AI Transparency Act 2024 & State AI Laws: The Complete 2026 Guide

1. The AI Regulation Landscape in 2026

Artificial intelligence regulation in the United States has reached an inflection point. After years of federal inaction, state legislatures have moved decisively to fill the vacuum — enacting laws that govern how AI systems are built, deployed, and audited across nearly every sector of the economy. As of 2026, AI Laws by State has published 2,182 AI-related bills across all 50 state legislatures, with 50 states having introduced or enacted AI-specific legislation.

The pace of lawmaking has accelerated sharply since 2023. What began as narrow, sector-specific interventions — New York City's bias audit requirement for hiring tools, Illinois's consent mandate for AI video interviews — has expanded into sweeping, cross-sector AI governance frameworks. Colorado's Artificial Intelligence Act, signed into law in 2024 and taking effect in 2026, represents the most comprehensive state-level AI regulation in the nation. California, Texas, Virginia, and Connecticut are not far behind.

For legal counsel and compliance professionals, the challenge is no longer whether AI regulation applies to your clients — it almost certainly does. The challenge is understanding which laws apply, what they require, when compliance deadlines fall, and how to build a defensible compliance program before enforcement begins.

This guide provides a comprehensive, jurisdiction-by-jurisdiction overview of the AI regulatory landscape. It covers enacted laws, pending legislation with near-term enactment prospects, sector-specific rules, and the practical compliance obligations businesses face in 2026. Links throughout connect to live data on the States Directory and our interactive compliance tools.

2. The Federal Landscape: Still No Comprehensive Law

Despite significant Congressional activity — multiple competing AI framework bills, Senate hearings with major AI developers, and executive agency rulemaking — the United States still lacks a comprehensive federal AI law as of mid-2026. This absence is the single most important structural fact shaping the compliance landscape.

What does exist at the federal level is a patchwork of:

• Executive orders — including the 2023 Biden Executive Order on Safe, Secure, and Trustworthy AI, which directed agencies to develop sector-specific guidance but created no directly enforceable private obligations.
• Agency guidance and rulemaking — the CFPB has issued guidance on AI in credit decisions; the EEOC has addressed AI in hiring; the FTC has signaled enforcement against deceptive AI practices; HHS has addressed AI in healthcare.
• Existing law applied to AI — civil rights laws, consumer protection statutes (FTC Act Section 5), financial regulations (Equal Credit Opportunity Act, Fair Housing Act), and HIPAA apply to AI systems in their respective sectors, even without AI-specific rules.
• NIST AI Risk Management Framework — voluntary, but increasingly referenced in state laws and contracts as a baseline standard.

The practical consequence: compliance obligations in 2026 are predominantly state-driven. Organizations operating in multiple states face a genuine patchwork of requirements. Where state laws conflict, the strictest applicable requirement generally governs. Federal preemption arguments have gained little traction, and no preemptive federal law is expected to pass in the near term.

3. State-by-State Overview: Major Enacted Laws

The following table summarizes the most significant enacted AI laws and the states most actively legislating in this space. See the full States Directory for complete bill-level detail for every state.

Colorado: The Most Comprehensive State AI Law

Colorado's Artificial Intelligence Act (SB 24-205) is the most comprehensive AI-specific regulation enacted by any U.S. state. Signed in May 2024 and effective June 30, 2026 (delayed from the original February 1 date by SB 25B-004), it creates a two-tier compliance framework applicable to developers and deployers of "high-risk AI systems" — those that make or substantially influence consequential decisions affecting Colorado consumers.

Covered consequential decision domains include: employment and employment opportunity; education enrollment and opportunity; financial or lending services; essential government services; healthcare; housing; insurance; and legal services. Any AI system that makes or substantially contributes to decisions in these domains, with meaningful effects on individual lives, is a "high-risk AI system" subject to the Act.

Key obligations include: risk management programs aligned with recognized standards (NIST AI RMF or equivalent); annual impact assessments; consumer disclosures; opt-out mechanisms for certain AI decisions; bias testing; incident reporting to the Colorado AG; and documentation requirements. See our full article The Colorado AI Act Explained and the Colorado state page for complete details.

