Which states require AI disclosure to consumers?

Last verified: June 1, 2026

Answer

Several states require AI disclosure, but the scope differs sharply. Colorado's AI Act (SB 26-189, obligations from January 1, 2027) requires deployers to give consumers notice when automated decision-making technology is used in a consequential decision, plus a plain-language explanation after an adverse outcome. California's AI Transparency Act (SB 942, operative January 1, 2026) requires large generative-AI providers to offer an AI-detection tool and to watermark AI-generated content. Illinois requires employers to notify employees and applicants when AI is used in employment decisions (HB-3773, effective January 1, 2026) and to disclose and obtain consent for AI analysis of video interviews (Artificial Intelligence Video Interview Act, 820 ILCS 42). Connecticut's AI law (SB-1103 / Public Act 23-16) is narrower — it governs Connecticut state agencies' own use of AI (impact assessments and a public AI inventory), not private-sector consumer disclosure.

Applicable Regulations

SB-26-189

Colorado AI Act — Automated Decision-Making Technology (SB 26-189, repeal & reenactment of SB 24-205)

enacted

On 2026-05-14 Governor Polis signed SB 26-189, which repeals and reenacts the Colorado AI Act (originally SB 24-205). The new law abandons the risk-management / annual-impact-assessment model and replaces it with a disclosure-and-notice framework governing "automated decision-making technology" (ADMT) that makes or substantially influences "consequential decisions" (education, employment, housing, financial services, insurance, healthcare, government services). The statute formally takes effect 2026-08-12 (no safety clause), but all substantive compliance obligations — for both deployers and developers — begin 2027-01-01, which is the operative date for regulated businesses; the Attorney General's implementing rules are also due by 2027-01-01. The AG has stated he will not enforce until the mandatory rulemaking process concludes.

Key Requirements

Interaction Notice Deployers must give clear notice at the point of interaction when a consumer interacts with an automated decision-making technology (ADMT)
Adverse-Outcome Disclosure Provide a plain-language explanation within 30 days of an adverse consequential decision made or substantially influenced by an ADMT
Data Correction Right Allow consumers to request correction of factually incorrect personal data used by the ADMT
Meaningful Human Review Provide meaningful human review and reconsideration after an adverse consequential decision
Developer Documentation Developers must supply technical documentation (intended uses, known harmful uses, training-data categories, known limitations and risks, and instructions enabling meaningful human review), notify deployers of material updates, and retain compliance records for 3+ years. Like all duties under the act, these obligations begin 2027-01-01
Effective: 2027-01-01 Penalties: Enforced exclusively by the Colorado Attorney General; violations are treated as deceptive trade practices under the Colorado Consumer Protection Act. Before enforcement the AG must give 60 days' written notice and an opportunity to cure; this cure right sunsets 2030-01-01, after which enforcement may be immediate. The AG has stated no enforcement will occur until the mandatory rulemaking process concludes.
SB-1103

An Act Concerning Artificial Intelligence, Automated Decision-Making and Personal Data Privacy (Public Act 23-16)

enacted

Public Act 23-16 — the enacted form of Connecticut SB-1103 (2023 session). Signed by Governor Ned Lamont on June 7, 2023, making Connecticut among the first states to impose oversight on state agency use of AI. Government-only scope: does NOT directly regulate private-sector AI. Requires state agencies to complete impact assessments before deploying AI systems, publish a public AI inventory, and submit annual reports to the joint standing consumer-protection committee. Sections 1–3 effective July 1, 2023; Section 4 effective October 1, 2023; Section 5 effective upon passage.

Key Requirements

State Agency AI Impact Assessments State agencies may not employ AI systems that have not undergone impact assessments or that result in unlawful discrimination or disparate impact against specified individuals or groups
Public AI Inventory All inventory reports detailing AI systems used by state agencies and the Judicial Department must be publicly accessible online, with the Department of Administrative Services making its inventories available on the state's open data site
Annual Consumer-Protection Report Annual report to the joint standing committee on consumer protection, due February 15 beginning 2025 and annually thereafter
Effective: 2023-07-01 Penalties: Oversight and enforcement through legislative reporting requirements. Agencies failing to comply face ongoing reporting obligations to the Connecticut General Assembly.
SB-942

California AI Transparency Act

enacted

Requires providers of large-scale generative AI systems (1 million+ monthly users) to make AI-generated content detectable through free public detection tools and embedded technical watermarks in image, video, and audio output. Signed September 19, 2024.

Key Requirements

Free AI Detection Tool Offer a free, publicly accessible tool allowing anyone to assess whether image, video, or audio content was created or altered by the provider's generative AI system
Manifest Disclosure Give users the option to attach a clear, conspicuous, human-readable disclosure on AI-generated content
Latent Technical Disclosure Embed technical metadata (provider name, system version, creation date, unique identifier) in AI-generated content, detectable by the provider's tool
Third-Party Licensee Enforcement Revoke licenses within 96 hours if a licensee disables disclosure capabilities
Effective: 2026-01-01 Penalties: Civil penalties of $5,000 per violation, each day constituting a separate violation.
HB-3773

Illinois Human Rights Act AI Amendment (Public Act 103-0804)

enacted

Amends the Illinois Human Rights Act (775 ILCS 5/) to prohibit employers from using artificial intelligence that subjects employees or applicants to discrimination based on protected classes, and from using zip codes as a proxy for protected classes. Requires employers to notify employees when AI is used in recruitment, hiring, promotion, discharge, discipline, or other terms and conditions of employment. Defines "artificial intelligence" and "generative artificial intelligence" for purposes of the Act.

