Contrary to the perception that artificial intelligence in the United States operates without legal boundaries, a complex web of existing federal and state laws already applies. Alongside these, multiple federal agencies have issued frameworks, and several states have enacted AI-specific legislation, with more considering targeted laws. This evolving regulatory environment is marked by heightened scrutiny from lawmakers and enforcement bodies.
At the federal level, the Federal Trade Commission (FTC) has taken a prominent role. In February 2023, the FTC issued guidance clarifying that its enforcement authority under Section 5 of the FTC Act extends to AI-related claims. The agency cautioned that it will examine whether marketers make false or unsubstantiated assertions about AI-powered products—such as overstating technical capabilities, claiming superiority over non-AI alternatives without proof, or misrepresenting whether AI is used at all. The guidance also emphasized the need for companies to understand the risks and limitations of their AI offerings, including potential biases that could render them unsuitable for certain applications.
On April 25, 2023, the FTC joined with the Civil Rights Division of the US Department of Justice, the Consumer Financial Protection Bureau, and the US Equal Employment Opportunity Commission in a joint statement pledging to “uphold America’s commitment to the core principles of fairness, equality, and justice as emerging automated systems, including those sometimes marketed as ‘artificial intelligence’ or ‘AI,’ become increasingly common in our daily lives—impacting civil rights, fair competition, consumer protection, and equal opportunity.”
Other federal agencies have also advanced AI governance. On January 26, 2023, the National Institute of Standards and Technology (NIST) released its AI Risk Management Framework Version 1.0. This voluntary guide assists organizations in developing and deploying AI systems responsibly. The first part defines the characteristics of trustworthy AI, while the second outlines four functional categories for addressing system risks. Although voluntary, NIST’s cybersecurity framework history suggests that this AI framework could become widely adopted, potentially influencing industry norms domestically and abroad.
State-level activity has accelerated sharply, with a 46% increase in AI-related bills introduced between 2021 and 2022. Legislative topics span predictive policing, facial recognition use by law enforcement, consumer rights, employment practices, financial and insurance decision-making, and healthcare applications.
Several states have enacted notable laws. Illinois’ Artificial Intelligence Video Interview Act mandates disclosure when AI tools analyze job applicant videos. New York City’s Local Law 144 regulates employer use of automated employment decision tools. Vermont’s H.B. 410 established an Artificial Intelligence Commission, while Washington’s S.B. 5693 funded an automated decision-making working group.
Pending proposals are equally diverse. California’s S.B. 313 would create an Office of Artificial Intelligence for state agencies, and AB No. 331 requires impact assessments for automated decision tools. Colorado’s Division of Insurance has proposed governance regulations for algorithms and predictive models. Connecticut’s Senate Bill No. 1103 seeks an AI office and bill of rights. The District of Columbia’s Stop Discrimination by Algorithms Act of 2023 aims to prevent discriminatory algorithmic eligibility determinations. Texas HB 2060 would establish an AI advisory council.
For organizations integrating AI into operations, several considerations stand out. First, identify all AI applications within decision-making processes through a comprehensive survey. Second, conduct documented risk assessments, weighing costs, benefits, and mitigation strategies, and implement controls where needed. Third, embed compliance measures at the organizational core, with policies covering transparency, accountability, fairness, data integrity, accuracy, foreseeable risks, and social impact. Fourth, assign clear responsibility for AI governance, potentially through a dedicated role akin to a chief privacy officer. Finally, leverage existing compliance and risk management programs, ensuring AI governance policies are understood across business units and integrated into daily operations.
This multifaceted regulatory landscape underscores the need for technical and operational awareness among engineers, developers, and innovators. As AI technologies permeate sectors from aerospace to robotics, understanding the interplay between capability, ethics, and compliance will be essential for sustainable advancement.