🇺🇸FTCCFPBEEOCOCCFDAState AGs

US AI governance for enterprise.

No federal AI law — but FTC, CFPB, EEOC, and sector regulators are all active. States are moving fast. And if you have EU customers, the EU AI Act applies regardless of where you're based.

Enterprise AI governance guide State AI law tracker

State AI laws: the active patchwork

Six states with active or developing AI requirements — and more coming.

Colorado

Enforcement stayed

Colorado AI Act (SB 205)

Scope: Developers and deployers of high-risk AI systems in employment, housing, credit, insurance, education, healthcare. Effective June 30, 2026 but enforcement stayed by court (xAI v. Weiser, April 27, 2026).

Requirements: Risk assessments, impact statements, consumer notices, developer disclosures, annual reviews

Enforcer: Colorado AG (stayed)

Connecticut

In force

Connecticut AI Act (SB 2)

Scope: Deployers of high-impact AI systems interacting with CT residents

Requirements: Impact assessments, anti-discrimination provisions, consumer rights including explanation and correction

Enforcer: CT AG

New York City

Enforced

Local Law 144

Scope: Employers using automated employment decision tools for NYC job candidates/employees

Requirements: Annual bias audits by independent auditors, public results publication, candidate notification

Enforcer: NYC DCWP

Illinois

Active

AEIA + HB 3773

Scope: Employers using AI in video interviews; broad employer AI obligations under AEIA

Requirements: Video interview AI disclosure and data destruction; employment AI non-discrimination

Enforcer: Illinois AG

Texas

In force

Texas AI in Insurance

Scope: Insurers using AI in underwriting, pricing, claims, or marketing

Requirements: Non-discrimination provisions; prohibited use of protected characteristics as AI inputs

Enforcer: Texas DOI

California

Developing

Multiple bills (AB 2885, SB 1047 vetoed)

Scope: Various bills targeting employment AI, healthcare AI, and large foundation models

Requirements: Active legislative calendar — monitoring required

Enforcer: CA AG / DFPI

Federal agency AI enforcement

No AI law, but existing authorities — actively used.

FTC

Federal Trade Commission

Authority: Section 5 FTC Act — unfair or deceptive acts or practices

AI-generated fake reviews, deceptive AI capability claims, AI discrimination, health AI claims. Consent decrees require algorithmic audits and in some cases model deletion.

CFPB

Consumer Financial Protection Bureau

Authority: FCRA, ECOA, UDAAP

Adverse action notice requirements for AI credit decisions; CFPB position that AI model complexity does not excuse failure to provide specific denial reasons to applicants.

EEOC

Equal Employment Opportunity Commission

Authority: Title VII, ADA, ADEA

Disparate impact of AI hiring tools on protected groups; employer liability regardless of intent; guidance on AI hiring assessment tools.

OCC/Fed/FDIC

Prudential Banking Regulators

Authority: Safety and soundness, SR 26-2

Model risk management requirements apply to AI models. SR 26-2 (April 2026) superseded SR 11-7 — examiners assess ML-specific MRM practices under the revised guidance.

FDA

Food and Drug Administration

Authority: Medical device regulation, FDCA

AI as Software as a Medical Device; predetermined change control plan for iterative AI medical products; De Novo and 510(k) pathways.

US AI governance articles

11 min read

Stay ahead of AI governance

Regulatory updates, practical frameworks, and analysis. No spam, unsubscribe anytime.

No spam. Unsubscribe anytime. We'll never share your email.

US AI governance for enterprise.

State AI laws: the active patchwork

Federal agency AI enforcement

US AI governance articles

The US State AI Law Patchwork Is Now Your Problem

US AI Governance for Enterprise: Navigating Federal Agencies, State Laws, and the Absence of Federal Legislation

AI Governance in US Financial Services: Fed SR 11-7, OCC, CFPB, and the Emerging Federal Framework

The US AI Executive Order and What It Means for Enterprise AI Governance in 2026

US AI Compliance for Enterprise: Federal Enforcement, State Laws, and the Sector Regulator Map

AI in US Healthcare: Your Rights as a Patient When Algorithms Influence Your Care

AI Denied My Credit or Insurance in the US. What Are My Rights?

AI Governance for US Healthcare Organisations: FDA, HIPAA, CMS, and State Requirements

AI in Hiring and Employment: A Compliance Guide for US Employers

AI at Work in the US: Your Rights When Employers Use AI in Hiring, Monitoring, and Performance

AI Governance for US Small Businesses: FTC, State Privacy Laws, and What You Need to Do

AI in US Insurance: NAIC Model Bulletin, State Regulators, and the Governance Framework for Insurers

Stay ahead of AI governance