Table of Contents
Quick Answer
After President Trump revoked Executive Order 14110 on 20 January 2025, US federal AI policy in 2026 is driven by the "America's AI Action Plan" (July 2025), OMB memoranda M-24-10 and M-24-18, NIST's AI Risk Management Framework, and a growing patchwork of state laws like the Colorado AI Act.
- No single federal AI statute exists
- Federal agencies must comply with OMB M-24-10 for high-risk AI
- State laws (Colorado, California, New York, Texas) now drive most private-sector AI compliance
What Is the US AI Regulatory Landscape?
The United States regulates AI through overlapping federal executive actions, sector-specific rules (FDA, FTC, EEOC, CFPB), and state statutes. President Biden's Executive Order 14110 (30 October 2023) was the keystone of federal AI policy until it was revoked on Inauguration Day 2025 by Executive Order 14148. The Trump Administration replaced it with Executive Order 14179 ("Removing Barriers to American Leadership in AI") and, in July 2025, the "America's AI Action Plan."
The NIST AI Risk Management Framework 1.0 (January 2023) and its Generative AI Profile (NIST AI 600-1, July 2024) remain the de-facto federal standard, kept in force by OMB Memo M-24-10 (March 2024).
Key Details / Requirements
| Authority | Scope | Status in 2026 |
|---|---|---|
| EO 14110 (Biden, 2023) | Safety testing, watermarking, GPAI reporting | Revoked January 2025 |
| EO 14179 (Trump, 2025) | "Remove barriers" to US AI leadership | Active |
| America's AI Action Plan (July 2025) | Three-pillar plan: Innovation, Infrastructure, International | Active |
| OMB M-24-10 | Federal agency AI use-case inventories and impact assessments | Active |
| OMB M-24-18 | AI procurement for federal agencies | Active |
| NIST AI RMF 1.0 | Voluntary risk framework | Widely adopted |
| Colorado AI Act (SB 205) | Private-sector high-risk AI | Effective 1 February 2026 |
Key Sectoral Rules
| Agency | AI-Related Rule |
|---|---|
| FDA | Predetermined Change Control Plan guidance (2024) for AI medical devices |
| FTC | Section 5 enforcement of deceptive AI (Rite Aid 2023, DoNotPay 2024) |
| EEOC | Technical assistance on AI in employment (May 2023) |
| CFPB | Adverse-action notices for algorithmic credit decisions (Circular 2023-03) |
| SEC | Predictive-analytics proposed rule (2023, still pending) |
Real-World Examples / Case Studies
Rite Aid (December 2023) — FTC banned Rite Aid from using facial recognition for five years after its surveillance system misidentified customers as shoplifters, disproportionately harming Black, Latino, Asian, and female shoppers.
Workday (2024) — A proposed class action in the Northern District of California alleges Workday's AI hiring tools discriminated against applicants over 40, illustrating how the ADEA and Title VII apply to algorithmic hiring.
iTutorGroup (2023) — Paid USD 365,000 in the first EEOC-led settlement of AI hiring discrimination after its software automatically rejected female applicants aged 55+ and male applicants aged 60+.
What This Means for Businesses
US companies in 2026 face a multi-layer compliance map: federal executive guidance, sectoral regulators, and state statutes. Colorado's AI Act (effective 1 February 2026) requires developers and deployers of high-risk AI systems to use reasonable care to prevent algorithmic discrimination, notify consumers, and file annual impact assessments with the Attorney General. California's SB 942 mandates AI content disclosures, and the Texas Responsible AI Governance Act (TRAIGA) takes effect 1 January 2026.
Compliance Checklist
- Map every AI use case to federal and state rules (NIST AI RMF is the common taxonomy)
- If selling to federal agencies, align with OMB M-24-18 procurement requirements
- For high-risk AI in Colorado: complete impact assessments and AG filings
- Publish FTC-compliant disclosures for consumer-facing generative AI
- Comply with EEOC guidance on adverse impact in hiring tools
- Document adverse-action notices per CFPB Circular 2023-03 for credit decisions
Conclusion
US AI compliance in 2026 means tracking federal executive direction, agency sectoral rules, and an expanding list of state statutes. Companies that standardise on NIST AI RMF and ISO/IEC 42001 will absorb new state laws with minimal disruption.
Misar AI publishes a live US AI compliance tracker across all 50 states — bookmark misar.blog/compliance-tracker.