24/7 Hotline: 2 BECK FIRM 2
(223-253-4762)

AI Governance in the States: May 2026 Update

AI Governance in the States: May 2026 Update

Written By: Victoria Xikis

Artificial intelligence regulation is no longer a future issue for businesses. As of May 2026, states continue to move quickly to regulate AI through a mix of new disclosure rules, consumer protection laws, sector-specific requirements, and broader governance frameworks. In the absence of a single, comprehensive federal AI statute, businesses are facing a fast-evolving patchwork of obligations that can affect how AI tools are developed, marketed, deployed, and monitored across jurisdictions.

That broader picture is important for business owners. State lawmakers are not all moving in the same direction, but several common themes are emerging: transparency for AI-generated content, notice and disclosure obligations, protections against algorithmic discrimination, guardrails for high risk uses, and growing attention to AI in employment, healthcare, consumer interactions, and digital identity. The result is a compliance environment that is becoming more actionable and operational, even where the laws themselves vary in scope. Recent state activity also suggests that legislators are trying to balance consumer protection and innovation rather than prohibit AI outright.

Where Things Stand Today

A) Newly Signed Laws

  • New York RAISE Act – A newly signed law focused on governance, transparency, and risk management for certain advanced AI systems, especially where large-model safety and oversight are at issue. For businesses, it signals stronger expectations around documentation, internal controls, accountability, and how organizations respond when AI-related concerns are raised in good faith, including through anti-retaliation-style safeguards that may affect employer-employee dynamics. It also reflects a broader state trend, as California’s similar Transparency in Frontier Artificial Intelligence Act (TFAIA) is already in effect. Effective date: January 1, 2027.
  • Texas Responsible Artificial Intelligence Governance Act (HB 149) – Establishes a broad state AI framework that goes beyond traditional business compliance. Rather than focusing only on internal governance obligations, the act casts a wider umbrella across prohibited harmful uses, protections for individuals and children, enforcement mechanisms, and training and educational outreach related to AI use and oversight. For businesses, the takeaway is that Texas is approaching AI regulation through a mixed model of governance, public protection, and accountability rather than a narrow compliance-only regime. Effective date: January 1, 2026.
  • Utah Artificial Intelligence Policy Act – Requires clear disclosure in certain consumer-facing AI interactions and is one of the most business-relevant examples of a state law focused on practical AI notice obligations. This law underscores that businesses using AI to interact with consumers Effective date: already in effect.

B)  Updates on Pending Legislation

  • New York Assembly Bill A3411B – Would require generative AI systems to provide notice that outputs may be inaccurate. The bill is aimed at improving consumer awareness and reducing overreliance on AI-generated content. Effective date: if signed, it would take effect 19 days after becoming law.
  • Connecticut SB 5 (AIRT Act) – Recently passed as a broader AI and online safety framework, SB 5 includes notable AI companion provisions. Effective January 1, 2027, certain chatbot or companion-style systems face limits designed to prevent human-like dependency and unsafe interactions, including restrictions on relationship-building with users, clear notice requirements that the system is not human, and additional safeguards around sensitive-risk conversations. The law also restricts operation of certain AI companions for users under 18 unless the operator has implemented measures aligned with industry standards. For businesses, this highlights a growing state focus on consumer-facing AI interactions, youth safety, and guardrails for systems designed to simulate ongoing personal engagement. Effective date: provisions of the bill will be enacted on July 1, 2026, Oct 1, 2026, and Jan 1, 2027.
  • Colorado SB 26-189
  • California AB 412 – Would require certain developers of generative AI models to document and disclose covered training materials at a high level. For businesses, the significance is increased transparency expectations around how some AI systems are trained and what information is available to users or requesters. Effective date: pending; no final effective date unless enacted.
  • California SB 1000 – Would require certain AI-generated or AI-modified content to include disclosure or detection-related measures. This pending legislation continues the trend toward transparency obligations for synthetic media and consumer-facing content. Effective date: pending; no final effective date unless enacted.

