In early 2025 President Trump issued an Executive Order (EO) directed to Removing Barriers to American Leadership. The policies in this EO aim to sustain and enhance US global AI dominance and promote human flourishment, economic competitiveness, and national security. Trump’s EO rolled back all policies, directives, regulations, orders and other actions taken pursuant to President Biden’s late 2023 EO entitled, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.”
In the US, laws can be enacted at the Federal, State and local level, adding to the potential complexity of governing AI. The US does not have comprehensive Federal or data privacy AI legislation. Laws are being enacted at the state level.
Colorado Leads State-Level AI Legislation
In May 2024, Colorado became the first U.S. state to enact a broad-based AI law, set to take effect in February 2026. This pioneering law focuses on preventing algorithmic discrimination in “high-risk” AI systems and imposes duties on both developers and deployers. Notably, enforcement authority lies solely with the Colorado Attorney General. Amendments are likely before the law goes into force.
California Implements AI Transparency Requirements
California has passed a law requiring generative AI developers to disclose the training data sources behind their models – effective January 1, 2026. Other state-level efforts, including laws in Tennessee and California, are targeting synthetic media, requiring transparency and regulating the use of digital replicas and “deepfakes.”
Federal TAKE IT DOWN Act Addresses AI-Generated Content
The TAKE IT DOWN Act, a new federal law, prohibits the nonconsensual distribution of intimate imagery—including AI-generated deepfakes. Platforms must remove offending content within 48 hours of notification and prevent its redistribution. This act reflects a growing federal focus on consumer protection in AI applications.
Multi-Agency Federal Enforcement Approach
While there is no standalone federal AI regulation, various federal agencies – including the Department of Justice (DOJ), Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), and the Equal Employment Opportunity Commission (EEOC) – enforce existing anti-discrimination, privacy, and consumer protection laws that apply to AI systems. So far, federal enforcement actions remain limited but are expected to increase as use cases expand.
State Privacy Laws Create AI Compliance Requirements
By the end of 2025, 16 states will have enacted comprehensive data privacy laws. Many include opt-out rights for consumers impacted by AI in critical sectors, such as for example, education, employment, finance, and housing. California continues to lead with proposed legislation directly targeting AI under the broader umbrella of data privacy.
HIPAA Governs Healthcare AI Applications
The Health Insurance Portability and Protection Act (HIPAA) also governs the use of protected health information in AI systems used in healthcare, posing additional compliance considerations for developers working in this space.
FDA Develops Medical Device AI Framework
The U.S. Food and Drug Administration (FDA) has introduced a proposed regulatory framework for AI/ML-enabled medical devices and maintains a public list of such approved products. This signals a more formal approach to AI oversight in healthcare, with safety and efficacy as central concerns.
Strategic Compliance for Global Companies
The fragmented nature of US AI regulation creates unique challenges for international companies serving American customers. The U.S. approach to AI regulation remains fragmented but is quickly evolving. Companies developing or deploying AI should prepare for a complex legal landscape that blends state-specific mandates, federal oversight, and industry-specific requirements. With enforcement expected to ramp-up in the coming years, AI governance strategies must be proactive – not reactive.
Need help with understanding the regulations and laws impacting your business, or setting up governance strategies to mitigate risk? Reach out to our team at CrossBorder IP for a hassle-free, complimentary consultation.