AAI Compliance Atlas
FrameworksState lawsIndustriesToolsNews
GuidesMap my obligations →
AAI Compliance Atlas

Structured, continuously verified reference for US AI compliance — federal frameworks, state laws, and the obligations that connect them.

Atlas

  • Frameworks
  • State laws
  • Industries
  • By role
  • Comparisons

Tools

  • Compliance Checker
  • Penalty Calculator
  • Impact Assessment

Resources

  • Guides
  • News
  • Blog

Company

  • About
  • Contact
  • Privacy
  • Terms
© 2026 AI Compliance Atlas. Informational only — not legal advice. Consult qualified counsel before making compliance decisions.Verified Jun 9, 2026
  1. Home/
  2. Roles/
  3. Deployer

AI Deployer Obligations Under US Law

Deployers operate AI systems to make or substantially factor into decisions affecting consumers, employees, or other regulated parties. Most US state AI laws place the heaviest compliance burdens on deployers, including impact assessments, disclosures, and post-deployment monitoring.

Governance routing

Use the AI governance guide to assign decision rights, committees, lifecycle gates, and escalation paths before mapping role-specific duties into the AI compliance framework register.

Obligations under US laws

  • data handlingFlorida AI Legislation (Deepfake and AI Disclosure Laws)Fla. Stat. § 836.13 (HB 757 / Brooke's Law)

    Do not willfully create, possess with intent to promote, solicit, or produce an altered sexual depiction of an identifiable person without consent, including AI-generated deepfakes. Covered platforms must remove altered sexual depictions within 48 hours of a valid takedown request. Per-image third-degree felony exposure.

    Deadline: 48_hour_takedown

  • disclosureFlorida AI Legislation (Deepfake and AI Disclosure Laws)Fla. Stat. ch. 2024-126 (HB 919)

    Include a clear and conspicuous disclaimer on any political advertisement that uses generative AI to depict a real person performing an action that did not occur, where the advertisement is intended to injure a candidate or deceive a voter. Omission is a first-degree misdemeanor.

    Deadline: at_publication

  • consumer rightColorado Artificial Intelligence ActC.R.S. § 6-1-1703(4)

    Provide consumers with a right to correct incorrect personal data and a right to appeal adverse consequential decisions to a human reviewer where technically feasible.

    Deadline: ongoing

  • disclosureColorado Artificial Intelligence ActC.R.S. § 6-1-1703(4)

    Disclose to consumers when a high-risk AI system is being used to make a consequential decision affecting them, including the system's purpose, the nature of the consequential decision, contact information, and the right to opt out where required.

    Deadline: before_decision

  • risk assessmentColorado Artificial Intelligence ActC.R.S. § 6-1-1703(3)

    Complete an annual impact assessment of each high-risk AI system, addressing purpose, intended outputs, performance metrics, transparency measures, post-deployment monitoring, and risks of algorithmic discrimination.

    Deadline: annually

  • disclosureIllinois HB 3773 (AI in Employment Decisions)775 ILCS 5/2-102(L)

    Provide notice to employees and applicants when AI is being used to make employment-related decisions covered by the amended IHRA.

    Deadline: at_use

  • governanceIllinois HB 3773 (AI in Employment Decisions)775 ILCS 5/2-102(L)

    Refrain from using AI that has the effect of subjecting employees or applicants to discrimination on the basis of protected classes under the Illinois Human Rights Act in employment decisions.

    Deadline: ongoing

  • disclosureNYC Local Law 144 (Automated Employment Decision Tools)N.Y.C. Admin. Code § 20-871(b)

    Provide candidates and employees who reside in NYC with at least 10 business days advance notice of AEDT use, including job qualifications, characteristics assessed, and instructions for requesting an alternative selection process or reasonable accommodation.

    Deadline: 10_business_days_before_use

  • transparencyNYC Local Law 144 (Automated Employment Decision Tools)N.Y.C. Admin. Code § 20-872

    Publicly post a summary of the most recent bias audit results on the employer's website, including the date the AEDT was first used and the source of the data.

    Deadline: ongoing

  • bias auditNYC Local Law 144 (Automated Employment Decision Tools)N.Y.C. Admin. Code § 20-871

    Subject the Automated Employment Decision Tool to an annual independent bias audit calculating selection rates and impact ratios across race/ethnicity and sex categories prior to use, then on a yearly basis.

    Deadline: annually

  • disclosureTexas Responsible Artificial Intelligence Governance Act (TRAIGA)Tex. Bus. & Com. Code § 552.051

    Provide clear and conspicuous disclosure to consumers when they are interacting with an AI system in a manner where a reasonable consumer might believe they are interacting with a human.

    Deadline: at_interaction

  • disclosureUtah Artificial Intelligence Policy ActUtah Code § 13-2-12(2)

    Persons in regulated occupations using generative AI must proactively disclose at the start of an interaction that the consumer is interacting with generative AI; other consumer-facing entities must disclose upon consumer inquiry.

    Deadline: at_interaction

Framework controls

  • transparencyISO/IEC 42001Clause 8 + Annex A.8

    Provide information to users and affected stakeholders about the AI system's intended use, capabilities, limitations, and how to interpret outputs per Annex A.8 controls.

  • documentationISO/IEC 42001Clause 8 + Annex A.6

    Maintain documentation throughout the AI system lifecycle including data management, system development, verification and validation, and deployment per Annex A.6 controls.

  • risk assessmentISO/IEC 42001Clause 6 + Annex A.5

    Conduct AI system impact assessments and risk assessments addressing intended uses, deployment context, affected stakeholders, and mitigation of identified risks per Annex A.5 controls.

  • governanceISO/IEC 42001Clauses 4-5

    Establish, implement, maintain, and continually improve an AI management system (AIMS) covering policies, leadership commitment, roles, and integration with other management systems.

  • governanceNIST AI RMFMANAGE 1-4

    MANAGE function: prioritize and treat identified risks, allocate resources, and implement risk response strategies including mitigation, transfer, acceptance, or avoidance.

  • risk assessmentNIST AI RMFMEASURE 1-4

    MEASURE function: assess, analyze, and monitor AI risks using both quantitative and qualitative methods, including bias evaluation, robustness testing, and explainability assessments.

  • risk assessmentNIST AI RMFMAP 1-5

    MAP function: identify the context, intended uses, stakeholders, and risks of each AI system, including categorization of impacts on individuals, communities, and the organization.

  • governanceNIST AI RMFGOVERN 1-6

    GOVERN function: establish policies, processes, structures, and accountability for AI risk management across the organization, including senior leadership oversight and a risk-based culture.

Run AI risk and impact assessments faster with Credo AI

partner link

Specialized AI governance platform built around the NIST AI RMF and EU AI Act. Bias auditing, model registry, policy automation.

Get a Credo AI demo →
Legal disclaimer

This content is informational only and does not constitute legal advice. Laws change frequently and vary by jurisdiction. Consult qualified legal counsel before making compliance decisions. Information accuracy not guaranteed as of any specific date.

We may receive referral commissions from recommended compliance tools. Recommendations are based on product fit and not on commission size. Links marked “partner link” include a tracked redirect.