Strategic Artificial Intelligence Planning Alert: A State and Federal Regulatory Roadmap for 2025 Compliance
The adoption of artificial intelligence (AI) in corporate environments has become a pivotal initiative for many organizations as they look towards 2025. According to recent insights from the World Economic Forum, a staggering 88 percent of C-suite executives recognize that implementing AI is critical for their companies’ future success.
As businesses transition from testing AI technologies to integrating them into their operational processes, they are not only unlocking significant business benefits but also encountering pressing contractual and legal risks. To navigate these complexities, a comprehensive understanding of the evolving legal landscape surrounding AI is essential.
California
AB 1008: Amends the California Consumer Privacy Act Definition of “Personal Data” to Include AI (Effective January 1, 2025)
On September 28, 2024, Governor Newsom signed AB 1008, expanding the definition of personal information under the California Consumer Privacy Act to include AI systems capable of generating personal data. This amendment necessitates compliance with notice, consent, data subject rights, and reasonable security controls.
SB 942: California AI Transparency Act (Effective January 1, 2026)
This legislation mandates that covered providers disclose their use of generative AI systems in relation to AI-generated content. Specifically, it requires providers to offer tools for assessing AI-generated content and to include clear disclosures indicating that the content is AI-generated.
AB 2013: Requires Generative AI Training Data Documentation (Effective January 1, 2026)
Under this law, developers of generative AI systems must publish documentation about the training data used, including a summary of the datasets utilized, on their websites.
Colorado
Colorado Artificial Intelligence Act (Effective February 1, 2026)
Similar to the EU’s AI Act, the Colorado Artificial Intelligence Act is designed to prevent algorithmic discrimination, focusing on high-risk AI systems that affect critical decisions in areas such as housing, employment, and healthcare. Violations of the Act can result in penalties up to $20,000 per infraction.
Illinois
IL HB-3773: Limit Predictive Analytics Use (Effective January 1, 2026)
This amendment to the Illinois Human Rights Act prohibits AI usage that leads to illegal discrimination in employment contexts and mandates employee notifications when AI is employed in decision-making processes.
Minnesota
MN HF 4757: Minnesota Consumer Data Privacy Act (Effective July 31, 2025)
This Act empowers individuals with rights to opt out of automated decision-making and to question the outcomes of predictive profiling.
Utah
Utah Artificial Intelligence Policy Act (Effective May 1, 2024)
The UAIP establishes liability for using generative AI that violates consumer protection laws without proper disclosures. The Act mandates that regulated occupations disclose interactions with generative AI prominently.
State Attorney Generals and Governors Get Involved
In recent developments, attorney generals from Massachusetts, Oregon, and New Jersey have issued guidance on the use of AI, emphasizing compliance with existing laws. Furthermore, governors in Texas, New York, and Virginia have taken action against certain AI technologies due to concerns regarding security, privacy, and censorship.
State Legislation and Regulations to Watch
Several states are currently reviewing new high-risk or comprehensive AI legislation. States such as Illinois, New York, and Virginia are exploring bills that may significantly impact the AI landscape.
A Federal AI Policy Is in the Works
On January 23, 2025, the Trump Administration announced plans to issue a new AI policy by July 2025, aimed at enhancing national AI development and security.
As organizations prepare for the upcoming regulatory environment, staying informed and compliant with these evolving laws will be critical to successfully leveraging AI technologies in their operations.