Key Requirements

AI Discrimination Prohibition Cannot use AI that has the effect of subjecting employees to discrimination on the basis of protected classes identified under the Illinois Human Rights Act
Zip Code Proxy Ban Cannot use zip codes as a proxy for protected classes under the Illinois Human Rights Act
Employee Notice of AI Use Must provide notice to an employee that the employer is using AI for recruitment, hiring, promotion, discharge, discipline, or other employment-related decisions
Effective: 2026-01-01 Penalties: Enforced through the Illinois Human Rights Act framework by the Illinois Department of Human Rights (IDHR); remedies follow IHRA procedures (injunctive relief, damages, attorney's fees) rather than a specific monetary penalty schedule in the amendment itself.
PA-101-0260

Illinois Artificial Intelligence Video Interview Act (820 ILCS 42)

enacted

Enacted 2019 (PA 101-260), effective 2020-01-01. Amended by PA 102-47 (effective 2022-01-01) to add DCEO demographic reporting. Regulates Illinois employers who use AI to analyze applicant video interviews. Requires notice, explanation of AI, and written consent before analysis; limits video sharing; mandates 30-day deletion on applicant request; requires annual demographic reporting to DCEO.

Key Requirements

Notice, Explanation, and Written Consent Before any AI analysis of a video interview, notify the applicant that AI may be used, explain how the AI works and what characteristics it evaluates, and obtain written consent (Section 5)
Video Sharing Restrictions May share applicant videos only with individuals whose expertise or technology is necessary to evaluate the applicant's fitness (Section 10)
30-Day Deletion on Request Upon applicant request, employer must delete the video within 30 days and instruct all other recipients with copies or backups to delete them (Section 15)
Annual DCEO Demographic Reporting Collect racial/ethnicity data for applicants denied in-person interviews via AI analysis and for hired applicants; report annually to the Illinois Department of Commerce and Economic Opportunity by December 31 (Section 20, added by PA 102-47)
Effective: 2020-01-01 Penalties: The Act itself does not specify monetary penalties. Enforcement is primarily through reporting obligations (Section 20) and general Illinois employment / consumer protection frameworks; violators may face related claims under the Illinois Human Rights Act or common-law causes of action.

Full State Analysis

Colorado AI Regulations Connecticut AI Regulations California AI Regulations Illinois AI Regulations

Where this lands operationally

Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.

Governed AI DeploymentRun AI inside real work with audit trails, human review points, and the operating controls underwriters and regulators expect.Managed Intake & QualificationCapture, qualify, and route incoming work with disclosure, consent, and human review built into the intake step.

Map This Workflow With Gridex

Use this research to identify the workflow, review points, and operating controls that would matter in your organization.

Map This Workflow With Gridex

Related Questions

  • What are the Colorado AI Act consumer notice requirements? Under Colorado's AI Act as reenacted by SB 26-189 (obligations begin 2027-01-01), ADMT deployers have two distinct notice duties: (1) interaction notice — clear notice at the point of interaction when a consumer interacts with an ADMT; and (2) adverse-outcome disclosure — a plain-language explanation delivered within 30 days when an ADMT makes or substantially influences an adverse consequential decision. The prior SB 24-205 'proximate cause' and pre-decision notice framing no longer applies.
  • Who must comply with the California AI Transparency Act? California SB-942 applies to developers of generative AI systems that are made available to consumers in California and that generate text, images, audio, or video. Covered developers must implement provenance standards (such as C2PA) to embed machine-readable watermarks in AI-generated content, provide publicly accessible tools for detecting AI-generated content from their systems, and disclose when users interact with AI. The law applies to developers with 1 million or more monthly users.
  • Which states require disclosure when AI screens resumes? Illinois and Colorado are the clearest state-level disclosure regimes for AI-assisted employment screening. Illinois requires notice for AI use in employment decisions under HB-3773, and written consent plus an explanation before AI analyzes video interviews under the Illinois Artificial Intelligence Video Interview Act. Colorado's reenacted AI Act (SB 26-189) requires interaction notice, adverse-outcome disclosure, data correction, and meaningful human review when ADMT makes or substantially influences consequential employment decisions, with obligations beginning January 1, 2027. Texas does not currently impose a private-sector candidate disclosure rule for resume screening; HB-2060 was a state-agency inventory law, while TRAIGA (HB-149) can still matter for discriminatory or biometric AI uses.
  • Which states have AI hiring laws? Illinois and Colorado have the most direct state-level AI hiring rules. Illinois HB-3773 and the AI Video Interview Act cover notice, consent, non-discrimination, video-interview limits, and reporting. Colorado's AI Act (SB 26-189, with obligations beginning January 1, 2027) covers ADMT used for consequential employment decisions through interaction notice, adverse-outcome disclosure, data correction, and meaningful human review. Minnesota HF-4757 can reach employment profiling through privacy and data-protection-assessment obligations. Texas should be tracked for TRAIGA (HB-149) prohibited practices, especially intentional discrimination and biometric identification, but HB-2060 is not a private-employer AI hiring disclosure law.
Disclaimer: This content is provided for informational purposes only and does not constitute legal advice. AI regulations and insurance policy terms change frequently. Consult with a qualified attorney or insurance professional for advice specific to your situation. Gridex makes no warranties regarding the accuracy or completeness of this information.