Virginia’s High-Risk AI Developer and Deployer Act: An Overview
The Virginia High-Risk Artificial Intelligence Developer and Deployer Act (HB 2094) is a significant piece of legislation that addresses the growing concerns surrounding algorithmic discrimination in artificial intelligence systems. Passed by the Virginia General Assembly on February 20, 2025, this Act awaits the signature of Governor Youngkin to become law.
Scope of the Act
Under this Act, Virginia would become the second state in the U.S. to enact legislation targeting high-risk AI systems, following Colorado. The Act specifically pertains to those AI systems designed to autonomously make, or substantially influence, consequential decisions.
Consequential decision-making involves decisions that can significantly affect consumers in areas such as:
- Parole, probation, or release from incarceration
- Education enrollment and opportunities
- Access to employment
- Financial and lending services
- Health care services
- Housing
- Insurance
- Marital status
- Legal services
Requirements for Developers and Deployers
The Act mandates that developers and deployers of high-risk AI systems conduct comprehensive risk assessments and document their intended uses and limitations. Key obligations include:
- Providing clear disclosures about the AI system’s performance, limitations, and potential biases.
- Delivering detailed documentation explaining the evaluation methods used to test the system’s performance.
- Outlining steps taken to mitigate known risks associated with the AI system.
Exemptions and Limitations
Not all AI systems fall under the purview of this Act. Exemptions include:
- AI systems performing narrow procedural tasks
- Technologies that improve existing human activities
- Systems detecting decision-making patterns
- Preparatory tasks relevant to consequential decisions
Moreover, certain technologies are explicitly excluded from the Act, such as:
- Anti-fraud technologies not utilizing facial recognition
- Artificial intelligence-enabled video games
- Autonomous vehicle technologies
- Cybersecurity technologies
- Data storage and networking technologies
- Spam and robocall filtering
- Natural language communication technologies
Concerns and Exemptions for Industries
During discussions surrounding the bill, many industries expressed concerns that restricting AI usage could potentially jeopardize their operations. The Act includes provisions to ensure that certain activities are exempt from restrictions, such as:
- Compliance with federal, state, or municipal regulations
- Cooperation with law enforcement
- Investigating or defending against legal claims
- Providing specific products or services requested by consumers
- Addressing security incidents, identity theft, and fraudulent activities
Additionally, specific industries, including banks and credit unions, are deemed to have met the requirements of the Act if they are already regulated by federal or state entities.
Effective Date
If signed into law, the Virginia High-Risk AI Developer and Deployer Act will come into effect on July 1, 2026. The enforcement of this Act will be under the exclusive authority of the Virginia Office of the Attorney General.
This legislation marks a pivotal step in regulating the deployment of high-risk artificial intelligence and protecting consumers from potential algorithmic biases, setting a precedent for future AI legislation across the United States.
