ホーム
/ インサイト
/ 記事
/ Navigating America’s Fast-Changing AI Regulatory Landscape

Navigating America’s Fast-Changing AI Regulatory Landscape

Why Organizations Must Shift From Reactive Compliance to Proactive AI Readiness

Artificial intelligence is advancing faster than any regulatory framework designed to govern it. While the technology is accelerating innovation across industries, the rules that shape how AI can be built, deployed and monitored remain deeply fragmented across the United States. For business leaders, the challenge is no longer simply understanding AI — it’s understanding the growing and uneven terrain of obligations, expectations and risks emerging across jurisdictions.

From our expert vantage point advising clients across industries, we see many organizations asking the wrong question. It is not, “What is required of us today?” The right question is, “Are we prepared for what’s coming next?”

A Federal Vision Without Federal Uniformity

At the federal level, U.S. policymakers have signaled a clear posture: America intends to lead globally in AI innovation. The America’s AI Action Plan, released in July 2025, reflects this ambition. Its priorities — international competitiveness, national infrastructure, and broad public-sector modernization — underscore the government’s preference for enabling AI adoption rather than restricting it.¹

Recent executive actions follow the same logic. The Administration has accelerated data center permitting, promoted export pathways for U.S. models and directed federal agencies to ensure public-facing AI tools remain “ideologically neutral.”^{2, 3, 4} These initiatives promote innovation but do not create enforceable guardrails for private-sector AI deployment.

Instead, the federal government relies on voluntary standards — notably the NIST AI Risk Management Framework and OMB guidance for federal agencies.⁵ These frameworks set important expectations but stop short of imposing legally binding obligations on industry. The result is a widening regulatory vacuum — one that states have moved quickly to fill.

A New Federal Variable: The December 2025 Executive Order on State AI Laws

Last month, President Trump issued a new executive order — Ensuring a National Policy Framework for Artificial Intelligence, — introducing a more assertive federal posture toward the increasingly fragmented landscape of state-level AI regulation.⁶

The Order directs federal agencies to review and evaluate existing state AI laws and establishes an AI Litigation Task Force empowered to challenge state statutes deemed inconsistent with federal AI policy. It also authorizes restrictions on certain federal funding for states that enact AI rules that “obstruct” national AI priorities, an unprecedented mechanism designed to influence state regulatory behavior.

Supporters argue the EO is a necessary step toward a coherent national framework, reducing the compliance complexity businesses face as state requirements diverge. Critics view it as a potential overreach into long-established state authority, particularly in consumer protection and technology regulation — areas where states have historically played a leading role.

For business leaders, the takeaway is clear: the federal-state dynamic is no longer passive. Organizations must prepare for a regulatory environment in which state laws may be challenged, preempted, or rewritten adding yet another dimension of uncertainty to an already volatile compliance landscape.

States Are Driving AI Regulation — and They’re Not Moving in Sync

In the absence of federal uniformity, state legislatures have become the primary architects of U.S. AI regulation. In 2025 alone, every state introduced some form of AI legislation, and several enacted sweeping requirements.⁷ Their approaches vary dramatically.

Colorado established one of the country’s first “high-risk AI” regimes, mandating impact assessments, disclosures and human oversight for sensitive use cases.⁸ California passed a suite of algorithmic accountability and transparency laws focused on disclosures, synthetic media labeling and risk mitigation.⁹ Texas enacted TRAIGA, creating penalties for improper AI use in government systems and offering a regulatory sandbox for supervised experimentation.¹⁰

At the same time, State Attorneys General are increasing scrutiny, forming a bipartisan AI task force in 2025 aimed at coordinating investigations and enforcement across jurisdictions.¹¹ Courts have entered the conversation as well, as evidenced by the rash of litigation challenging RealPage’s AI-enabled rent pricing software.¹²

The message is clear: the regulatory ground is shifting — not slowly, but continuously.

Common Principles, Divergent Obligations

Despite their differences, most state laws converge on several foundational themes: transparency, fairness, accountability, data protection and restrictions on harmful AI use. Yet each state interprets these themes differently, creating a patchwork of overlapping, conflicting and sometimes ambiguous obligations.

From a technical standpoint, these differences have immediate implications for how organizations train, validate, stress-test, deploy and monitor AI systems. A single model may be considered “high-risk” in Colorado but not in California. One state may require external disclosures, while another demands internal documentation, audit trails, or explanation rights. Some states offer cure periods; others enforce penalties immediately.

This divergence is more than administrative complexity — it's reshaping how enterprises must govern the entire AI lifecycle.

What We’re Seeing Across the Market

Across our client work, a consistent pattern is emerging: organizations are experimenting with AI significantly faster than they are building the governance, documentation and controls needed to manage it responsibly.

