AI Regulation – A “Short” Primer

AI is not a new technology, but in 2025 it is a technology that is coming of age. In fact, many experts would argue that 2025 could mark a technology tipping point for AI as it extends its reach to nearly every industry. There is an argument to be made that the huge advances in AI in 2025 will be remembered with the same historical impact as the first personal computers in the early 1980s or the iPhone in 2007. 

Legislation and Regulations aimed at getting its arms around AI started 3 – 5+ years ago and there is more to come. Lets take a look at some of the legislation and regulations put in place to try to “control” the reach and uses for AI as it evolves. Note that this is NOT intended to be a complete list, it is meant to give you a starting point for understanding AI Regulations worldwide.

Contact us today to set up your strategy session

sales@gate6.com

+1 (623) 572-7725

AI Regulation and Legislation in the US

The US has not directly adopted the EU AI Act, BUT it has several Executive Orders and Laws at the federal and state level that have been enacted to address the many concerns about the use of AI and protection of data and people. Note: This is NOT intended to be a complete list.

• 2020 (Federal) National Artificial Intelligence Initiative Act: Establishes a coordinated federal strategy for AI research, development, and policy in the United States and ensures the U.S. remains globally competitive in AI while promoting ethical, trustworthy, and responsible AI use.
  • Creates an office within the White House Office of Science and Technology Policy (OSTP) to coordinate federal AI activities.
  • Directs federal agencies to coordinate and align AI R&D programs with national priorities.
  • Expands programs like STEM to train AI professionals and upskill the existing workforce.
  • Ensures U.S. leadership in shaping global AI governance and norms.
• 2020 (Federal) AI in Government Act: Enacted to promote the adoption and effective use of AI across federal agencies in order to improve government services, efficiency, and innovation.
  • Establishes a center within the General Services Administration (GSA) to provide AI expertise and resources to agencies
  • Requires agencies to develop AI strategies aligned with federal priorities
  • Creates mechanisms for coordination among federal agencies to avoid duplication and leverage shared AI resources
  • Creates mechanisms for coordination among federal agencies to avoid duplication and leverage shared AI resources
• 2022 Executive Order – AI Bill of Rights: Outlines five key protections for Americans in the age of AI.

1. Safe and Effective Systems: AI systems should be tested, monitored to ensure that they do not cause foreseeable harm.
2. Algorithmic Discrimination Protections: AI systems must be designed to avoid and prevent bias or discrimination against protected groups.
3. Data Privacy: Individuals should have control over how their data is collected, used, and shared by AI systems.
4. Notice and Explanation: People must be informed when AI is being used in ways that affect them.
5. Human Alternatives, Consideration: Individuals should be able to opt out of AI-driven decisions in favor of a human review where appropriate.

• 2023 (Federal) Advancing American AI Act (included in the FY 2023 National Defense Authorization Act): Outlines a comprehensive strategy for the U.S. federal government to adopt and manage artificial intelligence (AI) technologies responsibly and effectively.

Unlike in the EU, many of the laws and regulations here in the US are implemented at the state level. Allowing each state to fine tune regulations as they see fit to address concerns in their state. The state level regulations and laws augment the federal laws and executive orders, they do not override them.

• 2023 Colorado Privacy Act: Grants Colorado residents enhanced control over their personal data and imposes specific obligations on businesses operating within the state. Among other features of the act, Colorado residents can
  • Opt out of AIsystems that use personal data for profiling
  • Use of sensitive personal data (like data controlled by HIPAA laws) requires the residents consent
  • AI systems must only use personal data necessary for their stated purpose.
  • The Attorney General can enforce compliance and penalties for breach of AI usage
• 2024 Colorado’s AI Act (2024): Requires developers of high-risk AI systems to use reasonable care to avoid algorithmic discrimination and requires disclosures to consumers.
• 2024 Tennessee Ensuring Likeness, Voice, and Image Security (ELVIS) Act: Protects musicians from unauthorized AI-generated voice and likeness reproductions. 
• 2024 Utah Artificial Intelligence Policy Act (SB 149): Establishes liability for misuse of generative AI and creates an Office of Artificial Intelligence Policy.

