The evolution of artificial intelligence (AI) technologies has ushered in a wave of innovation—along with an evolving legal landscape following concerns about privacy, fairness, and accountability. As AI continues to transform sectors ranging from healthcare and finance to education and law enforcement, lawmakers and regulators at both the state and federal levels are racing to keep pace. For Virginia businesses and organizations that develop, use, or integrate AI, understanding the evolving legal landscape is crucial.
A Patchwork of Emerging AI Laws and Policies
The regulation of AI in the United States is still in its infancy. There is currently no comprehensive federal law specifically governing AI. However, a number of developments signal increasing federal engagement:
- Executive Branch Initiatives: In October 2023, President Biden issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The order directs federal agencies to establish standards around AI safety, fairness, privacy, and transparency.
- Congressional Action: While Congress has yet to pass sweeping AI legislation, several bipartisan bills have been introduced, including the Algorithmic Accountability Act and the American Data Privacy and Protection Act. These aim to improve oversight of automated decision-making and the use of personal data.
- FTC Oversight: The Federal Trade Commission (FTC) has signaled its willingness to regulate deceptive or unfair use of AI under existing consumer protection laws. On June 16, 2022, the FTC issued a report to Congress, warning about the dangers of using AI to “combat online problems and urging policymakers to exercise ‘great caution’ about relying on it as a policy solution.”
State-Level AI and Data Privacy Laws
Much like data privacy law, AI regulation is also emerging at the state level. California, Colorado, Connecticut, and Virginia have enacted comprehensive data privacy laws that touch on algorithmic processing and automated decision-making. In 2024, Colorado passed one of the first laws in the U.S. to directly regulate AI use in high-risk areas such as employment and lending.
Virginia’s own Consumer Data Protection Act (CDPA), which took effect in 2023, includes provisions requiring organizations to conduct data protection assessments for processing activities involving personal data, including those relying on automated decision-making. More states are expected to follow suit in 2025 and beyond.
For an up-to-date map of U.S. state privacy and AI laws, the International Association of Privacy Professionals (IAPP) maintains an excellent state legislation tracker.
Legal Uncertainty and the Need for Proactive Compliance
Much like the early days of data privacy law, the legal landscape of Artificial Intelligence is marked by uncertainty and fragmentation. Different states have varying definitions and requirements, and new regulatory proposals are introduced frequently. Internationally, laws such as the European Union’s AI Act—which categorizes AI systems based on risk—may influence U.S. standards.
Companies operating in this space face a range of legal and operational risks, including:
- Inadvertent bias or discrimination in algorithms
- Insufficient transparency or explainability of automated decisions
- Consumer privacy violations
- Inadequate governance or testing protocols
How Our Firm Can Help
At Moore, Christoff & Siddiqui, PLLC, we understand the complex and shifting legal landscape that AI presents. Our team advises clients on AI-related compliance, policy development, risk mitigation, and contract review. Whether you’re a startup integrating machine learning tools or a large enterprise adopting automated decision-making technologies, we can help you navigate current requirements—and prepare for what’s ahead.
If you’re unsure whether your organization is ready for AI compliance, or simply want to future-proof your data practices, contact our office today.
