Skip to Content

State AI Laws Continue to Emerge

03.04.2025

Introduction

Within the United States, new state laws regulating artificial intelligence continue to emerge. Below, we provide a high-level description of certain laws currently in effect or laws that will soon come into effect. This includes the following:

  1. AI laws regulating employment and hiring;
  2. AI laws regulating generative AI (“GenAI”) solutions; and
  3. Colorado’s comprehensive AI law.  

AI in Employment and Hiring

New York City Law 144 - In Effect

New York City’s Local Law 144 regulates the use of automated employment decision tools (AEDTs) in hiring and promotion decisions. The law applies to employers and employment agencies using AEDTs to evaluate candidates or employees within NYC. The law mandates that AEDTs undergo an independent bias audit. Employers must also provide candidates with prior notice of AEDT usage and allow them to request alternative evaluation methods. Penalties for noncompliance include a $500 civil penalty for a first violation and a penalty between $500 and $1,500 for each subsequent violation.

Available at: The New York City Council - File #: Int 1894-2020.

Illinois Artificial Intelligence Video Interview Act – In Effect

The Illinois Artificial Intelligence Video Interview Act regulates employers using AI to analyze video interviews of job candidates in the state. It requires employers to notify applicants before using AI, explain how the technology works, and obtain their written consent. Employers must also limit video sharing and delete interview recordings upon the applicant's request. 

Available at: Illinois General Assembly - Full Text of HB2557.

Illinois H.B. 3773 – In Effect January 2026

In House Bill 3773, Illinois amended the Illinois Human Rights Act to prohibit the use of AI in recruitment, hiring, promotion, and other employment contexts if such use results in discrimination based on protected characteristics. Employers are required to notify employees when AI is utilized in hiring. Noncompliance constitutes a civil rights violation, enforceable by the Illinois Department of Human Rights.

Available at: Illinois General Assembly - Full Text of HB3773.

Generative AI

Utah’s Artificial Intelligence Policy Act - In Effect

Utah’s Artificial Intelligence Policy Act requires businesses utilizing GenAI in the state or targeting GenAI solutions to Utah residents to provide certain notice content to consumers, making it clear that they are interacting with a GenAI. Noncompliance can result in administrative fines of $2,500 per violation.

Available at: SB0149.

California Artificial Intelligence Transparency Act – In Effect January 2026

The California Artificial Intelligence Transparency Act regulates “covered providers” of GenAI systems. The law defines a “covered provider” as a person who creates, codes, or otherwise produces a generative artificial intelligence system that has over 1,000,000 monthly visitors or users and is publicly accessible within the geographic boundaries of the state. Key requirements include that covered providers must: 

  • Develop and deploy a publicly accessible AI detection tool that allows users to assess whether content was generated or altered by the provider’s GenAI system and include details about the generated content. The AI detection tool must support automated API connections. Additionally, providers must collect user feedback on the tool’s effectiveness but are prohibited from collecting certain personal data regarding its use. 
  • Include certain “latent” disclosures in all AI-generated content that identifies, e.g., the covered provider, the name and version of the GenAI, and the date/time of content creation. 
  • Offer users the option to include additional “manifest” disclosures stating that content is AI-generated. 
  • Enforce certain contractual and licensing obligations on third-party licensees to maintain the system’s ability to include latent disclosures in AI-generated or altered content. If a provider learns that a licensee has disabled this capability, it must revoke the license within 96 hours, forcing the licensee to stop using the system.

Under the statute, covered providers face a civil penalty of $5,000 per violation for noncompliance, plus attorney’s fees for a prevailing plaintiff. Each day of noncompliance will be considered a separate violation, so there is a potential for penalties to increase over time. Third-party licensees may be subject to injunctive relief and attorney’s fees.

Available at: Bill Text - SB-942 California AI Transparency Act.

Colorado Artificial Intelligence Act – In Effect February 2026

Arguably the most significant AI legislation yet to be passed in the U.S. is Colorado’s Artificial Intelligence Act. The law borrows concepts from the EU AI Act and includes substantial obligations on “developers” and “deployers” of “High-Risk AI Systems” (“HRAIS”). High-Risk AI Systems are those that are used to make or contribute as a substantial factor in making so-called “consequential decisions” in certain covered areas such as education, employment, healthcare, or legal services, among others. 

Developers of HRAIS will be required to make a detailed set of disclosures to deployers of their systems, to post a statement on their websites detailing how the system manages the risk of algorithmic discrimination, and to disclose known or discovered risks of algorithmic discrimination to the Colorado Attorney General.

Deployers of HRAIS will be required to develop and implement a comprehensive AI risk management policy and program; conduct and document annual impact assessments; post a website statement describing the types and uses of HRAIS and how the deployer manages the risk of algorithmic discrimination; and deploy notices directly to consumers describing the types of HRAIS used, the types of decisions made, and notices regarding any adverse decisions. Deployers must also report any known or discovered algorithmic discrimination to the Colorado Attorney General.

Businesses should consider additional compliance activities under the CO AI Act, such as a review of contracts, adherence to the NIST AI Risk Management Framework, and deployment of an “accepted use” policy for any AI-generated natural language communications. Companies should also consider disclosing in any case that the Colorado resident is interacting with an artificial intelligence system, even if the system is not a HRAIS. 

Noncompliance with the law for developers and deployers can result in civil fines of $20,000 per violation.

Available at: 2024a_205_signed.pdf

Conclusion

The list of technology companies not utilizing AI may soon be shorter than the list of those that are. Compliance obligations are becoming more sweeping, and statutory fines may pose significant risk. In addition to state fines and enforcement noted above, we expect that additional legal risk will emerge as a result of private plaintiffs’ action. Businesses should begin planning for and addressing AI legal obligations immediately. 

Disclaimer: The list of laws and obligations contained in this article are for informational purposes only and are not intended to be comprehensive. Nothing in this article should be considered legal advice.

Media Contact

If you have any media inquiries or would like additional information, please click here.

Featured People