The Future of AI Compliance—Preparing for New Global and State Laws

Alert
By David Senter and Hunter Bruton

The regulatory landscape for artificial intelligence is evolving rapidly, with significant changes emerging at international, national and state levels. Businesses operating in multiple jurisdictions must navigate these shifting requirements to maintain compliance and mitigate risk. Notably, the European Union AI Act, the recently enacted Colorado AI Act and new California AI laws illustrate growing regulatory scrutiny. At the same time, a recent Executive Order from the federal government signals a shifting U.S. policy approach.

EU AI Act

In August 2024, the European Union’s Artificial Intelligence Act came into force, with the majority of its provisions set to be enforced beginning August 2026. As the first comprehensive legal framework for AI regulation across the EU, the Act is expected to influence AI policies worldwide. At a high level, the Act categorizes AI systems based on risk and imposes corresponding obligations on providers and deployers. High-risk AI models, such as those used in medical devices or critical infrastructure, must adhere to stringent transparency, human oversight and accuracy requirements. Additionally, general-purpose AI systems face specific compliance obligations, including conformity assessments, impact evaluations and continuous monitoring. Companies developing or deploying AI with ties to the EU market should align their governance structures accordingly to ensure compliance with these rigorous standards. 

Companies should consider planning early to bolster compliance and risk mitigation strategies given the Act’s broad coverage.

Currently the Act purports to cover:

  1. Any provider placing an AI product or service within the EU.
  2. Users of the AI products and services within the EU.
  3. Any provider or user of an AI system where the output produced by the system can or is intended to be used within the EU.

Colorado AI Act and Other Activity

Stateside, executive orders and legislation are actively being developed at the federal level. But the more compelling story is occurring in state legislatures, where hundreds of AI-related bills have been considered in the last year.

For example, Colorado recently enacted the Colorado AI Act, which will become enforceable in February 2026. In preparation, businesses operating in Colorado that use high-risk automated decision-making systems—such as those affecting education, employment, financial services, health care, housing, insurance or legal services—should begin integrating the Act’s requirements into their AI compliance programs. Specifically, deployers of such systems should consider AI risk management protocols, conduct impact assessments and notification efforts for consumers when AI systems are in use. Given the rapid expansion of AI technology across industries, other states are expected to adopt similar legislation, making the Colorado AI Act a likely model for future regulatory developments in the United States.

Not to be outdone, the California legislature is busy passing AI laws with 18 different bills now signed into law during the last legislative session. Two recent highlights of such legislation are below:

  1. The California AI Transparency Act – SB 942
    Effective January 1, 2026, this Act requires that "covered providers" and third-party licensees of generative AI systems disclose when AI is being used in interactions with consumers or constituents. "Covered providers" are broadly defined as "a person that creates, codes, or otherwise produces a generative artificial intelligence system that has over 1,000,000 monthly visitors or users and is publicly accessible" within California. Such providers must offer free AI detection tools and labels that enable consumers to clearly identify when AI systems are used. Violations can result in penalties of $5,000 of per day, along with attorneys’ fees and costs. Though, there is no private right of action under the Act.
  2. Artificial Intelligence in Health Care Services – AB 3030
    Effective January 1, 2025, this law requires healthcare providers using generative AI systems for patient communications or patient clinical information to both (1) disclose the use of generative AI in making the communication and (2) provide instructions for patients to contact a human health care provider. The law does not apply to the use of generative AI unrelated to patient clinic information, such as scheduling or billing. Violations are subject to existing enforcement mechanisms of the Medical Board of California, the Osteopathic Medical Board of California and the California Health and Safety Code.

Shifting Federal AI Policy

For the federal government’s part, earlier this year, the Trump Administration issued Executive Order 14179, which is notably more concise than its recently revoked predecessor, Executive Order 14110 from the Biden administration. The Trump Administration’s Executive Order forecasts that "It is the policy of the United States to sustain and enhance America's global AI dominance in order to promote human flourishing, economic competitiveness, and national security."  The order establishes a 180-day timeline for a group of stakeholders to present the President with a strategic roadmap for achieving this policy objective. However, based on similar policies under the Trump Administration, we may expect to see the administration take a more hands off approach to AI regulation in the coming months and years.

Key Takeaways for Businesses

  1. International Compliance – Companies with EU market exposure should prepare for the EU AI Act’s extensive compliance requirements.
  2. State-Level Readiness – Businesses operating in the U.S. should monitor and adapt to evolving state AI regulations.
  3. Federal Uncertainty – While federal AI regulation remains in development, enforcement risks under existing laws may increase.

These trends, including efforts to hold companies liable under existing regulations, pose compliance and litigation risks for companies operating in this evolving regulatory environment. As AI use and regulation continue to advance, companies must remain proactive in adapting to emerging requirements. For further guidance on AI compliance strategies, please reach out to Hunter Bruton and David Senter

Professionals

Jump to Page

This website uses cookies to enhance your browsing experience and improve functionality. To learn more, you may view our Privacy Policy. By continuing to browse Smith Anderson's website, you are accepting our use of cookies in accordance with our privacy policy.