Common gaps include:

incomplete model documentation
unclear data provenance
inconsistent validation and testing
insufficient monitoring of models in production
lack of clarity around ownership and accountability

These issues may not feel urgent in early experimentation phases — but they become immediate liabilities when regulators begin examining how decisions were made, how models perform and how risk was managed.

Enforcement Is Coming — But the Shape of It Remains Unclear

While many AI laws are still months away from taking effect, early enforcement signals are emerging. State AGs are beginning to issue civil investigative demands, request documentation on model governance practices, and examine transparency failures. Regulatory sandboxes — now active in Texas, Delaware, and Pennsylvania — suggest that regulators want to learn alongside industry, even as they prepare for more formal oversight.¹³

Organizations that wait for enforcement to mature will be too late. Regulators may not be prescriptive today — but there are indications that they will be more unforgiving in the future.

These signals make one reality unavoidable: uncertainty is now a permanent feature of the U.S. AI regulatory landscape.

The Path Forward: Why Readiness Is Now a Strategic Advantage

The accelerating pace of AI regulation in the U.S. marks a turning point for organizations. While AI innovation advances faster than oversight, regulatory expectations are becoming clearer each quarter. This fragmented and evolving environment is not a temporary phase, it is operating reality for AI-driven businesses.

From our perspective advising leading organizations on AI risk, governance and regulatory preparedness, three forces will define the next chapter of AI governance:

First, Enforcement Will Arrive Before Uniformity
State Attorneys General, federal agencies and plaintiffs’ attorneys will use existing laws — from consumer protection statutes to unfair business practices rules — to pursue AI-related misconduct long before a comprehensive federal framework exists.

Second, Colorado and California Are Emerging As De Facto National Standards
Even companies without operations in those states will feel the ripple effects as vendors, partners and clients adopt their requirements across supply chains. Despite federal efforts to discourage or pre-empt state action, early-mover states are continuing to push forward—and their more robust frameworks are increasingly shaping how other states draft, adjust or calibrate their own AI regulations.^{14, 15}

Third, Accountability Expectations Will Shift From Technical Teams to Enterprise Leadership
Boards and executives will need to treat AI with the same rigor as financial, operational and cybersecurity risk. That means clear ownership, consistent governance processes, explainable models and the ability to articulate how AI systems might fail.

The organizations making the most progress are those treating AI readiness as both a technical discipline and a leadership priority. It is not enough to have a governance framework on paper; leaders must understand the underlying models, the data that powers them and the risks that emerge when AI scales.

Organizations that move now — building documentation, strengthening governance, testing models rigorously, mapping regulatory obligations and clarifying decision rights — can not only avoid compliance pitfalls, they can also position themselves to innovate faster and with more confidence than their competitors.

Given the uncertainty prevalent today and in the foreseeable future, readiness is no longer a defensive posture — it is a source of strategic differentiation. The organizations that win the next phase of AI adoption will not necessarily be those that deploy AI first, but those that deploy it with foresight, control and trust.

Footnotes:

1: Executive Office of the President of the United States, “America’s AI Action Plan,” The White House (July 2025).

2: Executive Office of the President of the United States, Executive Order 14318, “Accelerating Federal Permitting of Date Center Infrastructure,” The White House (July 23, 2025).

3: Department of Commerce / International Trade Administration, “The Department of Commerce Announces American AI Exports Program Implementation” (Oct. 21, 2025).

4: Executive Office of the President of the United States, Office of Management and Budget, “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence,” Memorandum M-24-10 (March 28, 2024).

5: Cooley LLP, “US Expands Artificial Intelligence Guidance with NIST AI Risk Management Framework”, February 8, 2023. .

6: Executive Office of the President of the United States, “Ensuring a National Policy Framework for Artificial Intelligence,” The White House (Dec. 11, 2025).

7: National Conference of State Legislatures, “Artificial Intelligence State Bill Tracking” (2025).

8: “Consumer Protections for Artificial Intelligence,” enacted May 17, 2024.

9: “Generative Artificial Intelligence Accountability Act,” enacted September 29, 2024.

10: “Texas Responsible Artificial Intelligence Governance Act,” enacted June 22, 2025.

11: National Association of Attorneys General, “Bipartisan Coalition of 36 State Attorneys General Opposes Federal Ban on State AI Laws,” (November 25, 2025).

12: RealPage, Inc., “RealPage Reaches Settlement with U.S. Department of Justice Regarding Revenue Management Software.” RealPage (November 24, 2025).

13: State AI Regulatory Sandbox Programs (Texas, Delaware, and Pennsylvania) (2024–2025).

— Texas: Link.

— Delaware: Link and link.

— Pennsylvania: Link.

14: “AI Executive Order Targets State Laws and Seeks Uniform Federal Standards,” Latham & Watkins LLP (December 17, 2025).

15: Quinlan, Keely, “Trump’s state AI-law order sparks clash between states and industry,” StateScoop (December 18, 2025).