Table of Contents
Quick Answer
After President Trump revoked Executive Order 14110 on 20 January 2025, US federal AI policy in 2026 is driven by the "America's AI Action Plan" (July 2025), OMB memoranda M-24-10 and M-24-18, NIST's AI Risk Management Framework, and a growing patchwork of state laws like the Colorado AI Act.
- No single federal AI statute exists
- Federal agencies must comply with OMB M-24-10 for high-risk AI
- State laws (Colorado, California, New York, Texas) now drive most private-sector AI compliance
What Is the US AI Regulatory Landscape?
The United States regulates AI through overlapping federal executive actions, sector-specific rules (FDA, FTC, EEOC, CFPB), and state statutes. President Biden's Executive Order 14110 (30 October 2023) was the keystone of federal AI policy until it was revoked on Inauguration Day 2025 by Executive Order 14148. The Trump Administration replaced it with Executive Order 14179 ("Removing Barriers to American Leadership in AI") and, in July 2025, the "America's AI Action Plan."
The NIST AI Risk Management Framework 1.0 (January 2023) and its Generative AI Profile (NIST AI 600-1, July 2024) remain the de-facto federal standard, kept in force by OMB Memo M-24-10 (March 2024).
Key Details / Requirements
Authority
Scope
Status in 2026
EO 14110 (Biden, 2023)
Safety testing, watermarking, GPAI reporting
Revoked January 2025
EO 14179 (Trump, 2025)
"Remove barriers" to US AI leadership
Active
America's AI Action Plan (July 2025)
Three-pillar plan: Innovation, Infrastructure, International
Active
OMB M-24-10
Federal agency AI use-case inventories and impact assessments
Active
OMB M-24-18
AI procurement for federal agencies
Active
NIST AI RMF 1.0
Voluntary risk framework
Widely adopted
Colorado AI Act (SB 205)
Private-sector high-risk AI
Effective 1 February 2026
Key Sectoral Rules
Agency
AI-Related Rule
FDA
Predetermined Change Control Plan guidance (2024) for AI medical devices
FTC
Section 5 enforcement of deceptive AI (Rite Aid 2023, DoNotPay 2024)
EEOC
Technical assistance on AI in employment (May 2023)
CFPB
Adverse-action notices for algorithmic credit decisions (Circular 2023-03)
SEC
Predictive-analytics proposed rule (2023, still pending)
Real-World Examples / Case Studies
Rite Aid (December 2023) — FTC banned Rite Aid from using facial recognition for five years after its surveillance system misidentified customers as shoplifters, disproportionately harming Black, Latino, Asian, and female shoppers.
Workday (2024) — A proposed class action in the Northern District of California alleges Workday's AI hiring tools discriminated against applicants over 40, illustrating how the ADEA and Title VII apply to algorithmic hiring.
iTutorGroup (2023) — Paid USD 365,000 in the first EEOC-led settlement of AI hiring discrimination after its software automatically rejected female applicants aged 55+ and male applicants aged 60+.
What This Means for Businesses
US companies in 2026 face a multi-layer compliance map: federal executive guidance, sectoral regulators, and state statutes. Colorado's AI Act (effective 1 February 2026) requires developers and deployers of high-risk AI systems to use reasonable care to prevent algorithmic discrimination, notify consumers, and file annual impact assessments with the Attorney General. California's SB 942 mandates AI content disclosures, and the Texas Responsible AI Governance Act (TRAIGA) takes effect 1 January 2026.
Compliance Checklist
- Map every AI use case to federal and state rules (NIST AI RMF is the common taxonomy)
- If selling to federal agencies, align with OMB M-24-18 procurement requirements
- For high-risk AI in Colorado: complete impact assessments and AG filings
- Publish FTC-compliant disclosures for consumer-facing generative AI
- Comply with EEOC guidance on adverse impact in hiring tools
- Document adverse-action notices per CFPB Circular 2023-03 for credit decisions
FAQs
Q: Is there a US federal AI law?
No comprehensive statute exists. Federal AI policy is executive-order driven and sector-specific.
Q: Does EO 14179 replace EO 14110?
Yes — EO 14148 revoked EO 14110 and EO 14179 sets new direction.
Q: What is the most important state AI law?
The Colorado AI Act (SB 205) is the first comprehensive state AI law, effective 1 February 2026.
Q: Is NIST AI RMF mandatory?
Voluntary, but required for federal contractors and recognised as a safe harbour in several state laws.
Q: Does the FTC regulate AI?
Yes — the FTC uses Section 5 (unfair or deceptive acts) to police AI practices; the "Operation AI Comply" sweep launched September 2024.
Q: What penalties apply under the Colorado AI Act?
Up to USD 20,000 per violation, enforced by the Colorado Attorney General.
Q: Do federal contractors have extra AI rules?
Yes — OMB M-24-18 applies binding procurement rules.
Conclusion
US AI compliance in 2026 means tracking federal executive direction, agency sectoral rules, and an expanding list of state statutes. Companies that standardise on NIST AI RMF and ISO/IEC 42001 will absorb new state laws with minimal disruption.
Misar AI publishes a live US AI compliance tracker across all 50 states — bookmark misar.blog/compliance-tracker.