AI Law & Compliance Tracker (2026)

AI law is moving fast in 2026. On June 2, 2026, President Trump signed a new AI executive order. By March 2026, lawmakers in 45 states had introduced 1,561 AI bills. Companies, schools, and developers need one place to track it all.

This AI law compliance tracker pulls the most important rules into one view. You will find the federal executive order, state laws by state, the Colorado AI Act, and AI model safety rules. Each section links to a deeper guide.

We update this tracker as new rules pass. Bookmark it, share it with your legal and IT teams, and use it to scope your AI compliance plan for the rest of 2026.

What is new in AI law (as of June 2, 2026)

Three things changed AI compliance this year. The federal executive order, the Colorado AI Act delay, and a wave of state laws taking effect on January 1, 2026.

Most of these rules apply to companies of any size. Many also reach schools, government contractors, and AI developers. Use the timeline below to spot what hits your business first.

• June 2, 2026 — President Trump signs "Promoting Advanced Artificial Intelligence Innovation and Security" executive order. Voluntary 30-day pre-release review of frontier AI models.
• June 30, 2026 — Colorado AI Act (SB 24-205) is currently scheduled to take effect, after being delayed from February 1, 2026.
• August 2, 2026 — European Commission begins enforcing the EU AI Act for general-purpose AI (GPAI) providers.
• January 1, 2026 — California SB 53 (frontier AI transparency), California AB 2013 (training data transparency), and Texas TRAIGA (HB 149) all took effect.
• May 1, 2024 — Utah SB 149 (AI Policy Act) — still the first US state-level generative AI consumer protection law.

The new federal AI executive order at a glance

President Trump signed the new AI executive order on June 2, 2026. It is voluntary, not mandatory. The order asks the most powerful AI developers to share frontier models with the government 30 days before public release.

The order also tells federal agencies to build AI cyber-capability benchmarks and a federal "AI cybersecurity clearinghouse." It explicitly bars any mandatory licensing of new AI models.

Read the full breakdown on our AI executive order explained page for who it covers, what changes vs. Biden EO 14110, and how to prepare.

• Voluntary 30-day pre-release review — scaled back from a 90-day draft that was paused on May 21, 2026.
• New AI cybersecurity clearinghouse to share vulnerability information across agencies.
• Cyber-capability benchmarks to define which models count as "covered frontier models."
• Explicit ban on mandatory federal licensing or preclearance for new AI models.
• No new state-law preemption — state AI laws (Colorado, Texas, California, Utah) remain in force.

State AI laws snapshot (June 2026)

Every state has now introduced AI legislation. About 145 AI bills were enacted in 2025 alone. The biggest five to track in 2026 are Colorado, Texas, California, Utah, and Illinois.

Use the snapshot below for a quick view. For a full state-by-state breakdown — including pending bills and effective dates — read our state AI laws by state guide.

• Colorado SB 24-205 — Broad "high-risk AI" rules for developers and deployers. Effective date currently June 30, 2026 (delayed from Feb 1, 2026).
• Texas TRAIGA (HB 149) — Effective January 1, 2026. Bans intentional harm, social scoring, and CSAM deepfakes. Lighter than the original draft.
• California SB 53 (TFAIA) — Effective January 1, 2026. Frontier-model safety disclosures for developers training above 10^26 FLOPs.
• California AB 2013 — Effective January 1, 2026. Generative AI training-data documentation must be posted publicly.
• Utah SB 149 — Effective May 1, 2024. Disclose generative AI use on request; mandatory disclosure in "high-risk" interactions.
• Illinois HB 3773 — Amends the Illinois Human Rights Act to cover AI in employment decisions. Effective January 1, 2026.
• New York City Local Law 144 — Bias audit requirement for automated employment decision tools. In force since 2023.

Who needs to comply: companies, schools, and developers

Most AI laws apply to two groups: AI developers (who build the model) and AI deployers (who use it). The new federal executive order adds a third: frontier-model labs that sign up for voluntary review.

Schools, hospitals, banks, and government contractors face extra rules. The table below shows which law hits each group first.

• AI developers (foundation model labs): California SB 53, EU AI Act GPAI rules, voluntary federal review under the new EO.
• AI deployers (companies using AI tools): Colorado SB 24-205, Texas TRAIGA, Utah SB 149, Illinois HB 3773, EU AI Act high-risk rules.
• Schools and education tech: Colorado SB 24-205 (if AI is used for consequential decisions), state student-data laws, federal student-privacy rules.
• Employers using AI in hiring: NYC Local Law 144, Illinois HB 3773, Colorado SB 24-205, EEOC guidance.
• Healthcare providers: Utah AI Policy Act mental-health amendments, HHS AI transparency rules, HIPAA controls for AI vendors.
• Financial services: CFPB AI lending guidance, NY DFS AI cyber guidance, SR 11-7 model risk management.
• Federal contractors: New executive order benchmarks, OMB M-24-10 AI use guidance, FedRAMP for AI services.

AI model safety rules: the frameworks that matter

AI model safety is no longer just a research topic. Three frameworks now drive most enterprise AI safety programs: NIST AI RMF, ISO/IEC 42001, and the EU AI Act.

Frontier labs also publish their own safety policies — Anthropic's Responsible Scaling Policy, OpenAI's Preparedness Framework, and Google DeepMind's Frontier Safety Framework. Together, these set the bar for vendor due-diligence in 2026.

Our AI model safety rules guide walks through each framework, the controls they share, and what to ask a vendor before you buy.

• NIST AI RMF 1.0 — US baseline, voluntary. Includes a Generative AI Profile (NIST AI 600-1) with 12 risk categories.
• ISO/IEC 42001 — International AI management system standard. Certifiable, like ISO 27001.
• EU AI Act — Binding in the EU. GPAI obligations apply now; full enforcement starts August 2, 2026.
• California SB 53 — First US state frontier-model transparency law. Threshold: 10^26 FLOPs.
• Frontier lab policies — Anthropic RSP, OpenAI Preparedness, DeepMind FSF — voluntary but widely cited.

AI compliance quick-start for 2026

Start small. Most companies do not need a full ISO 42001 program in year one. A simple AI inventory, a written policy, and a vendor checklist cover most state-law requirements.

Layer3 helps companies set up AI compliance programs that match real risk, not theater. Below is the order of operations we use with most clients.

• Build an AI inventory — list every AI tool in use, who owns it, and what data it touches.
• Map your geography — Colorado, California, Texas, Utah, Illinois, and EU exposure each trigger different rules.
• Write a one-page AI use policy — disclosures, prohibited uses, human-review thresholds.
• Run a vendor due-diligence pass — request model cards, safety policies, and SOC 2 reports.
• Adopt NIST AI RMF as your baseline — it maps cleanly to Colorado SB 24-205 and the EU AI Act.
• Document impact assessments for any "high-risk" use — required by Colorado, the EU AI Act, and increasingly by enterprise buyers.
• Set a review cadence — at minimum, re-check this tracker every quarter.