AI Laws & Regulation

U.S. AI Regulation Landscape: State-by-State Compliance Map

Navigate the evolving patchwork of U.S. AI laws by state. Explore how legal teams can stay ahead of compliance with California, New York, and other leading AI regulations.

U.S. AI Regulation Landscape: State-by-State Compliance Map

Understanding AI Laws by State: A Patchwork Compliance Challenge

As AI technologies rapidly integrate into hiring, marketing, health, and financial systems, U.S. companies face an emerging legal reality: state-level AI laws are outpacing federal regulation.

For General Counsel and in-house legal teams, managing AI compliance now means tracking a growing matrix of state-specific rules, each with unique obligations, timelines, and enforcement priorities.

In this guide, we outline the current state-by-state AI legal landscape and share practical tips for preparing your compliance roadmap.

Why the U.S. Has a Patchwork of AI Laws

While the EU passed the comprehensive AI Act, the U.S. has taken a decentralized approach. There is no federal AI law governing automated decision-making, algorithmic bias, or transparency in general-purpose AI systems.

Instead, the regulatory gap is being filled by:

  • State consumer privacy laws with AI-specific provisions

  • Sectoral regulations (e.g., insurance, employment, education)

  • Executive orders and task forces focused on ethical AI use

This creates a compliance puzzle for any business deploying AI nationally.

States Leading the Way: Highlights by Jurisdiction

Here’s a quick map of some of the most notable state-level AI regulations.

🔵 California: AI and Privacy Powerhouse

  • California Privacy Rights Act (CPRA) includes the right to opt-out of automated decision-making.

  • Businesses must conduct risk assessments when using AI in ways that significantly affect consumers' rights and freedoms.

  • Enforcement by the California Privacy Protection Agency (CPPA) is already active and expanding.

📝 Long-tail keyword: California AI privacy law

🟣 New York: Algorithmic Hiring Laws Take Center Stage

  • Local Law 144 requires employers to:


    • Notify job candidates about AI use in hiring

    • Conduct annual bias audits by an independent auditor

    • Publish audit results publicly

This law is already in effect for companies using automated employment decision tools (AEDTs) in NYC.

📝 Long-tail keyword: New York AI hiring audit

🟢 Illinois and Maryland: Consent Before Using AI in Hiring

  • Illinois AI Video Interview Act requires:


    • Notice and explicit consent before AI is used to analyze video interviews

  • Maryland limits facial recognition tech during interviews unless applicants opt in

These consent-focused laws raise the bar for HR tech vendors and their clients.

🟠 Colorado: Fairness in AI Insurance Pricing

  • Insurers must ensure algorithms do not result in unfair discrimination.

  • The Division of Insurance requires reporting on data sources and outcomes for AI-based pricing models.

🔴 Virginia, Texas, Montana: AI Profiling Opt-Out Rights

  • These states offer opt-out rights for profiling and automated decisions under their consumer privacy laws.

  • Compliance requires assessing how AI systems make inferences about individuals.

🟡 Tennessee: AI + IP in the ELVIS Act

  • The ELVIS Act (2024) protects musicians and performers against unauthorized AI-generated replicas of their voice.

  • Represents a novel intersection of AI and right of publicity.

📝 Long-tail keyword: AI state regulation

What In-House Legal Teams Should Do Now

To stay ahead of this fragmented AI legal environment, legal leaders should:

✅ Build an AI Risk & Compliance Tracker

  • Centralize all AI tools used in hiring, marketing, pricing, etc.

  • Map those tools to jurisdictions where customers or employees reside

✅ Require AI Vendor Disclosures

  • Ask vendors to share audit results, bias mitigation practices, and data governance protocols

  • Embed these into contracts and procurement policies

✅ Monitor Legislative Updates Quarterly

  • Track new bills and enacted laws using reliable sources like Stanford’s AI Index or ABA policy briefings

  • Consider outside counsel or AI law directories (like this one!) for alerts

✅ Conduct Pre-Implementation AI Impact Assessments

  • Use tools similar to data protection impact assessments (DPIAs)

  • Evaluate for fairness, transparency, and explainability before rollout

Takeaways

  • AI laws by state are creating a complex regulatory landscape—particularly in privacy, hiring, and discrimination.

  • California, New York, Colorado, and Illinois are leading with enforceable rules.

  • GCs must take a proactive, multi-jurisdictional approach to avoid liability and reputational risk.

  • Expect more states to follow, especially in election years or as public concern about deepfakes and bias grows.