These are only a few of the state level examples of regulations. There are many more and the list keeps growing. Speak to a Gate6 AI expert to find out how AI can add value to your business.

Contact us today to set up your strategy session

sales@gate6.com

+1 (623) 572-7725

AI Regulation and Legislation in the EU

• 2022 – 2024 EU Digital Markets Act (DMA) & Digital Services Act (DSA): Mandates AI systems be aligned with human rights, democratic values, and the rule of law. Addresses fair access, and competition; and illegal content and disinformation respectively.  Not specifically AI related but impacting AI. 
• 2024-2025 The Artificial Intelligence Act ( EU AI Act): This legislation covers all of the currently understood pain points in a single legislation. Interestingly, there is no single US Federal Legislation that covers all the same points. It would take a combination of Federal and state legislation. Here are the 5 key points in this legislation.

1. Provides Risk-based ratings High Risk – Minimal Risk
2. Prohibits AI that manipulates human behavior, conducts social scoring, uses biometric identification
3. Very strict rules for anything classified High risk AI
4. AI Disclosure requirement – must disclose if AI is being used
5. High non-compliance penalties

•  2024 Council of Europe’s Framework Convention on Artificial Intelligence: International treaty between European countries (open to all countries) mandates AI systems be aligned with human rights, democratic values, and the rule of law. (significantly summarized)
• 2024 Cyber Resilience Act (CRA): Focuses on cybersecurity for digital products, including AI-enabled devices, mandating proactive security measures and incident reporting.

AI is moving fast—and so are the rules that govern it. Staying compliant while unlocking AI’s full potential takes more than technology; it takes expertise. Talk to a Gate6 AI expert today and turn regulation into your competitive advantage.

Contact us today to set up your strategy session

sales@gate6.com

+1 (623) 572-7725

FAQs About AI Regulation in 2025

What is AI regulation?
AI regulation refers to the laws, policies, and guidelines designed to govern the development, use, and impact of artificial intelligence. These rules aim to ensure AI is safe, ethical, transparent, and aligned with human rights.

Why is AI regulation important in 2025?
AI technology is rapidly advancing and influencing nearly every industry. Regulation ensures that AI systems are developed and deployed responsibly, preventing misuse, discrimination, and privacy violations.

What is the EU AI Act?
The EU AI Act is a comprehensive law that assigns risk categories to AI systems, prohibits certain high-risk uses, mandates transparency, and enforces strict compliance penalties for violations.

Does the US have a federal AI law like the EU AI Act?
No, the US doesn’t have one single federal AI law. Instead, it has multiple federal acts, executive orders, and state-level laws that collectively address AI governance, data privacy, and ethical use.

What is the AI Bill of Rights?
The AI Bill of Rights, issued as a US executive order in 2022, outlines five key protections for individuals, including safe and effective AI systems, algorithmic discrimination protections, data privacy, transparency, and the right to human alternatives.

Which US states have their own AI laws?
Several states have passed AI-specific laws. Examples include Colorado’s AI Act, Tennessee’s ELVIS Act protecting musicians’ likeness, and Utah’s Artificial Intelligence Policy Act addressing liability and governance.

How do AI regulations address data privacy?
AI regulations often include rules on how personal data can be collected, stored, processed, and used. Many require explicit consent for sensitive data, limit data usage to stated purposes, and provide opt-out options for individuals.

What is considered high-risk AI under the EU AI Act?
High-risk AI includes systems that manipulate human behavior, conduct social scoring, use biometric identification, or perform critical tasks in areas like law enforcement, healthcare, and employment. These require strict testing, monitoring, and disclosure.

How can businesses stay compliant with AI laws?
Businesses can stay compliant by auditing AI systems for bias, ensuring transparency in AI decision-making, safeguarding data privacy, and aligning with both local and international regulations. Working with AI compliance experts can help navigate complex legal requirements.

Do AI regulations slow innovation?
Some critics argue regulations can slow innovation, but many industry leaders see them as necessary for building trust, ensuring fairness, and creating a stable environment for long-term AI growth.

Written by Bob Cody

Share post

• 
• 
• 
• 
•