US federal/state AI regulatory signals, preemption, SECURE Data Act
Key Questions
What new AI regulations did Colorado enact recently?
Colorado passed SB 26-189, a notice-based regime for consequential AI decisions affecting employees and applicants, and HB26-1263 requiring chatbot disclosures, banning romantic interactions with minors, and mandating suicide-prevention resources effective January 2027.
What is the SECURE Data Act and why is it facing criticism?
H.R. 8413, the SECURE Data Act, proposes federal privacy and data security rules but has drawn criticism from groups like EPIC and EFF over its scope and preemption effects on state laws.
How is the Trump administration changing federal AI policy?
Trump issued an executive order on voluntary pre-release AI review, marking a policy shift, amid internal White House debates between figures like David Sacks and national security advisors, with potential preemption of state AI health care rules under EO 14365.
What guidance has been issued on agentic AI security?
CISA released guidance outlining five risk categories for agentic AI, and Five Eyes partners issued joint recommendations to address security challenges in autonomous AI systems.
Which states are regulating data centers and AI infrastructure?
Multiple states including Pennsylvania, Tennessee, New Jersey, Texas, Illinois, and others are advancing rules requiring data centers to fund infrastructure upgrades, with some prohibiting cost-shifting to ratepayers and imposing new permitting or auditing requirements.
Colorado enacts narrower AI law (SB 26-189): notice-based regime for consequential decisions, covers employees/applicants. New: Colorado signs HB26-1263 (AI Chatbot Protections Bill, May 29) mandating disclosures, banning romantic/sexual interactions with minors, requiring suicide-prevention resources; effective Jan 2027. xAI 9th Cir. challenge with DOJ preemption; H.R. 8413 SECURE Data Act faces criticism from EPIC/EFF; IAPP offers balanced view; CA AB 412; frontier model testing; data center regs expanding (Seattle moratorium, PA, VT, IL, UT, NC, ME, Franklin County, Brevard, WI, FL SB 484 signed May 7). New: AI 'referee' model (CAISI). Pennsylvania PUC proposes model tariff requiring data centers to pay for infrastructure upgrades. New: Connecticut SB 5 adds notice-based AI employment law with 'AI is not a defense' but anti-bias testing as mitigator. New: New Jersey launches plan to regulate data center growth. New: Lockhart, Texas moves to regulate future data centers and crypto mining. New: Tennessee enacts law requiring data centers to pay for infrastructure, prohibiting cost-shifting to ratepayers. New: CISA releases agentic AI security guidance (five risk categories). New: Joint Five Eyes guidance on agentic AI security. New: Texas app store age verification law (SB 2420) allowed by Fifth Circuit. New: Illinois SB 315 requires annual third-party auditing of AI systems; New York Safe By Design Act adds children's online safety. New: DataGrail report finds 145 AI laws passed in 2025, 63% of websites ignore opt-out signals, privacy teams shrinking; CCPA risk assessments with executive attestation under penalty of perjury starting 2028. New: FDA issues first AI warning letter for over-reliance on AI agents in GxP documentation, signaling enforcement in life sciences. New: Trump AI executive order (voluntary pre-release review) marks major policy pivot; White House battle between David Sacks and national security voices. New: State regulation of AI in health care faces federal preemption challenge under EO 14365.