Skip to main content
AI Standard of Care
  1. AI Liability News & Analysis/

State AI Legislation Tracker: The Bills Reshaping AI Liability in 2025

·8 mins
Regulatory State Legislation Regulation Compliance Colorado AI Act California 2025
Table of Contents

Introduction: The States Lead on AI Regulation
#

While Congress debates, states are acting. In the absence of comprehensive federal AI legislation, state legislatures have become the primary source of AI regulation in the United States. The result is a rapidly evolving patchwork of laws that creates compliance challenges, and liability exposure, for organizations deploying AI.

This tracker covers the most significant state AI legislation of 2025, focusing on laws that create new liability obligations or modify existing legal frameworks. For our comprehensive database, see the US State AI Laws resource.

The Big Picture: 2025 Legislative Trends#

Volume and Velocity
#

The numbers tell the story:

  • 42 states have now enacted AI-specific legislation (up from 23 at the end of 2023)
  • Over 450 AI-related bills introduced in 2025 state legislative sessions
  • 180+ bills enacted across employment, healthcare, insurance, elections, and general AI governance
  • Every state has considered some form of AI legislation

Key Themes
#

Several themes dominate 2025 state AI legislation:

Algorithmic Discrimination: Building on employment discrimination concerns, states are expanding anti-discrimination frameworks to algorithmic decision-making across housing, credit, insurance, and public services.

Transparency and Disclosure: Requirements to disclose AI use are proliferating, with variations in what must be disclosed, to whom, and when.

Impact Assessments: Following the EU AI Act model, states are requiring impact assessments for high-risk AI systems.

Consumer Rights: New rights to contest AI decisions, obtain human review, and access explanations of algorithmic outcomes.

Sector-Specific Rules: Targeted regulation of AI in healthcare, insurance, employment, and criminal justice.

State-by-State Highlights
#

Colorado: The Comprehensive Model
#

Colorado’s AI Act, effective February 2025, remains the most comprehensive state AI law:

Key Requirements:

  • Impact assessments for high-risk AI systems annually and after significant modifications
  • Risk management programs with documented policies and procedures
  • Disclosure to consumers when AI is used in consequential decisions
  • Human oversight requirements for automated decision-making
  • Incident reporting for AI causing harm

Who’s Covered:

  • “Deployers” of high-risk AI systems (businesses using AI)
  • “Developers” of high-risk AI (those who create or substantially modify AI systems)
  • High-risk systems defined by decision domains: employment, education, financial services, healthcare, housing, insurance, legal services, government services

Enforcement:

  • Attorney General exclusive enforcement
  • Civil penalties up to $20,000 per violation
  • No private right of action (yet)

Affirmative Defense:

  • Compliance with recognized AI governance frameworks (NIST AI RMF) provides defense

Liability Implications:

  • Creates statutory duties that may inform standard of care analysis
  • Documentation requirements create litigation discovery risks
  • Impact assessments may be evidence in subsequent litigation

California: Disclosure and Transparency
#

California continues building its AI regulatory framework through multiple laws:

SB 892 - AI-Generated Content Watermarking

  • Requires watermarking of AI-generated video and audio over 30 seconds
  • Creates civil liability for removing watermarks
  • Effective July 2025

AB 1047 - Political AI Disclosure

  • Mandatory disclosure of AI use in political advertising
  • Applies to AI-generated or AI-modified content
  • Criminal penalties for violations in final 60 days before elections

AB 2013 - Training Data Transparency

  • Generative AI providers must disclose training data information
  • Applies to models deployed in California
  • Creates compliance obligations for model documentation

SB 1120 - Government AI Procurement

  • State agencies must assess AI risks before procurement
  • Requires vendor disclosure of AI capabilities and limitations
  • Creates model for private sector procurement practices

California Consumer Privacy Act (CCPA) AI Provisions

  • Regulations implementing AI-specific CCPA requirements now effective
  • Right to opt out of automated decision-making
  • Right to information about logic and outcomes
  • Expanded definition of “profiling”

Illinois: Biometric and Employment Focus
#

Illinois continues its AI leadership through biometric privacy and employment laws:

Biometric Information Privacy Act (BIPA) Expansions

  • Clarified application to AI training on biometric data
  • New guidance on consent requirements for AI systems
  • Continued private right of action with statutory damages

Artificial Intelligence Video Interview Act Updates

  • Expanded notice requirements for AI interview analysis
  • New consent requirements before AI evaluation
  • Data retention limitations
  • Enforcement through Department of Human Rights

SB 2979 - AI in Employment Decisions

  • Comprehensive AI employment regulation
  • Requires bias audits for AI hiring tools
  • Impact assessments before deployment
  • Disclosure to applicants and employees
  • Effective January 2026

Texas: Deepfakes and Healthcare
#

Texas has focused on specific high-risk applications:

Deepfake Legislation

  • Criminal penalties for malicious deepfakes
  • Civil cause of action for deepfake victims
  • Platform liability for knowing distribution
  • Election-specific provisions with enhanced penalties

Healthcare AI

  • Requirements for AI disclosure in clinical settings
  • Standards for AI in insurance utilization review
  • Patient rights to human review of AI decisions
  • Connects to healthcare AI denial litigation

