Chapter 1: Regulatory Overview
1.1 The US Approach: No Single Federal AI Law
The United States does not have a comprehensive federal AI law. AI governance operates through a layered system: executive orders set policy direction, existing federal agencies enforce AI-related obligations under their existing statutory authorities, and states enact their own AI-specific legislation. This creates a complex patchwork that businesses must navigate carefully.
The tension between federal and state approaches is the defining feature of US AI regulation in 2026. The Trump administration has taken an explicitly "pro-innovation" stance, seeking to preempt state AI laws that it considers overly burdensome, while states — particularly Colorado, Illinois, and California — continue to advance their own comprehensive AI governance frameworks.
1.2 Federal Executive Orders
Executive Order: "Ensuring a National Policy Framework for Artificial Intelligence" (December 11, 2025): This order declares it the policy of the United States to achieve "global AI dominance through a minimally burdensome national policy framework." Key provisions include:
- Establishment of an AI Litigation Task Force within the Department of Justice (effective January 10, 2026), responsible for challenging state AI laws in federal court on grounds that they unconstitutionally burden interstate commerce or are preempted by federal regulations
- Direction to the FTC Chairman to identify circumstances where state laws requiring "alterations to the truthful outputs of AI models" are preempted by the FTC Act
- Support for broad federal preemption of state AI laws that impose undue burdens on AI development
National Policy Framework for Artificial Intelligence (March 20, 2026): The White House released legislative recommendations for Congress, calling for:
- Federal preemption of state AI laws that impose undue burdens, while preserving states' traditional police powers to protect children, prevent fraud, and safeguard consumers
- Precluding states from regulating AI model development or imposing liability on AI developers for unlawful conduct by third parties using their systems
- A unified federal approach to AI governance
Executive Order: "Promoting Advanced Artificial Intelligence Innovation and Security" (June 2, 2026): Directs agencies to develop a voluntary framework for securing frontier AI models within 60 days, under which AI developers will provide the federal government access to leading-edge frontier models 30 days before public release.
Current status: Congress has not enacted comprehensive AI legislation. State AI laws remain in effect unless and until Congress acts or legal challenges succeed. The federal preemption debate is ongoing.
1.3 Key Federal Agencies
Federal Trade Commission (FTC): The most active federal enforcement body for AI. Uses Section 5 of the FTC Act (prohibiting unfair or deceptive acts or practices) to police AI-related consumer harms. Has taken enforcement actions against companies making false AI claims, using deceptive AI practices, or engaging in unfair data collection for AI training.
Equal Employment Opportunity Commission (EEOC): Enforces anti-discrimination laws in AI-assisted employment decisions. Has issued guidance clarifying that Title VII of the Civil Rights Act and the Americans with Disabilities Act apply to AI-driven hiring, firing, and promotion tools.
Food and Drug Administration (FDA): Regulates AI as Software as a Medical Device (SaMD). Has authorised over 1,350 AI-enabled medical devices as of early 2026. In January 2026, significantly reduced oversight of certain AI-enabled clinical decision support software and wearables.
National Institute of Standards and Technology (NIST): Develops voluntary AI risk management standards. Published the AI Risk Management Framework (AI RMF 1.0) in January 2023, the Generative AI Profile in July 2024, and a Critical Infrastructure Profile concept note in April 2026. These are voluntary frameworks, not binding regulations.
Securities and Exchange Commission (SEC): Regulates AI in securities markets, including algorithmic trading, robo-advisors, and AI-driven investment recommendations.
Consumer Financial Protection Bureau (CFPB): Oversees AI in consumer lending, credit scoring, and financial services. Enforces the Equal Credit Opportunity Act and Fair Credit Reporting Act as applied to AI-driven credit decisions.
Department of Defense (DoD): Governs military AI applications. The DoD Directive 3000.09 establishes policy on autonomous weapons systems. The Responsible AI Strategy and Implementation Pathway guides defence AI deployment.
1.4 Key Federal Laws Affecting AI
| Law | AI Relevance |
|---|---|
| FTC Act, Section 5 | Unfair or deceptive AI practices |
| Title VII, Civil Rights Act 1964 | AI-driven employment discrimination (race, colour, religion, sex, national origin) |
| Americans with Disabilities Act (ADA) | AI accessibility and discrimination against disabled persons |
| Age Discrimination in Employment Act (ADEA) | AI-driven age discrimination in employment |
| Fair Credit Reporting Act (FCRA) | AI in credit reporting, background checks, tenant screening |
| Equal Credit Opportunity Act (ECOA) | AI in lending decisions |
| Health Insurance Portability and Accountability Act (HIPAA) | AI processing protected health information |
| Children's Online Privacy Protection Act (COPPA) | AI collecting children's data |
| TAKE IT DOWN Act (May 2025) | Non-consensual intimate AI deepfakes (criminal offence) |
| Section 230, Communications Decency Act | Platform liability for AI-generated content (under legislative challenge) |
| Copyright Act, 17 U.S.C. | AI-generated works, training data copyright |
1.5 Timeline of Key Developments
| Date | Development |
|---|---|
| January 2023 | NIST AI Risk Management Framework (AI RMF 1.0) published |
| July 2023 | NYC Local Law 144 enforcement begins (AI hiring bias audits) |
| October 2023 | Executive Order 14110 on Safe, Secure, and Trustworthy AI (Biden) |
| January 2025 | Executive Order 14110 revoked by Trump administration |
| May 2025 | TAKE IT DOWN Act signed into law (deepfake criminal penalties) |
| December 2025 | Executive Order on National Policy Framework for AI (preemption) |
| January 2026 | FDA reduces AI medical device oversight for low-risk categories |
| January 2026 | DEFIANCE Act passes Senate (civil deepfake remedy) |
| February 2026 | Illinois AI employment law takes effect (HB 3773) |
| March 2026 | White House National Policy Framework legislative recommendations |
| June 2026 | Colorado AI Act originally effective (delayed; repealed and replaced) |
| June 2026 | Executive Order on AI Innovation and Security (frontier model access) |
| August 2026 | California AI Transparency Act (SB 942) effective |
Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/
Quick Decision Matrix
Use this matrix to determine your AI compliance obligations.
| Your Situation | Risk Level | Priority Action | Go To |
|---|---|---|---|
| Deploying AI that affects employment decisions | High | Impact assessment required | Chapter 3 |
| Using AI for customer-facing services | Medium-High | Transparency obligations apply | Chapter 4 |
| Internal AI tools (analytics, automation) | Medium | Document and monitor | Chapter 5 |
| AI in regulated sector (finance, health) | High | Sector-specific rules apply | Chapter 3 |
| Procuring AI from third-party vendor | Medium | Vendor due diligence needed | Chapter 5 |
| Just exploring AI for the first time | Low | Start with governance framework | Chapter 2 |
5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.