Employee Polygraph Protection Act (EPPA)
The Employee Polygraph Protection Act of 1988 (29 U.S.C. §§ 2001–2009) makes it illegal for most private employers to require, request, suggest, or cause any employee or job applicant to take a lie detector test — and illegal to fire, discipline, or refuse to hire someone for declining to take one. Before EPPA, an estimated 2 million polygraph exams were administered annually in the American workplace, often under coercive conditions with unreliable results. EPPA effectively ended routine workplace polygraph use in the private sector, with narrow exceptions for certain security-sensitive positions and specific theft investigations. The Department of Labor's Wage and Hour Division (which also enforces the federal minimum wage) enforces the Act, with penalties up to $10,000 per violation.
Current Law (2026)
| Parameter | Value |
|---|---|
| Governing law | 29 U.S.C. §§ 2001–2009 (EPPA, 1988) |
| General rule | Private employers may not require, request, suggest, or use lie detector tests for employees or applicants |
| Covered devices | Polygraphs, deceptographs, voice stress analyzers, psychological stress evaluators, and similar instruments |
| Enforcement | DOL Wage and Hour Division |
| Civil penalty | Up to $10,000 per violation |
| Private right of action | Employees may sue for reinstatement, back pay, benefits, and attorney's fees |
| Government employer exemption | Federal, state, and local governments are completely exempt |
| Security services exemption | Private security firms providing services to federal facilities or currency/precious commodities operations |
| Ongoing investigation exemption | Limited polygraph use during specific theft/loss investigations with reasonable suspicion |
| Statute of limitations | 3 years for private lawsuits |
Legal Authority
- 29 U.S.C. § 2002 — Prohibitions on lie detector use (makes it unlawful for any employer engaged in commerce to: directly or indirectly require, request, suggest, or cause any employee or prospective employee to take a lie detector test; use, accept, refer to, or inquire about results of a lie detector test; or discharge, discipline, discriminate, deny employment, or threaten action against anyone who refuses, or on the basis of results)
- 29 U.S.C. § 2005 — Enforcement provisions (Secretary of Labor may bring civil actions; civil penalty up to $10,000; private right of action for affected employees to recover reinstatement, back pay, benefits, attorney's fees, and reasonable costs)
- 29 U.S.C. § 2006 — Exemptions (federal, state, and local governments; national defense and security contractors; FBI contractors; private security firms guarding currency, toxic waste, nuclear facilities, water supply, or public transportation; pharmaceutical manufacturers/distributors with access to controlled substances)
- 29 U.S.C. § 2007 — Restrictions on use of exemptions (even where testing is permitted, strict procedural safeguards apply: written notice 48 hours before test, right to consult attorney, right to refuse or discontinue, prohibition on degrading questions, and restrictions on how results can be used)
- 29 U.S.C. § 2008 — Disclosure of information (test results and analyses cannot be disclosed to anyone other than the examinee, the employer who requested the test, or a court pursuant to a court order)
How It Works
EPPA's prohibition is broad: no private-sector employer engaged in interstate commerce may require, request, suggest, or cause an employee or job applicant to take a lie detector test — covering not just traditional polygraphs but voice stress analyzers, psychological stress evaluators, and any device used to render a diagnostic opinion about honesty. An employee cannot be fired, disciplined, or denied a job for refusing. Government employers — federal agencies including the FBI, CIA, NSA, and DOE, and all state and local governments — are completely exempt, which is why security clearance and intelligence agency hiring processes routinely include polygraph examinations.
The primary exception for private employers is the ongoing investigation exemption: an employer may request (but not require) a polygraph when investigating a specific economic loss — theft, embezzlement, industrial espionage — if the employee had access to the affected property and the employer has reasonable suspicion of involvement. The employer must provide a written statement describing the incident, the basis for suspicion, and the employee's access at least 48 hours before testing. Even then, test results cannot be the sole basis for any adverse employment action — they must be corroborated by other evidence. Whenever testing is permitted, the examinee must receive written notice of their rights, the examiner cannot ask about religious beliefs, political views, sexual behavior, or union activities, and the subject may stop the test at any time. Enforcement is dual-track: the DOL Wage and Hour Division can assess civil penalties up to $10,000 per violation, and employees have a private right of action in federal court for reinstatement, back pay, and attorney's fees within a 3-year statute of limitations.