AI in Criminal Justice

  • Disclosure requirements for AI forensic tools
  • Defendants’ rights to information about AI evidence
  • Validation requirements for AI systems

New York: Employment and Financial Services
#

New York City’s Local Law 144 (AI in hiring) continues to influence state action:

State Employment AI Bills

  • Multiple bills pending to extend NYC approach statewide
  • Focus on bias audits and impact assessments
  • Broader definition of “automated employment decision tool”

Financial Services AI

  • Department of Financial Services guidance on AI in insurance
  • Requirements for robo-adviser transparency
  • AI governance expectations for regulated entities

Consumer Protection

  • AI disclosure requirements in consumer transactions
  • Deceptive practices rules extended to AI
  • Attorney General enforcement authority

Other Notable State Developments
#

Connecticut

  • Comprehensive AI accountability bill advancing
  • Focus on government use of AI
  • Impact assessment requirements

Virginia

  • Insurance AI regulation through State Corporation Commission
  • Healthcare AI disclosure requirements
  • Autonomous vehicle legislation updates

Washington

  • AI transparency in state government
  • Healthcare AI standards
  • Consumer data and AI profiling rules

Massachusetts

  • AI in criminal justice reforms
  • Healthcare AI requirements
  • Employment algorithm transparency

New Jersey

  • Comprehensive AI bill in committee
  • Insurance AI regulation
  • Healthcare AI governance requirements

Compliance Strategies
#

Multi-State Operations
#

Organizations operating across states face compliance complexity:

Harmonization Approach:

  • Identify strictest requirements across jurisdictions
  • Implement to highest standard where practical
  • Document jurisdiction-specific variations

Risk-Based Prioritization:

  • Focus on states with largest operations/exposure
  • Prioritize laws with private rights of action
  • Address sector-specific requirements first

Governance Integration:

  • Build AI governance frameworks that satisfy multiple laws
  • Use NIST AI RMF as compliance baseline
  • Document everything for multiple regulatory audiences

Documentation Requirements
#

Multiple state laws require documentation:

  • Impact assessments: Colorado, pending in many states
  • Bias audits: Illinois, NYC, pending elsewhere
  • Training data documentation: California, pending elsewhere
  • Decision logic documentation: Various consumer rights laws

Best Practice: Create unified documentation that satisfies multiple requirements:

  • System description and capabilities
  • Intended use cases and limitations
  • Training data information
  • Testing and validation results
  • Ongoing monitoring procedures
  • Incident response plans

Disclosure Compliance
#

Disclosure requirements vary significantly:

To Consumers/Affected Individuals:

  • When AI is used in decisions affecting them
  • Nature of the AI system and data used
  • How to contest or obtain human review

To Regulators:

  • Incident reports in some jurisdictions
  • Annual compliance reports where required
  • Audit results when mandated

Public Disclosures:

  • Training data transparency (California)
  • AI governance information (various)
  • Content authenticity (watermarking laws)

Liability Implications
#

Statutory Liability
#

State AI laws create new liability exposure:

Direct Violations: Penalties for non-compliance with disclosure, assessment, or governance requirements

Private Rights of Action: Some laws create private enforcement rights with statutory damages

Negligence Per Se: Violation of statutory duties may establish negligence in tort cases

Evidentiary Impact
#

Compliance documentation affects litigation:

Impact Assessments as Evidence: Required assessments may reveal known risks, becoming evidence in subsequent suits

Bias Audits: Results may be discoverable and used against deployers

Incident Reports: Documentation of AI failures creates litigation exposure

Best Practice: Conduct assessments and audits under attorney-client privilege where possible

Insurance Considerations
#

State AI laws affect insurance coverage:

  • Statutory compliance obligations may affect coverage
  • Documentation requirements create claims evidence
  • Some laws may eventually mandate AI insurance
  • Coverage for regulatory investigations varies

Looking Ahead: 2026 Predictions
#

Expected Developments
#

More Comprehensive Laws: States will follow Colorado’s comprehensive approach rather than piecemeal regulation.

Private Rights of Action: Currently rare, private enforcement rights will expand as states assess AG-only enforcement limitations.

Preemption Debates: Federal AI legislation, if passed, will create complex preemption questions with existing state laws.

Interstate Compacts: States may coordinate on AI regulation, as they have in other areas.

Sector Convergence: Healthcare, insurance, and employment AI rules will increasingly align across states.

Preparing for Change
#

Organizations should:

  1. Monitor actively: State AI legislation moves quickly
  2. Engage stakeholders: Participate in regulatory processes
  3. Build flexibility: Governance systems should adapt to changing requirements
  4. Document proactively: Create records that satisfy emerging requirements
  5. Plan for convergence: Expect eventual standardization

Conclusion: The Compliance Imperative
#

State AI legislation is not waiting for federal action. The compliance obligations are real, the enforcement is beginning, and the liability exposure is significant.

Organizations deploying AI must:

  • Know which state laws apply to their operations
  • Implement governance that satisfies multiple jurisdictions
  • Document compliance for regulatory and litigation purposes
  • Prepare for continued regulatory evolution

The states are writing the first draft of American AI law. Those who engage now will shape its development and be prepared for its requirements. Those who wait will face catch-up compliance under enforcement pressure.

