
If the EU has produced the most demanding AI regulation in the world, the United States has produced the most contested. The picture in 2026 is not just complex; it is actively unstable. What is federal law today may be preempted state law tomorrow. What is state law today may be invalidated in court next month. What appears to be a settled position is often the current stage in an ongoing political and legal argument.
This article maps the US position as of mid-2026. It is going to be more provisional than the EU chapter, because the underlying picture is more provisional. I will call out where things are settled and where they are moving.
The federal reset
The story starts in October 2023, when the Biden administration issued Executive Order 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” The order directed federal agencies to develop AI safety standards, imposed reporting obligations on developers of frontier models, and set out a broad range of workforce, immigration, and consumer protection initiatives. For its 14 months in force, EO 14110 was the closest thing the US had to a horizontal AI policy.
In January 2025, EO 14110 was rescinded. In December 2025, the Trump administration issued Executive Order 14365, “Ensuring a National Policy Framework for Artificial Intelligence.” This is the current federal executive framework.
EO 14365 has three main components that matter for practitioners.
The first is the AI Litigation Task Force, established within the Department of Justice and operational from 10 January 2026. The Task Force is charged with challenging state AI laws that the administration considers to unconstitutionally regulate interstate commerce, conflict with federal law, or otherwise impose “undue burdens” on AI innovation.
The second is conditioning of federal funding. The order directs the Department of Commerce to condition $42 billion in Broadband Equity, Access and Deployment (BEAD) program funding on states’ AI regulatory posture. Discretionary federal grants may be similarly conditioned. This is federalism through fiscal leverage.
The third is directed agency action. The order directed the FTC to issue a policy statement (due March 2026) on how the FTC Act may apply to AI systems, with particular attention to state-mandated bias mitigation practices. It directed federal agencies to review state and federal laws that restrict AI growth.
Following EO 14365, the administration released the National Policy Framework for Artificial Intelligence on 20 March 2026. This is a legislative recommendation, not a binding instrument. It is a four-page blueprint calling on Congress to enact federal AI legislation across seven pillars: child protection, community safeguards, IP, censorship and free speech, innovation, workforce development, and preemption of state AI laws.
The Framework carves out three specific categories from the preemption it seeks: traditional state police powers (child protection, fraud prevention, consumer protection through generally applicable laws), state zoning authority over data centre siting, and state authority over the state government’s own use of AI in procurement and public services.
The Framework opposes creating a new federal AI regulator. It endorses sector-specific oversight through existing agencies, complemented by industry-led standards.
The proposed federal legislation
The most prominent federal legislative proposal is the TRUMP AMERICA AI Act, introduced by Senator Marsha Blackburn in December 2025 and updated in March 2026 to a 291-page draft. The bill’s formal name is The Republic Unifying Meritocratic Performance Advancing Machine Intelligence by Eliminating Regulatory Interstate Chaos Across American Industry Act.
The bill would codify elements of EO 14365, preempt state laws in specific categories (particularly frontier model management of catastrophic risk and digital replicas), impose a duty of care on developers, require regular bias audits for high-risk AI systems (with political affiliation added to the list of protected characteristics), modify Section 230 immunity through a “Bad Samaritan” provision, and mandate protections for minors.
Democratic opposition has coalesced around the GUARDRAILS Act, introduced 20 March 2026 by Representative Beyer and colleagues. It would repeal EO 14365 and block moves to preempt state AI regulation. Senator Schatz is expected to introduce a companion bill.
Neither the TRUMP AMERICA AI Act nor the GUARDRAILS Act has passed as of mid-2026. Neither is close to passing without significant coalition-building. The federal legislative picture is contested and unlikely to resolve quickly.
Figure 1: The federal architecture

Figure 1 shows the current federal architecture. The executive layer is populated with EO 14365, the National Policy Framework, and the AI Litigation Task Force. The legislative layer contains proposed but unenacted bills on both sides of the preemption debate. The regulatory layer contains sector-specific action by existing agencies (FTC, FDA, EEOC, CFPB, HHS, SEC) applying existing law to AI. What the figure makes clear is that no single instrument dominates. Practitioners have to look at all three layers to understand what applies.
Sector-specific federal action
While federal horizontal AI legislation is stalled, federal agencies have been active applying existing law to AI in their sectors.
The Federal Trade Commission has continued to bring enforcement actions against AI-related unfair or deceptive practices under Section 5 of the FTC Act. Rytr, Everalbum, and Amazon’s Ring have all featured in prior actions; the enforcement pattern continues. The FTC’s directed March 2026 policy statement, mandated by EO 14365, addressed how the FTC Act applies to AI and specifically addressed state-mandated bias mitigation as a potential deceptive practice.
The Equal Employment Opportunity Commission has issued guidance on AI in hiring and continues to bring enforcement actions where AI systems produce discriminatory outcomes.
The Consumer Financial Protection Bureau has issued guidance and enforcement actions on AI in consumer lending, particularly on adverse action notices under the Equal Credit Opportunity Act.
The Food and Drug Administration has continued to update its framework for AI/ML-enabled medical devices, including the “predetermined change control plan” model for adaptive algorithms.
The Securities and Exchange Commission has brought “AI washing” enforcement actions against investment advisers who misrepresent AI capabilities in marketing.
The Department of Health and Human Services has issued regulations under Section 1557 of the Affordable Care Act addressing algorithmic discrimination in patient care decision support tools.
NIST continues to maintain the AI Risk Management Framework (AI RMF 1.0, published January 2023) and the accompanying playbook and resources. The AI RMF is voluntary but has become the de facto US federal reference framework. Article 10 of this track goes deep on the AI RMF.
None of this sectoral activity has been rescinded. The federal AI regulatory environment, taken as a whole, is more active than the horizontal picture suggests. Practitioners need to look sector by sector.
