In the absence of comprehensive federal artificial intelligence (AI) legislation, individual states stepped into the regulatory spotlight in 2024, crafting a patchwork of laws that are shaping the artificial intelligence landscape. Utah, Colorado and California have emerged as pioneers, enacting distinct approaches to govern the development and deployment of AI systems. These state laws are not mere stopgaps; they’re setting precedents that will likely inform the trajectory of AI regulation nationwide in 2025 and beyond.

In this advisory, “AI developers” refers to those creating AI tools and systems and “AI deployers” refers to those implementing AI tools and systems. However, the specific definitions of these terms may vary across the different laws described below.

State Law Overview

1. Utah Artificial Intelligence Policy Act (UAIP)

• Effective Date: May 1, 2024
• Primary Focus: Transparency in generative AI use and consumer protection
• Scope: Entities using generative AI with customers in Utah
• Main Requirements:
  • Sets forth disclosure requirements:
    • Regulated occupations must “prominently” disclose generative AI use at the beginning of customer interactions
    • Other entities must “clearly and conspicuously” disclose AI use if asked by a consumer
  • Prohibits using generative AI as a defense against consumer protection violations
  • Creates an Office of Artificial Intelligence Policy and an AI Learning Laboratory Program; Learning Lab participants may enter into a “regulatory mitigation agreement” with the Office to receive 24 months of regulatory reprieve as they develop and test innovative AI technology

2. Colorado Artificial Intelligence Act (CAIA)

• Effective Date: February 1, 2026
• Primary Focus: Regulation of high-risk AI systems and algorithmic discrimination
• Scope: Developers and deployers of high-risk AI systems in Colorado
• Main Requirements:
  • Focuses on “high-risk” AI systems making “consequential decisions” in areas like education, employment and healthcare
  • Obligations for developers:
    • Provide detailed documentation to deployers
    • Disclose high-risk AI systems on website
    • Inform Attorney General of algorithmic discrimination within 90 days
  • Obligations for deployers:
    • Notify consumers of high-risk AI use before decisions are made
    • Provide reasons for adverse decisions and allow appeals
    • Conduct impact assessments and annual reviews
    • Establish risk management policies
  • Note that this law may be amended prior to its effective date, as Governor Polis expressed concerns about the law’s potential effect of stifling innovation at the time of signing

3. California AI Transparency Act

• Effective Date: January 1, 2026
• Primary Focus: Transparency and detection of AI-generated content
• Scope: Generative AI providers with over 1 million monthly users in California
• Main Requirements:
  • Provide free AI detection tools for image, video or audio content
  • Offer option for “manifest” disclosure on AI-generated content
  • Include “latent” disclosure in metadata of AI-generated content
  • Ensure licensees maintain disclosure capabilities

 4. California AB 2013

• Effective Date: January 1, 2026
• Primary Focus: Transparency in AI training data
• Scope: Developers of generative AI systems available to Californians
• Main Requirements:
  • Disclosure of training dataset information on developer’s website, including:
    • Data sources and owners
    • Number and types of data points
    • Copyright status of data
    • Whether datasets include personal information
    • Data collection time periods
    • Use of synthetic data generation

Emerging Trends in AI Governance

This recent wave of AI regulations enacted in 2024 showcases several key trends, including a growing emphasis on transparency, risk-based frameworks and consumer protection. These trends are shaping the regulatory landscape for AI development and deployment, presenting both challenges and opportunities for businesses operating in this space.

1. Emphasis on Transparency: All three states prioritize disclosure and transparency, whether by focusing on customer interactions (as in Utah), comprehensive documentation requirements (as in Colorado), or mandates for content labeling and dataset disclosures (as in California). To stay ahead of the curve, AI developers and deployers should implement clear, user-friendly disclosures about AI use to customers, particularly for generative AI interactions.
2. Risk-Based Approaches: Colorado’s law, in particular, demonstrates a shift towards risk-based regulation, focusing more stringent requirements on “high-risk” AI systems. This approach aligns with international trends, such as the EU AI Act. When possible, AI developers should recognize their AI systems’ risk level early in the design process and integrate appropriate risk management functionality into the tool. Developers and deployers should also monitor for risks on an ongoing basis and take commensurate risk management measures upon identifying new risks.
3. Emphasis on Consumer Protection: The laws of Utah, Colorado and California all prioritize consumer protection in their AI regulations. This trend reflects a growing concern about the potential negative impacts of AI on individuals, such as algorithmic discrimination and privacy violations. AI developers and deployers should ensure that their systems are designed and implemented in a way that intentionally protects consumer rights and interests.
4. Regulatory Fragmentation: As more states implement distinct AI regulations, companies will face the challenge of complying with a growing patchwork of laws. The variations in requirements between states, such as disclosure obligations and risk assessments, could complicate operations for developers and deployers working across multiple regions. To stay ahead of the curve, AI stakeholders should invest in adaptable compliance frameworks that can be tailored to meet the varying legal standards of different states, ensuring seamless compliance while maintaining operational efficiency.

As states take the lead in crafting AI regulations, businesses must adapt to a rapidly evolving regulatory landscape. Emerging laws that emphasize transparency, consumer protection and risk management are shaping the future direction of AI governance. By proactively anticipating and addressing these trends in 2025, AI developers and deployers can establish themselves as industry leaders, driving responsible innovation while gaining a competitive edge.