, the right training is assigned automatically. No lookup, no manual enrollment, no separate tool. Just one platform for payroll, compliance, benefits, and employee training.
See how it works → warp.co/demo
