US state AI laws: an overview
- With no broad federal AI law, US states are setting their own AI rules, creating a patchwork.
- The key states to watch include Colorado, Texas, California, and New York City.
- A single AI system can be subject to several state laws at once, with differing requirements.
- A coherent governance foundation adapts to multiple state laws far more easily than separate efforts.
- Current as of June 2026. This is general information, not legal advice.
Why a patchwork exists
The United States has not enacted a broad federal AI law comparable to the EU AI Act. Federal activity has centred on executive action, agency guidance, and sector rules rather than a single statute governing AI across the economy. Into that gap, states have stepped, much as they did with data privacy after California's privacy law. The consequence is that AI regulation in the US is, for now, defined substantially at the state level.
The key states to watch
Several states have moved furthest, and they are the ones most organisations need to understand:
- Colorado: Passed a broad AI law focused on high-risk AI systems and algorithmic discrimination, one of the most comprehensive state efforts.
- Texas: Enacted the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), addressing certain AI uses and harms.
- California: Active on multiple fronts, including rules on automated decision-making and AI transparency.
- New York City: Local Law 144 governs the use of automated employment decision tools, an early and influential measure.
Many other states have introduced or are considering AI legislation, so the landscape continues to expand.
What this means in practice
For organisations operating nationally, the practical challenge is coverage. A single AI system might be subject to Colorado's rules for some users, California's for others, and New York City's if used in hiring there. The obligations differ, but the underlying disciplines, knowing your AI systems, classifying them, governing high-risk uses, and being transparent, are common across them. An organisation with a coherent AI governance practice can adapt it to multiple state laws far more easily than one starting fresh for each.
How to approach the patchwork
The efficient approach is not to treat each state law as a separate project but to build a governance foundation that covers the common ground, then map the specific requirements of each relevant state onto it. Because the state laws, the EU AI Act, and frameworks like the NIST AI RMF share a great deal of substance, governing your AI well once positions you to meet many of them. The patchwork is easier to manage as a single, adaptable practice than as a stack of separate compliance efforts.
Key terms
- Patchwork
- A landscape of overlapping state laws in the absence of a single federal one.
- Federal AI law
- A national US statute governing AI; not yet enacted as a broad framework.
- High-risk AI
- AI used for consequential decisions, the focus of laws like Colorado's.
- AEDT
- Automated employment decision tool, regulated by NYC Local Law 144.