FRAMEWORK

Utah AI Policy Act compliance, generated from your own systems.

Utah SB 149 — the Artificial Intelligence Policy Act — establishes generative-AI disclosure duties under the Utah Consumer Sales Practices Act, creates the Office of Artificial Intelligence Policy (OAIP) and the AI Learning Lab regulatory-sandbox programme.

Request a demo See coverage

Coverage updated2 min ago

Coverage · Utah AI Policy Act

Framework coverage

90%

Coverage

Obligations mapped

+4% wk

Files on record

Live · synced 2 min ago · 7-day trend

Recent activity

Annex IV v4Approved

FRIA v2Approved

Monitoring plan v1Draft

THE OBLIGATION

Use of generative AI in consumer interactions must be disclosed if asked. In regulated occupations, it must be disclosed up front — and the operator remains liable as if a human had performed the act.

Under § 13-2-12, a person using generative AI in a consumer transaction subject to the UCSPA must clearly and conspicuously disclose that the consumer is interacting with generative AI, if and when the consumer asks. Failure is a UCSPA violation, with civil penalties and full Division of Consumer Protection enforcement.

Under § 13-72-301, where the consumer interaction involves a regulated occupation — those requiring a licence from the Division of Professional Licensing (doctors, lawyers, accountants, real-estate agents, mental-health professionals and others) — the disclosure obligation is affirmative: it must be made up front in oral interactions, prominently in written interactions, before the generative AI is used. Subsequent 2025 amendments (HB 452) added specific rules for mental-health chatbots.

A person using generative AI is liable for the act, statement or omission of the AI as though a human had performed it. Generative-AI use is not a defence; it is a fact about how the act was performed.

Beyond disclosure, the OAIP runs the AI Learning Lab — a regulatory-sandbox programme through which operators of novel AI can obtain regulatory mitigation agreements while learning agendas are studied. The OAIP also reports annually to the legislature on AI-policy recommendations.

At a glance

Applies toPersons using generative AI in consumer transactions subject to the UCSPA or in regulated-occupation interactions in Utah

Your likely roleOperator of the generative-AI system in the consumer interaction — liability is not transferred to the model provider

Key deadlineEffective 1 May 2024. HB 452 mental-health chatbot amendments effective 7 May 2025. OAIP and the AI Learning Lab operational.

Penalty exposureUCSPA civil penalties up to $2,500 per violation; Division of Consumer Protection enforcement; injunctive relief; consumer restitution. Professional licensing consequences in regulated occupations.

ARTEFACTS

The files this framework actually requires.

Utah's compliance footprint is small and concrete. Hael generates the disclosure language, the consumer-response procedure and the regulated-occupation evidence the Division will ask for.

Files · Evidence pack

PDFConsumer Disclosure Language (UCSPA § 13-2-12)v2updated 2 min agoApproved

PDFRegulated-Occupation Up-Front Disclosurev2updated 14 MayApproved

PDFConsumer-Inquiry Response Procedurev1updated 11 MayApproved

PDFMental-Health Chatbot Disclosure Pack (HB 452)v1updated 04 MayDraft

GRC tools tell you these are missing. Hael generates them — from each system's real configuration.

THE DIFFERENCE

A checklist tells you what's missing. Hael puts it on record.

Utah does not ask 'are you using AI?' It asks 'did you tell the consumer when you should have?' Hael holds the evidence that you did.

Typical GRC tool

Consumer Disclosure Language (UCSPA § 13-2-12)upload required

Regulated-Occupation Up-Front Disclosureupload required

Consumer-Inquiry Response Procedureupload required

Mental-Health Chatbot Disclosure Pack (HB 452)upload required

Tracks the gap. You still author every document.

Hael

Consumer Disclosure Language (UCSPA § 13-2-12)v2Generated 2 min agoview

Regulated-Occupation Up-Front Disclosurev2Generated · Approvedview

Consumer-Inquiry Response Procedurev1Generated · Approvedview

Mental-Health Chatbot Disclosure Pack (HB 452)v1Generated · Draftview

Generated from each system's real configuration, versioned, and kept current as it changes.

HOW HAEL WORKS

Discover, classify, produce — for Utah AI Policy Act.

01DISCOVER

Find the systems in Utah AI Policy Act scope, including embedded third-party AI.

Inventory · 14 systems

Credit scoring enginehigh

HR screening bothigh

Salesforce Einsteinlimited

02CLASSIFY

Assess each against Utah AI Policy Act's risk tiers and obligations.

Risk tier

Prohib.HighLimitedMin.

Role: ProviderArt. 9 · 11 · 14

03PRODUCE

Generate the Utah AI Policy Act records, versioned and current.

Generated files

Annex IV v4Approved

FRIA v2Approved

Monitoring v1Draft

COVERAGE

Every obligation, mapped to the control that satisfies it.

Rows are the framework's clauses.

Columns are the controls and files that satisfy them.

Cells update as the underlying configuration changes.

Explore the platform

Coverage Map

Obligation → Control

5 obligations · 4 controls

90%

covered

Disclosure

Procedure

Reg-Occ

Mental-Health

§ 13-2-12 Consumer disclosure

✓

—

§ 13-72-301 Regulated-occupation disclosure

—

✓

—

Liability attribution to operator

✓

—

Mental-health chatbot rules (HB 452)

—

✓

AI Learning Lab participation

—

•

—

§ 13-2-12 Consumer disclosure

Disclosure

v3 · sealed

Approvedopen file →

MAPPING

Clause by clause.

Obligation
What it requires
Hael control / file
Status

§ 13-2-12Disclose generative-AI use to consumer on request, clearly and conspicuouslyConsumer DisclosureApproved

§ 13-72-301Up-front disclosure in regulated-occupation interactionsRegulated-Occupation DisclosureApproved

LiabilityOperator remains liable for the AI's act, statement or omissionAcceptable-Use PolicyApproved

HB 452Specific disclosure / safety rules for mental-health chatbotsMental-Health PackIn progress

AI Learning LabRegulatory mitigation agreement / learning-agenda reporting (where elected)OAIP Participation RecordDraft

REUSE

Author once. Satisfy many.

Utah's disclosure infrastructure is the consumer-notice surface of the same generative-AI governance Colorado, California ADMT and the EU AI Act (Article 50 transparency) ask for. Build the operator-side acceptable-use and disclosure policy once; render it to each jurisdiction's surface.

→ shared evidenceEU AI ActColorado AI ActCalifornia ADMT / CCPATexas RAIGA

Trust & Security

SOC 2 Type IIISO/IEC 27001EU & US data residencySSO / SCIMEncryption in transit & at restAudit logging

Make every consumer-facing generative-AI surface Utah-fit.

Bring a generative-AI consumer interaction. We'll register it, classify the disclosure obligation (general or regulated-occupation), and show the disclosure language and response procedure Hael would generate.

Request a demo Explore the platform