Home » Blog » Two Paths for AI Regulation in the U.S.: State-Led Laws or Federal Standards?
Laws / Policy / Regulatory / Tech / Technology

Two Paths for AI Regulation in the U.S.: State-Led Laws or Federal Standards?

- by Michael Phillips - Leave a Comment

Will the U.S. follow Colorado’s lead—or adopt national frameworks like NIST?

An illustration depicting two paths for AI regulation in the U.S., featuring a scale representing state-led laws on the left and the U.S. federal emblem on the right. The text overlay reads: 'Two Paths for AI Regulation in the U.S.: State-Led Laws or Federal Standards?'

By Michael Phillips

The United States stands at a pivotal moment in the regulation of artificial intelligence (AI). As algorithms increasingly influence everything from hiring to housing, two primary paths have emerged: one led by state legislatures, like Colorado’s recent law, and another grounded in federal voluntary standards, such as the NIST AI Risk Management Framework (RMF).

But looming over this domestic debate is a powerful international benchmark: the EU AI Act—the world’s first comprehensive, binding AI regulation. And its global influence may be the force that nudges the U.S. off the fence.

Path One: State-Led Regulation (Colorado AI Act)

In 2024, Colorado passed the first sweeping AI law in the U.S. The Colorado AI Act (CAIA) applies to developers and users of “high-risk” AI systems—those that affect rights, access, or opportunity in key life areas (employment, housing, education, etc.).

Key features:

  • Duties of care to avoid algorithmic discrimination
  • Risk management programs and documentation
  • Transparency and disclosures to consumers
  • Explanation and appeal rights
  • Safe harbor if companies comply with frameworks like NIST RMF

Set to take effect in 2026, CAIA may be delayed a year as regulators refine implementation. But its influence is already rippling through policy circles and boardrooms.

Path Two: Federal Standards (NIST & Voluntary Frameworks)

Rather than pass sweeping legislation, the federal government has supported non-binding, consensus-based frameworks:

  • NIST AI Risk Management Framework (RMF): A voluntary, best-practice model for managing AI risk, developed with input from industry, academia, and civil society.
  • Biden’s 2023 Executive Order on AI (since repealed) supported a “trustworthy AI” agenda, encouraging responsible innovation.
  • Self-regulation agreements: Major companies (OpenAI, Meta, Google, IBM) signed voluntary safety commitments.

While not enforceable, these federal frameworks signal best practices—and under Colorado’s law, can even grant legal cover to companies who follow them.

Comparative Analysis: The EU AI Act

The EU AI Act, formally adopted in 2024, is the most aggressive and structured AI regulation in the world. It classifies AI systems by risk and imposes strict obligations on high-risk uses.

EU AI Act Highlights:

Table comparing the EU AI Act, Colorado AI Act, and U.S. Federal NIST framework features, including scope, risk-based tiers, enforceability, transparency, regulator, and global reach.

Why It Matters:

  • Global companies may default to the EU’s stricter standards—what some call the Brussels Effect—to streamline compliance.
  • U.S. companies building for global markets may voluntarily exceed domestic requirements to meet EU standards.
  • Colorado’s law mirrors the EU’s risk-tier approach—suggesting harmonization may be possible between progressive U.S. states and Europe.
  • Meanwhile, NIST’s RMF aligns conceptually with EU guidance, but lacks teeth. It’s like wearing a seatbelt because you should—not because it’s the law.

What’s Next for the U.S.?

  • More states may follow Colorado, especially if federal action stalls.
  • Congressional debate is heating up, with proposals ranging from deepfake laws to the CREATE AI Act.
  • The pressure to avoid a regulatory patchwork may push Washington toward a harmonized federal law.

But absent binding federal regulation, companies operating across borders may face the worst-case scenario: one foot in Colorado, the other in Brussels—and no clear federal line to follow.

Conclusion

So, which path will win—Colorado’s or NIST’s?

The reality is that neither is enough on its own. A comprehensive U.S. strategy may ultimately blend:

  • State-level innovation (Colorado-style laws),
  • Federal coordination and guidance (via NIST), and
  • Global alignment (with the EU AI Act and similar efforts abroad).

But one thing is certain: AI regulation is no longer hypothetical. It’s here. And the U.S. must decide whether to lead, follow—or get stuck in between.

Author’s Note:
Follow me for more analysis on tech policy, AI ethics, and the global regulatory race.
For updates and related coverage, visit ThunderReport.org.

Discover more from RIPTIDE

Subscribe to get the latest posts sent to your email.

Related Posts

Chaos, Seconds, and a Fatal Shot

What Is the “Gang of Eight”?

Five Years Later: Review Board Deadlock In Virginia Beach Reignites Debate Over Donovon Lynch Shooting

Michael Phillips's avatar

About Michael Phillips

Michael Phillips is a journalist, editor, creator, IT consultant, and father. He writes about politics, family-court reform, and civil rights.

View all posts by Michael Phillips →

Leave a Reply