C) Laws Going Into Effect

  • Colorado SB 24-205 – Colorado’s high-risk AI law focuses on algorithmic discrimination, risk management, impact assessments, and consumer disclosures in consequential decisions. At a high level, it remains one of the most closely watched state AI laws for businesses, even as its implementation has been delayed and challenged. Effective date: currently scheduled for June 30, 2026, though enforcement status remains in flux.

Trends and Observations

From our perspective, the clearest trend is that AI legislation is maturing from headline-driven concern into business regulation with real operational consequences. Early laws often focused on symbolic or highly visible issues, but the current wave is more practical. Legislatures are increasingly concerned with how AI is actually used in commerce, whether consumers understand when AI is involved, whether businesses can explain important AI-assisted outcomes, and whether organizations have a governance structure in place to identify and reduce foreseeable risk.

We also expect the patchwork problem to continue. Some states are pursuing broad, cross-sector rules, while others are targeting narrow use cases such as employment, healthcare, digital identity, pricing, or chatbot disclosures. For businesses, that means a one-size-fits-all legal strategy is becoming harder to maintain. Companies that operate across states should expect to build AI governance programs that can adapt to overlapping but not identical obligations. The businesses best positioned for this environment will be the ones that treat AI compliance as a governance issue rather than a one-time legal checklist.

Overview of Federal AI Legislation

At the federal level, the United States does not have a single comprehensive AI law that governs private sector use across industries. Instead, the federal picture remains a mix of executive action, agency guidance, sector-specific enforcement, and narrow legislation. This has left room for states to move aggressively, but it has also created uncertainty about whether the federal government will eventually try to create a national baseline or challenge some state requirements as inconsistent with federal policy.

For businesses, the key federal takeaway is not to wait for Congress to act before taking steps towards AI compliance. Even if a broader federal framework eventually emerges, state laws are already shaping the concrete rules of the road. Companies should also watch for continued federal attention on issues such as AI safety, consumer deception, cybersecurity, digital replicas, and online harms. In the near term, the most realistic compliance posture is to assume that state obligations will continue to matter, even as broader federal policy develops.

What This Means for Businesses

Businesses should view this moment as a call to strengthen AI governance now, before additional laws take effect. At a minimum, organizations should understand where AI is already being used across the business, which tools are customer-facing, which systems influence important decisions, what disclosures are currently provided, and whether contracts with vendors address compliance, transparency, and accountability. Companies should also be prepared to document internal decision making around AI use, especially where tools may affect consumers, employees, applicants, or other individuals in ways that create legal or reputational risk.

For many businesses, the practical response will include updating policies, improving notices and consumer-facing disclosures, building review procedures for high-risk AI uses, and aligning governance efforts with recognized risk management frameworks. The precise legal requirements will differ by state and industry, but the broader expectation is becoming clear: businesses that deploy AI should be able to explain what it does, where it is used, what risks it creates, and how those risks are being managed. That is quickly becoming the baseline for responsible AI use in the United States.

Conclusion

AI legislation is moving quickly, but the overall trend is becoming easier to see. States are not waiting for a comprehensive federal law before acting, and the laws they are passing are becoming more focused on real world business practices rather than abstract policy concerns. For business owners, that means AI governance, disclosure, and risk management should now be part of regular legal and operational planning. Organizations that take a proactive approach will be better positioned to respond as this regulatory environment continues to expand.

Recent Posts
Articles / Blogs

Governance in Buffalo, NY | Compliance

RegulationAIGovernanceCompliance ∴ Buffalo, NY

24/7 Hotline
2 BECK FIRM 2 (223-253-4762)
IR@THEBECKAGEFIRM.COM
Attorney Advertising:

Prior results do not guarantee future outcomes

Sign Up For Our Newsletter
*By submitting your email, you are agreeing to our privacy policy and terms of use

Buffalo, NY