AI Compliance: United States 2026

Sawai Gyoseishoshi Office • 2026
FREE CHAPTER

Chapter 1: Regulatory Overview

1.1 The US Approach: No Single Federal AI Law

The United States does not have a comprehensive federal AI law. AI governance operates through a layered system: executive orders set policy direction, existing federal agencies enforce AI-related obligations under their existing statutory authorities, and states enact their own AI-specific legislation. This creates a complex patchwork that businesses must navigate carefully.

The tension between federal and state approaches is the defining feature of US AI regulation in 2026. The Trump administration has taken an explicitly "pro-innovation" stance, seeking to preempt state AI laws that it considers overly burdensome, while states — particularly Colorado, Illinois, and California — continue to advance their own comprehensive AI governance frameworks.

1.2 Federal Executive Orders

Executive Order: "Ensuring a National Policy Framework for Artificial Intelligence" (December 11, 2025): This order declares it the policy of the United States to achieve "global AI dominance through a minimally burdensome national policy framework." Key provisions include:

National Policy Framework for Artificial Intelligence (March 20, 2026): The White House released legislative recommendations for Congress, calling for:

Executive Order: "Promoting Advanced Artificial Intelligence Innovation and Security" (June 2, 2026): Directs agencies to develop a voluntary framework for securing frontier AI models within 60 days, under which AI developers will provide the federal government access to leading-edge frontier models 30 days before public release.

Current status: Congress has not enacted comprehensive AI legislation. State AI laws remain in effect unless and until Congress acts or legal challenges succeed. The federal preemption debate is ongoing.

1.3 Key Federal Agencies

Federal Trade Commission (FTC): The most active federal enforcement body for AI. Uses Section 5 of the FTC Act (prohibiting unfair or deceptive acts or practices) to police AI-related consumer harms. Has taken enforcement actions against companies making false AI claims, using deceptive AI practices, or engaging in unfair data collection for AI training.

Equal Employment Opportunity Commission (EEOC): Enforces anti-discrimination laws in AI-assisted employment decisions. Has issued guidance clarifying that Title VII of the Civil Rights Act and the Americans with Disabilities Act apply to AI-driven hiring, firing, and promotion tools.

Food and Drug Administration (FDA): Regulates AI as Software as a Medical Device (SaMD). Has authorised over 1,350 AI-enabled medical devices as of early 2026. In January 2026, significantly reduced oversight of certain AI-enabled clinical decision support software and wearables.

National Institute of Standards and Technology (NIST): Develops voluntary AI risk management standards. Published the AI Risk Management Framework (AI RMF 1.0) in January 2023, the Generative AI Profile in July 2024, and a Critical Infrastructure Profile concept note in April 2026. These are voluntary frameworks, not binding regulations.

Securities and Exchange Commission (SEC): Regulates AI in securities markets, including algorithmic trading, robo-advisors, and AI-driven investment recommendations.

Consumer Financial Protection Bureau (CFPB): Oversees AI in consumer lending, credit scoring, and financial services. Enforces the Equal Credit Opportunity Act and Fair Credit Reporting Act as applied to AI-driven credit decisions.

Department of Defense (DoD): Governs military AI applications. The DoD Directive 3000.09 establishes policy on autonomous weapons systems. The Responsible AI Strategy and Implementation Pathway guides defence AI deployment.

1.4 Key Federal Laws Affecting AI

Law AI Relevance
FTC Act, Section 5 Unfair or deceptive AI practices
Title VII, Civil Rights Act 1964 AI-driven employment discrimination (race, colour, religion, sex, national origin)
Americans with Disabilities Act (ADA) AI accessibility and discrimination against disabled persons
Age Discrimination in Employment Act (ADEA) AI-driven age discrimination in employment
Fair Credit Reporting Act (FCRA) AI in credit reporting, background checks, tenant screening
Equal Credit Opportunity Act (ECOA) AI in lending decisions
Health Insurance Portability and Accountability Act (HIPAA) AI processing protected health information
Children's Online Privacy Protection Act (COPPA) AI collecting children's data
TAKE IT DOWN Act (May 2025) Non-consensual intimate AI deepfakes (criminal offence)
Section 230, Communications Decency Act Platform liability for AI-generated content (under legislative challenge)
Copyright Act, 17 U.S.C. AI-generated works, training data copyright

1.5 Timeline of Key Developments

Date Development
January 2023 NIST AI Risk Management Framework (AI RMF 1.0) published
July 2023 NYC Local Law 144 enforcement begins (AI hiring bias audits)
October 2023 Executive Order 14110 on Safe, Secure, and Trustworthy AI (Biden)
January 2025 Executive Order 14110 revoked by Trump administration
May 2025 TAKE IT DOWN Act signed into law (deepfake criminal penalties)
December 2025 Executive Order on National Policy Framework for AI (preemption)
January 2026 FDA reduces AI medical device oversight for low-risk categories
January 2026 DEFIANCE Act passes Senate (civil deepfake remedy)
February 2026 Illinois AI employment law takes effect (HB 3773)
March 2026 White House National Policy Framework legislative recommendations
June 2026 Colorado AI Act originally effective (delayed; repealed and replaced)
June 2026 Executive Order on AI Innovation and Security (frontier model access)
August 2026 California AI Transparency Act (SB 942) effective

Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/

Quick Decision Matrix

Use this matrix to determine your AI compliance obligations.

Your Situation Risk Level Priority Action Go To
Deploying AI that affects employment decisions High Impact assessment required Chapter 3
Using AI for customer-facing services Medium-High Transparency obligations apply Chapter 4
Internal AI tools (analytics, automation) Medium Document and monitor Chapter 5
AI in regulated sector (finance, health) High Sector-specific rules apply Chapter 3
Procuring AI from third-party vendor Medium Vendor due diligence needed Chapter 5
Just exploring AI for the first time Low Start with governance framework Chapter 2

5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.

Continue Reading

Get the complete guide with all chapters, checklists, and regulatory updates.

Get on Amazon Trust Library Edition — $77.7 Try Free Compliance Tool