For our comprehensive database of state AI laws, see the US State AI Laws resource. For international developments, see EU AI Act Liability and International AI Frameworks.

Related

Three Giants: Comparing AI Regulation in China, the EU, and the United States

·8 mins
Global Perspectives Regulation International Law EU AI Act Comparative Law China
A Global Regulatory Divergence # The United States, European Union, and China are the world’s three dominant AI powers. Together they produce most frontier AI research, deploy most commercial AI systems, and shape most global AI policy. Yet their approaches to AI regulation, and particularly AI liability, are strikingly different.

AI Liability Legal Timeline

·3 mins
Resources Timeline Legal History Regulation
AI Liability Legal Timeline A chronological guide to landmark cases, regulations, and developments shaping the legal landscape for AI liability. Key Developments in AI Liability Law # 2018 Epic Sepsis Model Deployed Epic Systems deploys sepsis prediction algorithm to hundreds of hospitals. Later studies will reveal significant performance gaps between clinical validation and real-world deployment, raising questions about hospital liability for algorithm selection. March 2018 Uber AV Fatality - Tempe, AZ First pedestrian fatality involving a fully autonomous vehicle (Uber ATG). Raises fundamental questions about manufacturer vs. operator liability for autonomous systems. Criminal charges filed against safety driver; civil settlements reached. 2019 FDA De Novo Clearance for IDx-DR First FDA clearance for autonomous AI diagnostic device - diabetic retinopathy screening that operates without physician oversight. Establishes precedent for AI systems that can diagnose without human intermediary. 2020 EEOC Begins AI Hiring Investigations Equal Employment Opportunity Commission begins investigating AI-powered hiring tools for potential discrimination under Title VII. Signals increased regulatory scrutiny of employment algorithms. February 2021 Mobley v. Workday Filed Landmark class action alleging Workday’s AI hiring tools discriminate against Black, disabled, and older applicants. First major federal court test of AI hiring discrimination theories. 2022 Illinois BIPA Settlements Surge Biometric Information Privacy Act litigation accelerates, with Facebook ($650M), Google ($100M), and TikTok ($92M) settlements. Establishes significant liability exposure for facial recognition and biometric AI. June 2023 Mata v. Avianca - AI Hallucination Sanctions New York federal judge sanctions attorneys for submitting ChatGPT-generated brief with fabricated case citations. Becomes defining case for attorney competence obligations when using generative AI. November 2023 California State Bar AI Guidance California becomes first state bar to issue practical guidance on attorney AI use, addressing competence, confidentiality, and verification duties. Sets template for other jurisdictions. January 2024 Florida Ethics Opinion 24-1 Florida Bar issues comprehensive ethics opinion on AI, emphasizing verification requirements and establishing “reasonable attorney” standard for AI tool competence. April 2024 New York State Bar AI Report NYSBA Task Force releases comprehensive report suggesting that refusing to use AI may itself raise competence concerns in some circumstances - a significant shift in the standard of care discussion. July 2024 ABA Formal Opinion 512 American Bar Association issues national guidance on AI in legal practice, establishing baseline ethical obligations applicable across all jurisdictions. August 2024 EU AI Act Enters Force European Union’s comprehensive AI regulation takes effect, with extraterritorial reach affecting US companies. Establishes risk-based framework and mandatory requirements for high-risk AI systems. February 2025 Texas Ethics Opinion 705 Texas State Bar joins states with formal AI ethics guidance, emphasizing practical verification workflows and client disclosure requirements. Emerging Trends # The “Failure to Use AI” Question # Perhaps the most significant emerging question: When does failure to use available AI tools constitute malpractice? The NYSBA’s suggestion that AI refusal may raise competence concerns signals a potential inversion of traditional liability analysis.

California AI Ethics Rules for Attorneys

··6 mins
Legal Ethics California Legal Ethics AI Generative AI Attorney Ethics COPRAC State Bar
California was the first state to approve regulatory guidance for attorney use of generative AI, releasing its “Practical Guidance for the Use of Generative Artificial Intelligence in the Practice of Law” in November 2023. The California State Bar has characterized this guidance as “guiding principles rather than best practices,” reflecting the rapidly evolving nature of AI technology.

Sleep Medicine AI Standard of Care: Sleep Study Analysis, CPAP Monitoring, and Digital Therapeutics

··11 mins
Healthcare Sleep Medicine AI Polysomnography CPAP Monitoring Sleep Apnea Insomnia AI Digital Therapeutics FDA Devices Malpractice Standard of Care AASM Guidelines Consumer Sleep Trackers
AI Awakens Sleep Medicine # Sleep medicine has emerged as a natural frontier for artificial intelligence. The field generates massive amounts of data, a single night’s polysomnography produces hundreds of thousands of data points, and relies on pattern recognition that AI excels at performing. From automated sleep study scoring to AI-powered CPAP monitoring and digital therapeutics for insomnia, artificial intelligence is transforming how sleep disorders are diagnosed, treated, and monitored.