The state-level picture
If the federal picture is contested, the state picture is proliferating.
Colorado passed the Colorado Artificial Intelligence Act in 2024, the first comprehensive US state AI law. It was originally scheduled to take effect 1 February 2026 but has been delayed to 30 June 2026. The Act imposes duty-of-care obligations on developers and deployers of “high-risk” AI systems that make or influence consequential decisions in employment, education, financial services, healthcare, housing, and other listed domains. Deployers must complete impact assessments, notify consumers, and take reasonable care to avoid algorithmic discrimination. Enforcement is by the Colorado Attorney General.
California has taken a fragmented approach. SB 53, the Transparency in Frontier Artificial Intelligence Act (2025), imposes safety framework, testing, and transparency obligations on developers of large frontier models. SB 942, the California AI Transparency Act (2024), imposes disclosure obligations on generative AI providers. AB 2013 requires disclosure of training data used in generative AI systems made available to Californians. Additional bills on employment, healthcare, and consumer protection have moved through the legislature at different rates.
New York has passed and continues to advance AI-related legislation. Local Law 144 (2023) imposed bias audit and disclosure obligations on employers using automated employment decision tools. The RAISE Act, currently under consideration, would impose frontier model safety obligations similar to California’s SB 53.
Utah’s Artificial Intelligence Policy Act was passed in 2024 and amended in 2025 to narrow its scope, establish safe harbor protections, and extend its duration. It focuses on generative AI transparency and mental health chatbots.
Texas passed the Texas Responsible AI Governance Act in 2025, focusing on AI use by state government and imposing certain requirements on private-sector high-risk systems.
Illinois has amended the Illinois Human Rights Act to explicitly address AI-driven discrimination and continues to enforce the Biometric Information Privacy Act (BIPA) against AI systems that process biometric data.
Tennessee’s ELVIS Act (2024) protects individual voices and likenesses from unauthorised AI-generated impersonation.
Several other states have passed narrower AI legislation focused on election deepfakes, sexual imagery, or specific sectors.
The result is a patchwork. Depending on where an AI system is deployed, what it does, and who it affects, an organisation may face obligations from Colorado, California, New York, Texas, and Utah simultaneously, in addition to federal sector-specific obligations and, where extraterritoriality reaches, the EU AI Act.
The preemption question
The preemption question is the central legal argument in US AI regulation right now.
The Trump administration’s position, expressed through EO 14365 and the National Policy Framework, is that state AI laws that impose “undue burdens” on interstate commerce should be preempted by federal law, and that the AI Litigation Task Force will challenge state laws on constitutional grounds (particularly Dormant Commerce Clause and federal preemption doctrines) even before federal legislation is enacted.
The counter-position, expressed by state attorneys general, Democratic legislators, and consumer advocates, is that traditional state authority to protect consumers, employees, and residents extends fully to AI, that federal preemption without federal substantive standards leaves individuals with no protection, and that the “undue burdens” formulation is legally weak.
The courts will decide much of this. Cases challenging state AI laws are expected in 2026 and 2027. Colorado has stated it will defend its Act if challenged. California’s authors of SB 53 have made similar statements.
For practitioners, this uncertainty is uncomfortable but manageable. The pragmatic approach is to comply with the state laws that apply to your operations today, plan for their potential invalidation without depending on it, and build governance programs robust to either outcome. This is unsatisfying advice. It is the honest advice.
The insurance and litigation picture
Two developments outside the primary regulatory picture are worth flagging because they shape the practical risk landscape.
Major insurance carriers began excluding AI liability from corporate policies during 2025 and early 2026. This affects both errors and omissions coverage for AI-driven decisions and cyber coverage for AI-related incidents. The result is that AI risk is increasingly uninsured or self-insured for many enterprises. This is producing internal pressure for governance rigour that regulation alone would not produce.
Litigation trends are moving. Class actions alleging algorithmic discrimination in employment, lending, and housing are working through the courts. Consumer litigation over generative AI misrepresentation continues. Copyright litigation over training data (the New York Times v. OpenAI matter, and related cases) is producing decisions that will shape licensing practices for years. Directors’ and officers’ fiduciary duty questions around AI adoption and governance are being tested in shareholder derivative actions.
The regulatory picture and the litigation picture are converging on similar practical outcomes. Even where regulation is absent, litigation risk is producing pressure toward the same governance disciplines.
Figure 2: The state patchwork

Figure 2 maps the state AI regulatory landscape as of mid-2026. States are grouped by regulatory approach: comprehensive (Colorado), fragmented sector-by-sector (California), employment-focused (New York, Illinois), transparency-focused (Utah, California), sector-focused (Texas), and reactive or minimal (most others). The map is a snapshot. It will look different by mid-2027, particularly if preemption challenges succeed or federal legislation passes.
What a practitioner should do now
Three practical moves.
Map your US regulatory footprint state by state. For each state where you operate or where your AI outputs affect residents, identify the specific state laws that apply, their current effective dates, and their obligations. Do not rely on federal preemption to make state laws go away in the timeline that matters for your compliance program.
Focus on the sectoral picture. The FTC, EEOC, CFPB, FDA, SEC, and HHS positions are more consequential for most enterprises than the horizontal legislative debate. Existing sector-specific obligations are enforceable now. Prioritise them.
Build to the higher standard. Where you operate in multiple US states and internationally, build to the highest applicable standard. In practice, this means aligning with the EU AI Act’s risk-based structure and with NIST AI RMF’s control structure. The result is a governance program that adapts to whatever the US federal picture eventually looks like, while satisfying current state and international obligations.
The next article focuses on Australia, where the picture is very different again, and where the two supervisory letters of April and May 2026 have made 2026 the most consequential year for AI governance in the Australian financial services sector to date.