The regulatory landscape remains fragmented. Congress has not enacted a federal AI or privacy statute, leaving the White House to push for a national framework that would preempt state-level rules. The specific compliance obligations under newer state AI laws—particularly around training-data transparency, algorithmic discrimination, and human review requirements—continue to evolve as regulators and legislators refine their approach.
Companies deploying AI must now navigate overlapping privacy, civil-rights, and AI-specific obligations across multiple jurisdictions. Practical compliance now requires data inventories, algorithmic risk assessments, vendor controls, updated privacy policies, and internal AI governance structures. Organizations that have not yet mapped their AI use against state privacy and AI statutes face growing enforcement and litigation risk as state attorneys general and private litigants increasingly target algorithmic systems for discrimination and transparency violations.