Regulatory updates
What's new in AI compliance
The latest regulatory changes, new laws, upcoming deadlines, and enforcement activity.
Upcoming in the next 90 days
4 regulations take effect in the next 90 days.
- May 19, 2026 · TAKE IT DOWN Act (S. 146)
- June 11, 2026 · Washington SB 5395 - AI in Health Insurance Prior Authorization
- June 30, 2026 · Colorado AI Act (SB 24-205)
- July 1, 2026 · Connecticut Public Act 25-113 (SB 1295) - CTDPA and profiling amendments
Filters
July 2026
- July 1, 2026Medium impactEffective dateCT
Connecticut Public Act 25-113 (SB 1295) - CTDPA and profiling amendments takes effect
Amends the Connecticut Data Privacy Act and related law. Primary applicability threshold lowered from 100,000 to 35,000 consumers. No threshold for businesses processing sensitive data or selling personal data. Dual-assessment requirement: impact assessments for profiling producing legal/significant effects are separate from existing DPIAs (unique feature). Controllers are categorically prohibited from processing minors' personal data for targeted advertising or sale, regardless of consent. Expanded sensitive data definition includes neural data, financial account numbers, disability status, and nonbinary/transgender status. Active AG enforcement: $85K settlement already secured, increased AG funding for enforcers. Effective in about 83 days, so teams should map obligations and prepare evidence now.
June 2026
- June 30, 2026High impactEffective dateCO
Colorado AI Act (SB 24-205) takes effect
Requires developers and deployers of high-risk AI systems to use reasonable care to protect consumers from algorithmic discrimination in consequential decisions. Active repeal-and-replace effort may modify obligations before the June 30, 2026 effective date. Plan for current law until replacement is enacted. Effective in about 82 days, so teams should map obligations and prepare evidence now.
- June 11, 2026Medium impactEffective dateWA
Washington SB 5395 - AI in Health Insurance Prior Authorization takes effect
AI tools may be used to approve prior authorization requests but may not deny care without human review by a licensed physician or health professional. Managed care organizations must report the percentage of total denials aided by AI. Periodic performance reviews of AI tools required for accuracy and reliability. Effective in about 63 days, so teams should map obligations and prepare evidence now.
May 2026
- May 19, 2026High impactEffective dateFEDERAL
TAKE IT DOWN Act (S. 146) takes effect
Dual-effective-date framework now reaches the platform compliance milestone: criminal provisions already took effect at signing, and platform duties are now in force. The law covers both authentic NCII and AI-generated deepfakes, includes FTC jurisdiction over nonprofits, and requires operational notice-and-removal workflows with statutory timelines.
April 2026
- April 8, 2026High impactDatabase updateALL
Database reviewed and expanded
XIRA regulation database was reviewed and expanded with recent state and federal items. Coverage now includes additional California, New York, Connecticut, Utah, and federal entries reflected in the live tracker.
March 2026
- March 17, 2026High impactProposedCO
Colorado repeal-and-replace draft released
A governor-endorsed draft proposes replacing portions of Colorado SB 24-205 with narrower ADMT-style disclosure and recordkeeping obligations. The proposal does not pause current compliance planning for the enacted law.
- March 11, 2026Medium impactEnforcementFEDERAL
Federal commentary on state AI laws published
Commerce commentary discussed implementation burden in certain state AI statutes. No federal action from this commentary overrides enacted state obligations.
January 2026
- January 1, 2026High impactNew lawCA
California 2026 AI statute wave takes effect
Multiple California laws in the XIRA database move into force, including frontier model transparency and healthcare disclosure requirements. Teams operating in California should verify notice, disclosure, and governance artifacts before launch windows.
December 2025
- December 11, 2025Medium impactEnforcementFEDERAL
DOJ AI litigation posture strengthened
Federal enforcement signaling from DOJ indicates stronger cross-agency focus on AI-related misconduct and harms. This raises the importance of retained evidence and governance controls across high-risk use cases.