Utah Consumer Privacy Act, Profiling Provisions (SB 227)
In effect since
Overview
Utah's comprehensive privacy law. It is the least restrictive state privacy law regarding profiling and ADM among comparable statutes: it includes opt-out for targeted advertising and sale of personal data, but does not include a general profiling opt-out or ADM impact assessment requirement. No universal opt-out mechanism requirement. Trackers sometimes incorrectly list Utah as having ADM provisions similar to other states.
This is a privacy law with automated decision-making provisions.
Utah AI regulation guide lists every tracked rule for this jurisdiction with timelines and obligation tallies.
Who this applies to
This regulation applies to both companies that build AI products and companies that use AI tools from other vendors.
AI categories covered
- Consumer-facing AI
- Automated decision-making
- Algorithmic profiling
Specific AI use cases:
- Customer profiling and segmentation
What this requires you to do
Transparency notice required
Provide transparency notices. Inform affected individuals that AI is being used and how it influences decisions.
Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
Enforcement and penalties
Up to $7,500 per violation. AG enforcement only.
Legislative history
How this law got here
Latest
effectiveTakes effect
Earliest
Source
Read the full text
https://le.utah.gov/~2022/bills/static/SB0227.html
Last verified: April 9, 2026
Always verify current language and amendments at the official source.
Other Utah regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.