本文目前仅提供英文版本。
US AI Compliance for Enterprise: Federal Enforcement, State Laws, and the Sector Regulator Map
No comprehensive US federal AI law — but real compliance obligations from the FTC, CFPB, EEOC, financial regulators, healthcare regulators, and a growing patchwork of state laws. The 2026 enterprise compliance map for US operations.
Key Takeaways
The US has no comprehensive federal AI law, but federal enforcement actions from the FTC, CFPB, EEOC, and sector regulators create real compliance obligations — an organisation that assumes 'no AI law = no AI obligation' is wrong.
The FTC's Section 5 authority over unfair or deceptive acts and practices applies to AI — the FTC has challenged AI that makes false capability claims, AI that uses dark patterns to manipulate consumers, and AI that enables discriminatory outcomes.
State AI laws are creating a compliance patchwork: Illinois (AI hiring disclosure), Colorado (AI Act for high-risk AI, enforcement stayed), Texas (AI in business — HB 1709), California (proposed comprehensive AI legislation), and more states actively legislating.
Federal sector regulation creates the most concrete AI compliance obligations: CFPB on algorithmic credit decisions, EEOC on AI in employment, OCC/Fed on model risk management for banks, FDA on AI in medical devices, and HHS on AI in healthcare.
The practical US AI compliance programme: map your AI systems against FTC, CFPB, EEOC, and sector regulator expectations; implement state law requirements for each state where you operate; align with NIST AI RMF as the operational methodology; and document governance for due diligence readiness.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
The US AI compliance landscape without a federal AI law
The absence of a comprehensive federal AI law in the US does not mean the absence of AI compliance obligations. It means that those obligations are distributed across multiple federal agencies and an increasingly active state legislative landscape, creating a more complex compliance environment than a single comprehensive law would produce. Organisations that assume they have no AI governance obligations because there is no federal AI law are consistently surprised when enforcement actions materialise.
The core of US AI compliance in 2026 is the application of existing federal law to AI contexts. Section 5 of the FTC Act prohibiting unfair or deceptive acts and practices, the Equal Credit Opportunity Act and Fair Housing Act prohibiting discriminatory lending, Title VII of the Civil Rights Act prohibiting employment discrimination, and the healthcare privacy and safety frameworks — all apply to AI with full force. The agencies enforcing these laws have been active in developing AI-specific interpretations and pursuing enforcement.
FTC enforcement on AI
The Federal Trade Commission has been the most broadly active federal regulator on AI, drawing on its Section 5 authority to address AI across sectors. FTC AI enforcement themes include: false capability claims (AI products marketed with capabilities they do not have), discriminatory outcomes (AI systems that produce discriminatory results in consumer-facing contexts), privacy violations (AI systems that collect or use data in ways that violate the FTC Act), and dark patterns (AI-assisted interface design that manipulates consumers). The FTC has also issued guidance requiring that organisations using AI be able to explain their AI systems' decisions to affected consumers — guidance that creates de facto explainability requirements for consumer-facing AI.
State law compliance map
Illinois's Artificial Intelligence Video Interview Act (AIVIA) requires employers using AI to evaluate job applicants via video interviews to: disclose before the interview that AI is being used, explain how the AI works and what characteristics it evaluates, obtain consent before the interview, and limit sharing of interview recordings. Illinois is the most enforced state AI employment law and has generated significant litigation.
Colorado's AI Act (HB 24-1468), passed in 2024, created obligations for developers and deployers of high-risk AI systems — but its enforcement has been stayed pending amendments to address concerns about its scope and application. Organisations should monitor Colorado AI Act developments closely as the amendments may produce a revised law with different obligations.
Texas HB 1709, the Texas Responsible AI Governance Act, creates disclosure requirements for AI use in consequential decisions affecting Texas residents and requires algorithmic impact assessments for certain AI deployments. The Texas law has a broader scope than the Illinois law but lighter enforcement mechanisms.