State AI Law Landscape
U.S. state AI laws are creating a compliance patchwork that organizations operating nationally must navigate without a unified federal framework. Learn the key requirements across the most significant state laws and how they interact.
State AI Law Landscape: California, Texas, Colorado, New York, Illinois
Your organization may not have operations in Colorado. But if your AI-driven hiring platform screens applicants who live there — or your credit model evaluates Colorado customers — Colorado's AI Act applies to you. State AI law doesn't follow your headquarters. It follows your AI tools.
That reframe changes the compliance question entirely. The relevant question isn't whether a given state has an AI law. It's which state laws are already triggered by tools your organization deployed before anyone ran this analysis.
Why Federal Inaction Created a Compliance Patchwork
Congress has not passed comprehensive AI legislation. The closest thing to federal action is the Trump Administration's December 2025 Executive Order directing agencies to challenge "excessive" state AI laws — an aspiration, not a preemption. Under the Supremacy Clause, executive orders don't nullify state statutes. Until Congress acts, state laws are the binding compliance baseline.
The vacuum has been productive. California, Colorado, Texas, New York, and Illinois have each enacted AI laws that are either already in effect or taking effect in 2026. Each covers different ground. None is redundant.
The practical result: a company using an AI hiring tool nationally may be simultaneously subject to New York City Local Law 144's bias audit requirements, Illinois' AI Video Interview Act, and California's Civil Rights Council employment regulations — with Colorado's AI Act joining that list on June 30, 2026.
What Each State Actually Requires
California operates a layered regime. The Transparency in Frontier Artificial Intelligence Act (TFAIA), effective January 2026, targets large-scale model developers above a defined compute threshold — primarily a vendor obligation for most organizations. California's Civil Rights Council separately amended Fair Employment and Housing Act (FEHA) regulations, effective October 2025, making algorithmic discrimination in hiring explicitly unlawful through third-party vendor tools. The employer remains liable. Assembly Bill 2013 (AB 2013) adds training data transparency requirements for generative AI developers.
Colorado's AI Act (Senate Bill 24-205, effective June 30, 2026) covers deployers — any organization using a "high-risk" AI system to make consequential decisions about Colorado consumers in employment, housing, credit, healthcare, insurance, education, or legal services. Deployers must complete impact assessments, implement risk management programs, notify consumers, and provide appeal rights. The Colorado Attorney General (AG) enforces; penalties reach $20,000 per violation.
Texas' Responsible AI Governance Act (TRAIGA), effective January 2026, is intent-focused in liability: it prohibits AI systems intentionally designed for unlawful discrimination, rights infringement, or harmful manipulation. State agencies face the heaviest compliance burden; healthcare providers must disclose AI use in diagnosis and treatment. TRAIGA offers meaningful safe harbors for organizations following the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF) or actively self-detecting and remediating issues.
NYC Local Law 144, effective since July 2023, requires annual independent bias audits for automated employment decision tools (AEDTs) used in New York City hiring or promotion, public disclosure of audit results, and at least 10 days' advance notice to candidates. Enforcement penalties are modest ($500–$1,500 per violation per day), but audit and public disclosure requirements create significant reputational pressure.
Illinois has two statutes operating in tandem. The Artificial Intelligence Video Interview Act (AIVIA) requires notice, consent, use restrictions, and deletion when AI analyzes job interview video. The Biometric Information Privacy Act (BIPA) governs biometric identifiers — including facial geometry that many AI video interview platforms capture. BIPA is the only AI-adjacent state law with a private right of action, and class action exposure has driven settlements in the hundreds of millions.
Where These Laws Conflict — and How to Build One Posture
Three structural tensions matter for governance design.
Intent vs. impact. Texas requires intentional misuse to trigger liability. Colorado and New York City focus on discriminatory outcomes regardless of intent. Building to the effects-based standard — Colorado and NYC — satisfies Texas's intent requirement. The reverse doesn't hold.
Documentation requirements. Colorado mandates formal impact assessments. NYC mandates annual bias audits. California mandates transparency frameworks and training data disclosures. These aren't redundant — they test different things. A company compliant with NYC's bias audit requirement has not necessarily satisfied Colorado's impact assessment obligation, and vice versa. Both will be required for organizations operating in both jurisdictions.
Enforcement models. California, Texas, and Colorado provide AG enforcement with no private right of action. Illinois BIPA has a private right of action and has produced the largest AI-adjacent settlements in the country. Organizations with Illinois employees or job candidates using AI video tools carry materially different litigation exposure than companies operating only in other states.
The organizations most exposed aren't those that reviewed these laws and made deliberate choices. They're the ones that deployed AI tools before anyone asked which state laws applied.
A single practical posture holds across all five states: map every AI tool to jurisdiction — where do the affected people live and work, not where your headquarters sits — identify which laws apply to each use case, and build documentation, testing, and notice processes that satisfy the strictest applicable standard. Colorado's impact assessment requirement and NYC's bias audit requirement together define the documentation floor for employment AI. California's FEHA regulations define the liability posture for discrimination.
The Preemption Question
The Trump Administration's December 2025 Executive Order directs the Department of Justice (DOJ) to form an AI Litigation Task Force to challenge state AI laws and conditions federal grants on state compliance with a national framework. Colorado's AI Act is mentioned by name.
None of this preempts existing state law. Executive orders work through litigation risk and funding pressure — not automatic nullification. Until courts rule or Congress acts, state laws carry real enforcement consequences. A compliance strategy built around anticipated preemption is a liability in the making.
Where Governance Actually Fails
Most organizations don't fail to comply with state AI laws because they reviewed the requirements and rejected them. They fail because no one ran the jurisdictional mapping. The tool deployed nationally. Compliance assumed the vendor handled the regulatory piece. The vendor's contract was silent on state-specific obligations. The hiring platform screened Colorado candidates without an impact assessment or consumer notices.
The moment state obligations become visible is rarely at intake. It's after deployment — when a candidate complains, a regulator requests documentation, or an audit asks what's in the AI inventory.
Building jurisdiction into intake before procurement or deployment is the structural change these laws require.
Quick Reference
| State | Key Law | Scope | Effective |
|---|---|---|---|
| California | TFAIA / FEHA regs / AB 2013 | Frontier developers; employers using AI in hiring | Jan 2026 / Oct 2025 |
| Colorado | AI Act (SB 24-205) | Deployers using high-risk AI for consequential decisions | June 30, 2026 |
| Texas | TRAIGA | Developers, deployers, state agencies | Jan 2026 |
| New York City | Local Law 144 | Employers using AEDTs in NYC hiring or promotion | July 2023 |
| Illinois | AIVIA / BIPA | AI video interviews; biometric identifiers | 2020 / 2008 |
Pro Tip: Most conversations about state AI law focus on whether federal preemption will eventually arrive. The more immediate question is whether your AI tools are already triggering obligations you haven't mapped. Start with an inventory of every AI system that touches hiring, credit, healthcare, insurance, or consumer decisions — then ask where each one operates and whose data it processes. That single exercise will surface more compliance exposure than a year of regulatory monitoring.
Regulatory requirements in this area are actively evolving. This article reflects the landscape as of April 2026 — verify current obligations with qualified legal counsel before making compliance decisions.
Continue Learning
This is a free preview module. Method 9 members access the full library of compliance frameworks, assessment tools, and implementation templates.
Explore Membership