How It Affects You
<!-- pria:personalize type="impact" -->If your employer asks you to take a polygraph (and you work in the private sector): Refuse if you want to — EPPA gives you that right. The critical next step: document the request in writing immediately — text yourself a summary or email your personal address with the date, who made the request, and the context. If you are fired, disciplined, demoted, or denied a promotion after refusing, that's a retaliation violation. File a complaint with the DOL Wage and Hour Division (dol.gov/agencies/whd) within 3 years of the violation. You can also sue privately in federal or state court for reinstatement, back pay, lost benefits, and attorney's fees — plaintiffs who prevail also recover attorney's fees, which makes EPPA cases viable for employment lawyers even when damages are modest. One nuance: the law prohibits the employer from requiring, requesting, suggesting, or even implying that polygraph testing is expected. An employer who says "we can't make you take one, but all the candidates who did are still being considered and you're not" is still violating EPPA. If you're a job applicant and a company asks you to take a polygraph as part of its hiring process, that is a per se violation — the prohibition applies equally to applicants. You can decline, report it to WHD, or choose to walk away from the job if you prefer.
If you're an employer and an internal theft investigation has led you to consider polygraphs: The ongoing investigation exemption is narrow and easy to misuse. Before proceeding, you need: (1) a specific incident — not general concerns about morale or inventory shrinkage, but a specific loss or injury with an estimated dollar value; (2) written reasonable suspicion explaining why you believe this specific employee was involved (access to the relevant area or property, specific behavioral observations — not just "everyone had access"); (3) written notice at least 48 hours before the scheduled test, describing the incident, the employee's access, and the basis for suspicion; and (4) acknowledgment in writing that the employee may refuse and may consult an attorney. The test results cannot be the sole basis for an adverse action — you must have independent supporting evidence. EPPA's civil penalty is up to $10,000 per violation, and retaliating against an employee who refuses (even under the exemption) adds an additional violation. The safer alternative to polygraphs for most theft investigations: forensic accounting, access log review, security footage, and direct interviews with a documented process.
If you're applying for a federal job or security clearance: EPPA does not apply to government employers at any level. Federal agencies — including the CIA, NSA, FBI, DOE, DIA, and CBP — routinely require polygraph examinations as part of security clearance investigations and for certain sensitive positions. The scope and frequency of federal polygraph use varies by agency and position: NSA and CIA polygraph extensively (regular reinvestigations every 5 years); FBI uses polygraphs for Special Agent applicants and counterintelligence positions; CBP uses them for Border Patrol agent hiring. The National Academy of Sciences has concluded that polygraphs have "inherent ambiguity" and produce meaningful rates of false positives — meaning truthful people fail. If you fail a federal polygraph, there is typically an administrative review process, but the standards are opaque and decisions are rarely explained. State and local government agencies are also exempt from EPPA — some states have their own restrictions, others do not.
If you've been exposed to an emerging "truth detection" technology at work — behavioral analytics, keystroke monitoring, AI-based credibility assessment: EPPA's prohibition extends to "any similar device or procedure used to render a diagnostic opinion regarding honesty or dishonesty" — not just the classic polygraph. Whether AI-based behavioral analysis qualifies is legally unsettled; the DOL has not issued guidance. If an employer represents that a tool is being used to assess your truthfulness or honesty (not just to monitor productivity), the EPPA argument is available. This is an emerging area where the law is not keeping pace with technology. Document what the employer told you about the purpose of the monitoring, and consult an employment attorney if you believe you faced adverse action based on such an assessment.
