US AI law

The US AI law
patchwork.

There is no single federal AI law. States are writing their own rules, and they do not match. Here is a plain-language map of the ones that reach ordinary companies, and the one thing every one of them assumes you already have: a list of the AI you run.

Get your First Sweep by Monday Poke the live demo. No signup.
Browser · Desktop · CLI · MCP · Network
The landscape

Different states. Different rules. All at once.

Colorado regulates high-risk decision systems. Texas restricts intentional harms. Illinois governs AI in hiring. California stacks transparency rules. New York targets the largest model builders. Sell or hire across state lines and you can face several at the same time, plus the EU AI Act if you have users in Europe.

The map

Six laws worth knowing.

High-risk AI systems and consequential decisions, with duties for developers and deployers. Read the overview →
The Responsible AI Governance Act. Prohibited intentional uses, across government and private sectors. Read the overview →
Not one law but a stack: transparency, generative-AI disclosure, training data, and automated decisions. Read the roundup →
Safety and transparency duties aimed at the largest frontier model developers. Read the overview →
Notice, explanation, and consent when AI analyzes a video job interview. Read the overview →
The risk-based European regime that reaches US firms with users in the EU. Read the overview →
The first step

You cannot comply with what you cannot see.

Every one of these laws assumes you can answer a basic question: which AI systems does your company use, and who is using them? Most companies cannot. Coding agents, desktop apps, and browser tools call AI without ever touching a proxy log. Northbeams answers the question first, so counsel has something real to work from.

  • Inventory: every AI tool across browser, desktop, CLI, and MCP, sorted sanctioned, unknown, or high-risk.
  • Attribution: every use tied to a person, a tool, and a time, not a mystery IP address.
  • Evidence: an immutable, signed log you can hand to an auditor or your own counsel.
Common questions

US AI law, quickly.

Is there a federal US AI law?
Not a single general one yet. There are executive actions and sector-specific rules, but broad AI obligations are coming from the states and, for global firms, from the EU AI Act. This hub covers the state laws most likely to reach a mid-sized company.
Which of these laws applies to my company?
That depends on where your users, employees, and customers are, and on how you use AI. That is a question for your counsel. What you can do today is build the AI inventory every one of these laws assumes you already have.
Where should I start?
With visibility. Find every AI tool in use, tie each one to a person, and keep signed records. Then take that list to counsel. See how Northbeams builds the inventory →
This is a plain-language overview, not legal advice. Northbeams helps you know what AI you run and prove it, with an AI inventory, per-user attribution, and signed logs. It does not tell you what any of these laws require of you or your company. For your obligations, consult qualified counsel.

Start with an AI inventory.

You cannot comply with what you cannot see. Your First Sweep lands within 24 hours.

Get your First Sweep by Monday Poke the live demo. No signup.