We may see AI rules & regulations across multiple areas with key objective towards;
Data Privacy Regulations: Data privacy regulations like the European Union’s General Data Protection Regulation (GDPR) place restrictions on the collection, storage, and processing of personal data, which includes data used in AI systems.
Algorithmic Accountability: Some regions have been exploring the idea of holding organizations accountable for the outcomes of their AI algorithms, particularly when they result in bias, discrimination, or harm.
AI and Ethics Guidelines: Various organizations and governments have published guidelines on the ethical use of AI. For example, the OECD AI Principles emphasize transparency, accountability, and fairness in AI systems.
Autonomous Systems Regulations: Autonomous systems, including self-driving cars and drones, are subject to specific regulations governing their use and safety.
Healthcare AI Regulations: In the healthcare sector, AI applications, including diagnostic and treatment tools, are subject to strict regulatory scrutiny to ensure safety and efficacy.
Financial Services: AI is used extensively in the financial sector. Regulations are in place to ensure that AI-based systems in finance are fair, transparent, and comply with anti-money laundering and other financial regulations.
Intellectual Property: Regulations surrounding intellectual property, including patents and copyrights, may apply to AI inventions and creations.
Export Controls: Some AI technologies are subject to export controls due to their potential military or dual-use applications.
Antitrust and Competition Laws: In some cases, AI companies may be subject to antitrust regulations if their practices harm fair competition.
Consumer Protection: Regulations may exist to protect consumers from deceptive or harmful AI applications, such as chatbots and virtual assistants.
Government Surveillance and National Security: Governments may regulate AI use for national security and surveillance purposes to protect citizens and critical infrastructure.
Labor and Employment Laws: There may be regulations concerning the use of AI in the workplace, including its impact on employment and labor practices.
AI in Education: Regulations regarding AI use in educational settings to ensure the ethical and responsible use of AI for teaching and learning.
Electronic Privacy Information Center (epic.org)
The State of State AI Laws: 2023
Laws going into effect in 2023
Of the AI-related laws going into effect in 2023, most of them are part of comprehensive consumer privacy laws. These laws regulate AI and automated decision-making by allowing users to opt-out of profiling and requiring impact assessments. One law in New York City stands out as it “blazes a path for A.I. regulation” in hiring, attracting national attention.
| State/City | Name | Date passed | Date in effect | Description |
| California | California Privacy Rights Act (CPRA) | November 3, 2020 | January 1, 2023 | CPRA amends the California Consumer Privacy Act, introducing provisions impacting AI like additional limitations on data retention, data sharing, and use of sensitive personal information. |
| Colorado | Colorado Privacy Act (CPA) | July 7, 2021 | July 1, 2023 | The CPA gives consumers the right to opt-out of profiling in furtherance of automated decisions. It also requires a data protection assessment for activities that pose a “heightened risk of harm,” including targeted advertising and some types of profiling. |
| Connecticut | Connecticut Data Privacy Act (CTDPA) | May 10, 2022 | July 1, 2023 | The CTPA gives consumers the right to opt-out of profiling in furtherance of automated decisions. It also requires a data protection assessment for activities that pose a “heightened risk of harm,” including targeted advertising and some types of profiling. |
| New York City | Automated Employment Decision Tools | December 11, 2021 | January 1, 2023 | AEDT regulates the use of AI in hiring. It requires employers to notify candidates about the use of such tools, allows candidates to request what data is used, and requires an annual audit to evaluate the tool for bias. |
| Virginia | Virginia Consumer Data Privacy Act (VCDPA) | March 2, 2021 | January 1, 2023 | The VCDPA gives consumers the right to opt-out of profiling in furtherance of automated decisions. It also requires a data protection assessment for activities that pose a “heightened risk of harm,” including targeted advertising and some types of profiling. |
| Utah | Utah Consumer Privacy Act (UCPA) | March 24, 2022 | December 31, 2023 | The UCPA gives consumers the ability to opt-out of profiling using personal data. Notably, it does not require impact assessments for data controllers. |