<!-- /pria:personalize -->State Variations
<!-- pria:personalize type="state-specific" -->EPPA preserves more protective state laws:
- Several states enacted polygraph bans before EPPA and maintain stricter protections
- Some states ban polygraph use entirely for employment purposes, including government employers
- State licensing requirements for polygraph examiners vary
- State whistleblower and anti-retaliation laws may provide additional protections beyond EPPA
- Where state law is more protective than EPPA, the state law controls
Implementing Regulations
-
29 CFR Part 801 — Application of the Employee Polygraph Protection Act: WHD's detailed implementation of EPPA covering the full range of employer prohibitions, the narrow set of exemptions, employee rights during testing, and enforcement:
General prohibition (§ 801.4): private sector employers may not require, request, suggest, or cause any employee or prospective employee to take a lie detector test; may not use, accept, refer to, or inquire about results of any lie detector test; and may not take or threaten adverse action because of refusal to test or based on test results; this prohibition covers polygraphs, voice stress analyzers, psychological stress evaluators, and any similar instrument that purports to detect deception or truthfulness
Exemptions (§§ 801.10–801.14):
- § 801.10 — Public sector exclusion: federal, state, and local government employers are completely excluded from EPPA coverage; government agencies may require polygraphs for sensitive positions without restriction under this law (though other laws may apply)
- § 801.11 — National security exemption: the NSA, CIA, FBI, and certain other intelligence agencies may administer polygraphs to employees and contractors with access to classified national security information; the exemption is narrow — it applies only to agencies specifically authorized under the law
- § 801.12 — Economic loss/injury investigation exemption: employers investigating a specific incident of economic loss (theft, embezzlement, sabotage, industrial espionage) may test employees — but only those who had access to the property or area involved, and only if the employer has a "reasonable suspicion" based on observable indicators that the individual employee was involved; generic "everyone is a suspect" testing is prohibited; the employer must provide a written statement of the specific incident, the basis for individual suspicion, and the access limitations; all four conditions must be met
- § 801.13 — Controlled substance exemption: employers authorized to manufacture, distribute, or dispense controlled substances may test prospective employees and employees with direct access to controlled substances; limited to Schedule I–V substances
- § 801.14 — Security services exemption: employers providing armored car services, alarm design/installation, or security guard services may test prospective employees (not current employees except in specific economic loss investigations); the exemption applies only to employers in the security business, not ordinary employers who hire security guards
Examinee rights (§§ 801.22–801.25):
- § 801.22 — General rights: in any permitted test, the examinee has the right to a written notice at least 48 hours before the test (stating basis for the test, nature of the investigation, and examination time); the right to consult with an attorney or employee representative before the examination; and the right to terminate the test at any time
- § 801.23 — Pretest phase: the examiner must inform the examinee of the nature of the examination, the technique used, and all questions that will be asked; no questions may be asked about religion, racial matters, political beliefs, sexual behavior, or union activity; the examinee must be informed of the right to stop the test at any time
- § 801.24 — Actual testing phase: the test may not be conducted for more than 90 minutes (including pretest and post-test phases); the examiner must ask only the questions disclosed in the pretest phase; the examinee may not be asked to explain or justify physiological responses during the test
- § 801.25 — Post-test phase: the examiner must review findings with the examinee and give the examinee an opportunity to explain physiological responses; before any adverse action is taken, the employer must provide the examinee with a copy of the questionnaire and the examiner's conclusions
Examiner qualifications (§ 801.26): examiners must be licensed in states that license polygraph examiners; meet minimum professional standards; carry at least $50,000 in professional liability insurance or a surety bond
Enforcement (§ 801.42): WHD may assess civil money penalties up to $26,262 per violation (inflation-adjusted); employees may also bring private civil actions for damages, employment, lost wages, benefits, and attorney's fees; employees who prevail receive at minimum lost wages and employment reinstatement
§ 801.35 — Confidentiality: test results may be disclosed only to the examinee, the employer who requested the test, and courts or government agencies in connection with an ongoing investigation or proceeding; employers may not share polygraph results with other employers or prospective employers
Pending Legislation
- S 2163 (Sen. Gallego, D-AZ) — Border Patrol Recruitment Enhancement Act: allow experienced law enforcement and military applicants to bypass the CBP Border Patrol polygraph under strict checks and reporting. Status: Introduced.
Recent Developments
EPPA has remained largely unchanged since 1988, reflecting broad consensus that workplace polygraph use was abusive and unreliable. Like employment discrimination protections, EPPA is part of the broader framework of worker rights. Emerging technologies — continuous keystroke monitoring, AI-based behavioral analysis, and neuroimaging — have raised questions about whether EPPA's prohibition extends to new forms of "truth detection" technology that don't use traditional polygraph mechanisms. The DOL has not issued guidance on this question. In the government sector, controversy has periodically erupted over the reliability and fairness of polygraph screening in federal security clearance processes, with the National Academy of Sciences concluding in 2003 that polygraph testing has "inherent ambiguity" and produces unacceptable rates of both false positives and false negatives. Despite this, federal agencies continue to rely heavily on polygraphs.