California: A Multi-Law Landscape

California has enacted multiple AI-specific statutes rather than a single omnibus law. Key enacted measures include:

• SB 942 (AI Transparency Act, 2024) — requires large AI providers (10M+ monthly California users) to make their GenAI systems detectable and to provide a free provenance detection tool. Originally scheduled to take effect January 1, 2026; AB 853 (2025) deferred the operative date to August 2, 2026.
• AB 2013 (2024) — requires AI developers to publish documentation about training data sources on their websites by January 1, 2026.
• AB 1008 (2024) — clarifies that AI-generated content is covered by existing privacy law (CCPA) where it relates to identifiable individuals.
• SB 1047 (2024, vetoed) — major safety bill vetoed by the governor; successor legislation expected in 2025–2026.
• AB 3211 / SB 926 — deepfake labeling requirements for political advertising and sexual content.

California's legislative pipeline remains extremely active. Visit the California state page to track all pending bills.

Illinois: Biometrics and AI in Hiring

Illinois has two landmark AI-adjacent laws. The Biometric Information Privacy Act (BIPA, 2008) — the nation's most-litigated biometric privacy law — applies to AI systems that process fingerprints, facial geometry, voiceprints, or retina scans. BIPA requires prior written consent, limits data retention and sharing, and provides a private right of action with statutory damages of $1,000–$5,000 per violation. Class actions under BIPA have resulted in billion-dollar settlements.

The Artificial Intelligence Video Interview Act (AIVIA, 2020) requires employers using AI to analyze video interviews to: notify candidates before the interview; obtain consent; explain the AI factors evaluated; and limit disclosure to third parties. Illinois is also the first state to amend its Human Rights Act to prohibit employers from using ZIP codes as proxies for race in AI-assisted hiring.

See the Illinois state page for current legislation.

New York: Hiring AI Audits and Statewide Privacy

New York City Local Law 144, effective July 5, 2023, requires employers and employment agencies using automated employment decision tools (AEDTs) — software that "substantially assists or replaces discretionary decision-making" in hiring or promotion — to conduct annual bias audits, publish audit summaries, and notify candidates that an AEDT will be used. The law covers employers with employees or candidates for employment in NYC. Enforcement by the NYC Department of Consumer and Worker Protection has resulted in meaningful fines.

At the state level, New York's AI legislation is advancing on multiple fronts, including statewide employment AI regulation and comprehensive privacy law. See the New York state page.

Texas: TRAIGA

The Texas Responsible AI Governance Act (TRAIGA) creates requirements for developers and deployers of high-risk AI systems affecting Texas residents. Modeled partly on the Colorado framework, TRAIGA requires impact assessments, consumer notifications, and anti-discrimination measures. The Texas AG has enforcement authority. See the Texas state page.

Utah: Generative AI Disclosure

Utah's Artificial Intelligence Policy Act (SB 149, 2024), effective May 1, 2024, requires businesses in regulated industries (healthcare, legal, financial) to disclose when consumers are interacting with a generative AI system rather than a human, if the consumer asks. It also creates the Office of Artificial Intelligence Policy. See the Utah state page.

4. Key Compliance Areas Across States

Employment and Hiring AI

Employment AI is the most heavily regulated AI use case in the United States. Multiple overlapping frameworks apply: NYC Local Law 144 (bias audits), Illinois AIVIA (consent and disclosure), and emerging statewide laws in New York, California, and Colorado. Employers nationwide using AI for resume screening, interview analysis, or promotion decisions should assume some form of applicable requirement exists and implement a compliance baseline now.

The Am I Affected? tool can assess your employment AI exposure by state. The Bill Comparator allows side-by-side analysis of applicable hiring AI laws.

Healthcare AI

AI systems used in clinical decision support, diagnosis assistance, treatment recommendation, or prior authorization face a layered compliance environment: HIPAA requirements for protected health information, FDA clearance or approval for AI/ML-based Software as a Medical Device (SaMD), and state-level requirements under the Colorado AI Act (healthcare is a covered high-risk domain) and California's emerging healthcare AI rules. The American Medical Association and state medical boards have published guidance on AI use in clinical practice.

Insurance AI

Insurance regulators in Colorado, California, New York, and many other states have specifically addressed AI in underwriting and claims. The Colorado AI Act explicitly covers insurance as a high-risk domain. The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (2023) has been adopted by or is under consideration in a majority of states. Algorithmic discrimination in insurance is subject to existing state anti-discrimination laws in addition to new AI-specific rules.

Financial Services and Credit AI

AI systems used in credit scoring, lending decisions, or financial services face the Equal Credit Opportunity Act (ECOA) adverse action notice requirements, Fair Housing Act prohibitions, and CFPB guidance on AI explainability in credit decisions. At the state level, the Colorado AI Act covers financial services; several states have enacted or proposed specific rules on AI in banking and consumer credit.

