AI Compliance Atlas
Map my obligations

US State AI Regulation Overview

As of May 8, 2026, the United States has no single comprehensive federal AI law. Instead, AI compliance for U.S. consumers is governed by a fast-emerging patchwork of state laws, federal voluntary frameworks, and sector-specific federal guidance.

State laws currently in force or scheduled

The Atlas tracks the following state and municipal AI laws and AI-specific enactments:

  • [Colorado Artificial Intelligence Act](/law/colorado-ai-act) (SB 24-205) — comprehensive law covering developers and deployers of high-risk AI. SB25B-004 extended the effective date of the SB 24-205 requirements to June 30, 2026.
  • [Texas Responsible Artificial Intelligence Governance Act](/law/texas-traiga) (HB 149, TRAIGA) — broad disclosure and discrimination prohibitions, effective January 1, 2026, with tiered civil penalties under § 552.105.
  • [NYC Local Law 144](/law/nyc-local-law-144) — automated employment decision tools (AEDTs) bias audit + disclosure regime, in force since 2023.
  • [Illinois HB 3773](/law/illinois-hb-3773) — amends the Illinois Human Rights Act to make AI-driven employment discrimination a civil rights violation, effective January 1, 2026.
  • [Utah AI Policy Act](/law/utah-ai-policy-act) (SB 149, amended by 2025 SB 226/HB 452/SB 332) — generative-AI disclosure and mental-health-chatbot rules with several provisions updated in 2025.
  • California [SB 942](/law/california-sb-942), [AB 2013](/law/california-ab-2013), and [SB 53](/law/california-sb-53) — three GenAI-focused laws that together took effect January 1, 2026.
  • [Washington SB 5838](/law/washington-sb-5838) — Washington State AI Task Force enabling act, effective March 18, 2024; it creates study and reporting structures rather than direct private-sector compliance duties.
  • [Florida AI laws](/law/florida-ai-bills) — narrow enacted statutes covering AI in political advertising and altered sexual depictions, plus monitored 2026-session proposals.

Pending and defeated state laws

Compliance teams should also track:

  • [Virginia HB 2094](/law/virginia-hb-2094) — comprehensive AI law modeled on Colorado, vetoed by Governor Youngkin in 2025; expected to be reintroduced.
  • [Connecticut SB 5](/law/connecticut-sb-2) — passed both chambers on May 1, 2026 and remains pending executive action as of May 8, 2026.
  • [New Jersey A 3854](/law/new-jersey-a-3854) — hiring AI bias audit bill modeled on NYC LL 144.

Federal layer

Federal voluntary frameworks supplement state laws and often serve as the substantive control framework:

  • [NIST AI Risk Management Framework](/framework/nist-ai-rmf) (AI RMF 1.0 + GenAI Profile)
  • [ISO/IEC 42001:2023](/framework/iso-42001) — certifiable AI management system standard
  • December 11, 2025 Executive Order "Ensuring a National Policy Framework for Artificial Intelligence" — see the news log for ongoing developments

How obligations differ

Most state laws split obligations between developers and deployers:

  • Developers create or substantially modify AI systems; they typically owe documentation, disclosure to deployers, and bias-mitigation duties
  • Deployers put AI systems into use for consequential decisions; they typically owe impact assessments, consumer disclosure, post-deployment monitoring, and the bulk of penalty exposure

See the deployer-vs-developer pillar for a detailed walk-through.

Industries with the heaviest exposure

  • [HR & hiring](/industry/hr-hiring) — covered by NYC LL 144, Illinois HB 3773, NJ A 3854 (proposed), and the employment scope of Colorado/Texas
  • [Healthcare](/industry/healthcare) — covered by Colorado, Utah (regulated occupations and mental-health chatbots), and overlapping HIPAA/FDA AI guidance
  • [Financial services](/industry/financial-services) — covered by Colorado credit/lending applicability, Texas TRAIGA, and federal CFPB guidance
  • [Insurance](/industry/insurance) — covered by Colorado underwriting applicability, plus state insurance regulators

Multi-state compliance strategy

  1. Adopt a federal framework as your control baseline — NIST AI RMF or ISO/IEC 42001. Both substantially support every state-law obligation tracked here.
  2. Build a per-jurisdiction registry of obligations — use the Compliance Checker tool to scope.
  3. Run impact assessments under the most stringent applicable law — typically Colorado for high-risk systems once the SB 24-205 requirements become operative. Use the Impact Assessment Generator.
  4. Document obligations satisfied vs gaps in a single register, refreshed annually.
  5. Monitor news — federal preemption activity in late 2025 may affect enforceability.

What's next

The state AI legislative pipeline shows continued activity. Track the news log for enactments, court rulings, enforcement actions, and guidance releases. Use the per-law detail pages for substantive obligations and the framework hubs for control mappings.