Comprehensive Schemes
Comprehensive Approaches to AI Regulation
The United States does not have a comprehensive scheme of AI regulation. While the version of the “Big Beautiful Bill” passed by the House of Representatives would have imposed a ten-year moratorium on state AI regulation, the moratorium was not included in the adopted version of the bill. In the gap created by the absence of comprehensive federal regulation, most state regulations target specific policy areas. However, following Colorado’s lead, states have begun to consider statewide, comprehensive schemes.
The paragraphs below introduce the Colorado approach and the most influential international comprehensive scheme, the EU AI Act. Both regulate AI systems based on the level of risk such systems pose.
Colorado’s Approach
The Colorado Artificial Intelligence Act (CAIA), which will become effective June 30, 2026, establishes a comprehensive, a risk-based framework that focuses on “high-risk artificial intelligence systems”—defined as any AI system that makes or is a substantial factor in making “consequential decisions” with material legal or similar effects in areas such as employment, healthcare, insurance, housing, financial services, and education. The Act creates a general duty of reasonable care for both developers and deployers of high-risk systems to protect consumers from “algorithmic discrimination,” defined as unlawful differential treatment or impact based on protected characteristics such as race, gender, age, or disability. Developers must provide detailed documentation to deployers describing reasonably foreseeable uses, known limitations, and risks of algorithmic discrimination, while deployers must implement risk management policies, conduct annual impact assessments, notify consumers before AI makes consequential decisions, provide opportunities to correct inaccurate data, and allow appeals with human review when technically feasible. Deployers must report algorithmic discrimination to the Colorado Attorney General within 90 days of discovery, though small deployers with fewer than 50 employees who do not train AI with their own data are exempt from many requirements, and violations are enforced exclusively by the Attorney General with penalties up to $20,000 per violation.
European Union’s Approach
The European Union AI Act (Regulation (EU) 2024/1689) establishes a risk-based regulatory system applying across all 27 EU member states. The Act categorizes AI systems into four risk levels: (a) unacceptable risk (prohibited practices including social scoring, real-time biometric identification in public spaces, and cognitive behavioral manipulation), (b) high-risk systems (subject to strict requirements including registration in an EU database, impact assessments, human oversight, and transparency obligations), (c) limited-risk systems (requiring disclosure that users are interacting with AI), and (d) minimal or no risk (largely unregulated).
High-risk AI systems—including those used in critical infrastructure, education, employment, law enforcement, and as safety components of regulated products—must meet stringent requirements on data governance, technical documentation, recordkeeping, transparency, and cybersecurity before being placed on the market and throughout their lifecycle. The Act also establishes dedicated rules for general-purpose AI models, with high-impact models presenting systemic risks subject to additional requirements including model evaluations, adversarial testing, and incident reporting, and imposes substantial penalties for non-compliance of up to EUR 35 million or 7% of worldwide annual turnover, whichever is higher.
The effectiveness of the Act phases in over time, with full effectiveness coming into place on August 2, 2027.
| State | Statute | Link | Effective Date |
| California | AI Definition Bill | AB 2885 | 1/1/25 |
| California | Artificial Intelligence Training Data Transparency Act | AB 2013 | 1/1/26 |
| California | California AI Transparency Act | Cal. Gov. Code § Section 22757.1; SB 942 | 1/1/26 |
| Colorado | Colorado AI Act | 2/1/26 | |
| EU | EU AI Act | https://artificialintelligenceact.eu/ai-act-explorer/ | Staggered |
| EU | EU AI Act Summary | https://artificialintelligenceact.eu/high-level-summary/ | |
| Texas | Texas Responsible Artificial Intelligence Governance Act (TRAIGA) | HB 149 | 1/1/26 |
| Utah | Utah Artificial Intelligence Policy Act | SB 149; Utah Code § 13-72-301 et seq. | 5/1/24 |