Facial Recognition

Facial recognition technology is the most heavily regulated specific AI capability. Illinois BIPA requires consent. San Francisco, Oakland, Boston, and other cities ban government use. Maine, New Hampshire, Oregon, and Washington have enacted restrictions. Biometric laws vary significantly — some require consent, others prohibit use outright in defined contexts, others require data governance programs. Use the Bill Comparator to analyze applicable facial recognition laws.

Consumer-Facing AI and Generative AI

Utah and California have enacted disclosure requirements for generative AI in regulated consumer contexts. Additional state laws address deepfakes, synthetic media, and AI impersonation. Several states require disclosure of AI-generated political advertising. Synthetic voice laws (targeting AI impersonation of individuals) are advancing in several legislatures.

5. Industry Impact: Who Is Most Affected

The industries most immediately affected by state AI regulation are those where AI is used to make decisions that significantly affect individual rights or wellbeing. See the Industries section for a full breakdown by sector.

• Human Resources and Talent Acquisition — highest current regulatory exposure, with multiple enacted laws in force
• Insurance — NAIC Model Bulletin adoption spreading rapidly; Colorado, California, New York requirements
• Healthcare and Life Sciences — FDA, HIPAA, and state-level high-risk AI requirements converging
• Financial Services — CFPB guidance, ECOA, and state-level high-risk AI frameworks
• Legal Technology — Utah disclosure requirements; malpractice exposure for undisclosed AI use
• Education Technology — Colorado AI Act covers educational decisions; multiple states addressing student data AI
• Real Estate and Housing — Fair Housing Act + Colorado AI Act; several state housing AI bills pending

6. How to Stay Compliant in 2026

Step 1: Inventory Your AI Systems

Document every AI system your organization develops, deploys, or uses that could affect consumers, employees, patients, or applicants. Record the vendor, purpose, decision domain, states of operation, and populations affected. This inventory is the foundation of any compliance program and is specifically required by several laws.

Step 2: Assess Applicable Law

For each AI system in your inventory, determine which state laws apply based on: where the AI operates, the industry sector, the type of decision being made, and the population affected. Use the Am I Affected? tool as a starting point, then engage legal counsel for a definitive assessment. Track legislative developments with the Deadline Calendar.

Step 3: Conduct Impact Assessments

Colorado, Texas, Virginia, and Connecticut all require or are moving toward requiring algorithmic impact assessments for high-risk AI systems. Even where not yet required, conducting documented impact assessments now — using the NIST AI RMF or ISO/IEC 42001 framework — establishes good-faith compliance efforts and provides a defensible record.

Step 4: Implement Consumer-Facing Obligations

Many state laws require specific consumer disclosures, opt-out mechanisms, or adverse action notices when AI is used in consequential decisions. Review your customer-facing processes, privacy notices, and adverse action letters against applicable requirements. NYC Local Law 144's bias audit summaries must be publicly posted. Colorado requires certain disclosures at or before the time of a consequential decision.

Step 5: Build Ongoing Monitoring

AI regulation is the fastest-moving area of law in the United States. New bills are introduced, amended, and enacted on a near-weekly basis. Legal teams need systematic monitoring processes — not just point-in-time research. Subscribe to the AI Laws by State newsletter for updates, use the Deadline Calendar to track upcoming effective dates, and set up state watchlists for your priority jurisdictions.

7. Conclusion and Next Steps

The AI regulatory landscape in 2026 is complex, fast-moving, and consequential. With 2,182 published AI bills across 50 states, and major compliance deadlines falling throughout the year, legal and compliance teams face a genuine tracking and analysis challenge. The good news is that the core compliance obligations — AI inventories, impact assessments, consumer disclosures, bias testing — are consistent enough across state laws that a well-designed compliance program can address multiple jurisdictions simultaneously.

AI Laws by State is designed specifically to help legal professionals and compliance teams navigate this landscape. The site tracks every active AI bill across all 50 states, updated daily from official legislative sources. Use the tools below to start your compliance analysis:

• Am I Affected? — assess your regulatory exposure by industry and state
• Deadline Calendar — track every upcoming AI law effective date
• Penalty Tracker — understand the financial stakes of non-compliance
• Bill Comparator — analyze side-by-side differences across state laws
• States Directory — browse all bills by state