US State AI Regulation Overview

As of April 2026, the United States has no single comprehensive federal AI law. Instead, AI compliance for U.S. consumers is governed by a fast-emerging patchwork of state laws, federal voluntary frameworks, and sector-specific federal guidance.

State laws currently in force

The Atlas tracks the following state and municipal laws as effective as of April 2026:

  • [Colorado Artificial Intelligence Act](/law/colorado-ai-act) (SB 24-205) — comprehensive law covering developers and deployers of high-risk AI, effective February 1, 2026. The first comprehensive U.S. state AI law.
  • [Texas Responsible Artificial Intelligence Governance Act](/law/texas-traiga) (HB 149, TRAIGA) — broad disclosure and discrimination prohibitions, effective September 1, 2025. $10,000 civil penalty per violation under § 49.452(d).
  • [NYC Local Law 144](/law/nyc-local-law-144) — automated employment decision tools (AEDTs) bias audit + disclosure regime, in force since 2023.
  • [Illinois HB 3773](/law/illinois-hb-3773) — amends the Illinois Human Rights Act to make AI-driven employment discrimination a civil rights violation, effective January 1, 2026.
  • [Utah AI Policy Act](/law/utah-ai-policy-act) (SB 149) — generative AI disclosure for regulated occupations, effective May 1, 2024.
  • California [SB 942](/law/california-sb-942), [AB 2013](/law/california-ab-2013), and [SB 53](/law/california-sb-53) — three GenAI-focused laws that together took effect January 1, 2026.
  • [Washington SB 5838](/law/washington-sb-5838) — Washington State AI Task Force enabling act, effective 2024.

Pending and defeated state laws

Compliance teams should also track:

  • [Virginia HB 2094](/law/virginia-hb-2094) — comprehensive AI law modeled on Colorado, vetoed by Governor Youngkin in 2025; expected to be reintroduced.
  • [Connecticut SB 2](/law/connecticut-sb-2) — comprehensive law in active development.
  • [New Jersey A 3854](/law/new-jersey-a-3854) — hiring AI bias audit bill modeled on NYC LL 144.
  • [Florida AI bills](/law/florida-ai-bills) — multi-bill package addressing political deepfakes and government AI use.

Federal layer

Federal voluntary frameworks supplement state laws and often serve as the substantive control framework:

  • [NIST AI Risk Management Framework](/framework/nist-ai-rmf) (AI RMF 1.0 + GenAI Profile)
  • [ISO/IEC 42001:2023](/framework/iso-42001) — certifiable AI management system standard
  • December 2025 Executive Order "Eliminating State Law Obstruction of National AI Policy" — see the news log for ongoing developments

How obligations differ

Most state laws split obligations between developers and deployers:

  • Developers create or substantially modify AI systems; they typically owe documentation, disclosure to deployers, and bias-mitigation duties
  • Deployers put AI systems into use for consequential decisions; they typically owe impact assessments, consumer disclosure, post-deployment monitoring, and the bulk of penalty exposure

See the deployer-vs-developer pillar for a detailed walk-through.

Industries with the heaviest exposure

  • [HR & hiring](/industry/hr-hiring) — covered by NYC LL 144, Illinois HB 3773, NJ A 3854 (proposed), and the employment scope of Colorado/Texas
  • [Healthcare](/industry/healthcare) — covered by Colorado, Utah (regulated occupations), and overlapping HIPAA/FDA AI guidance
  • [Financial services](/industry/financial-services) — covered by Colorado credit/lending applicability, plus federal CFPB guidance
  • [Insurance](/industry/insurance) — covered by Colorado underwriting applicability, plus state insurance regulators

Multi-state compliance strategy

  1. Adopt a federal framework as your control baseline — NIST AI RMF or ISO/IEC 42001. Both substantially support every state-law obligation tracked here.
  2. Build a per-jurisdiction registry of obligations — use the Compliance Checker tool to scope.
  3. Run impact assessments under the most stringent applicable law — typically Colorado for high-risk systems. Use the Impact Assessment Generator.
  4. Document obligations satisfied vs gaps in a single register, refreshed annually.
  5. Monitor news — federal preemption activity in late 2025 may affect enforceability.

What's next

The state AI legislative pipeline shows continued activity. Track the news log for enactments, court rulings, enforcement actions, and guidance releases. Use the per-law detail pages for substantive obligations and the framework hubs for control mappings.