Introduction
The evolving landscape of artificial intelligence (AI) regulation is prompting states across the United States to implement comprehensive legal frameworks. These regulations aim to ensure transparency, prevent discrimination [2], and protect individual rights in the deployment and use of AI technologies.
Description
Employers in Illinois are required to notify applicants before using AI in recruitment processes [2], explain the technology’s workings [2], and obtain written consent [2]. A new AI Law [1], effective January 1, 2026 [1] [3], amends the Illinois Human Rights Act to include nondiscrimination provisions [1], prohibiting AI use that leads to unlawful discrimination based on protected characteristics [1]. This law also bans the use of zip codes as a proxy for protected classes in employment decisions [1], aiming to prevent bias in recruitment [1], hiring [1] [2], and promotions [1]. Additionally, employers must limit video sharing and delete interview recordings upon request [2]. Noncompliance with these regulations is treated as a civil rights violation enforceable by the Illinois Department of Human Rights.
In Utah [3] [4], the AI Policy Act (SB 149) [1], effective May 1, 2024 [1] [3] [4], mandates transparency in the use of Generative AI (GenAI) [1]. Businesses must inform users when they are interacting with a GenAI tool [1], and those outside of regulated occupations must disclose the use of GenAI if requested [1]. Companies are also required to notify workers at least 10 working days in advance of using an Automated Employment Decision Tool (AEDT) [1]. Noncompliance can incur administrative fines of $2,500 per violation [2]. Furthermore, businesses must develop a publicly accessible AI detection tool that allows users to assess content generated or altered by their GenAI system [2]. This includes ensuring automated API connections, collecting user feedback [2], and prohibiting the collection of certain personal data [2]. AI-generated content must include latent disclosures identifying the provider [2], GenAI version [2], and creation date/time [2], with an option for users to add manifest disclosures [2]. The newly established Office of Artificial Intelligence Policy (OAIP) in Utah will facilitate regulatory mitigation agreements (RMAs) between AI participants and state agencies, focusing on restitution and civil fines while clarifying that AI cannot be used as a defense for statutory offenses [3].
In Colorado [2] [3], comprehensive regulations for High-Risk AI Systems (HRAIS) were enacted, with the law set to take effect on February 1, 2026 [4]. The Colorado Artificial Intelligence Act (CAIA) mandates that developers of HRAIS disclose risks of algorithmic discrimination to deployers and the Colorado Attorney General. Deployers are required to implement a comprehensive AI risk management policy and program that aligns with the National Institute of Standards and Technology’s AI Risk Management Framework (NIST AI RMF) to qualify for a safe harbor provision. They must also conduct annual impact assessments, documenting various aspects of their AI systems [3], including data usage and transparency measures [3], and provide consumer notices about HRAIS usage and decisions made [2]. A high-risk AI system is defined as one that autonomously makes consequential decisions affecting areas such as employment [4], healthcare access [4], and legal services [4]. Noncompliance can result in civil fines ranging from $1,000 to $20,000 per violation.
Conclusion
The expanding regulatory landscape for AI underscores the importance of compliance for businesses utilizing these technologies. By adhering to these legal requirements, organizations can mitigate potential risks, foster trust, and ensure the ethical deployment of AI systems. As states continue to refine their approaches, businesses must remain vigilant and proactive in adapting to these evolving standards.
References
[1] https://www.tcwglobal.com/blog/ai-in-the-workplace-understanding-the-growing-patchwork-of-employment-laws-and-regulations
[2] https://www.jdsupra.com/legalnews/state-ai-laws-continue-to-emerge-8481236/
[3] https://natlawreview.com/article/some-states-step-early-regulate-ai-risk-management
[4] https://www.compliancepoint.com/privacy/ai-regulations-whats-happening-at-the-state-level/
