1,561 AI Bills, 50 States: The US AI Law Tracker Nobody Asked For (But Every Consultant Needs)

Last Tuesday a consultant in our beta told me she missed the Illinois AIVIA amendment.

Not because she wasn’t paying attention. She reads IAPP newsletters. She follows three compliance LinkedIn accounts. She checks NCSL’s tracker monthly. She is paying attention – more than most.

She missed it because Illinois introduced 47 AI-related bills this session. The amendment she needed was buried in bill number 31. Her client deploys an AI hiring tool in Chicago. The amendment tightened the definition of “automated decision system” to include resume screening tools that rank candidates – which is exactly what her client’s system does.

One bill. One client. One missed obligation. That’s the game now.

The Scale Problem

In 2024, US states introduced roughly 700 AI-related bills across 45 states. That number was already unmanageable for a solo compliance consultant.

Then 2025 happened. All 50 states introduced AI legislation – the first year that’s ever occurred. MultiState’s tracker counted 1,208 bills. 145 became law. The Future of Privacy Forum, using a narrower methodology that counts only bills directly affecting private-sector AI deployment, counted 210 across 42 states. Either way you count, the trajectory is vertical.

2026 is worse. As of March, 1,561 AI bills have been introduced across all 50 states – and most legislative sessions haven’t closed yet. MultiState is tracking them. NCSL is cataloguing them. IAPP has a governance-specific subset. BSA published a warning last year when the count hit 700. Nobody predicted it would more than double.

Here’s the problem these trackers don’t solve: which of those 1,561 bills matter to your client?

What Existing Trackers Get Wrong

The available trackers are databases. Good ones. MultiState is thorough. NCSL is authoritative. IAPP’s governance lens is useful for filtering.

But they’re built for policy researchers and lobbyists. Not for compliance consultants managing eight clients across four industries in twelve states.

A compliance consultant doesn’t need a database of 1,561 bills. She needs answers to three questions:

1. Which bills affect Client A’s AI hiring tool in Illinois and Colorado?
2. Which bills affect Client B’s insurance underwriting model in Texas and California?
3. What changed since last week?

No existing tracker answers those questions. They give you the haystack. You still find your own needles.

What We Built

We built a bill discovery engine that scans all 50 US states for AI legislation weekly, using the same legislative data sources that feed most state tracking tools.

That’s table stakes. The part that matters is what happens after discovery.

Stage 1: Discovery and Scoring

Every discovered bill gets scored for AI compliance relevance. Not keyword density – AI reads the bill text and evaluates whether it creates enforceable obligations for organizations building, deploying, or procuring AI systems.

A bill proposing an AI literacy curriculum for public schools? Relevant to education policy. Not relevant to your client’s compliance program. Filtered out.

A bill requiring algorithmic impact assessments for consumer-facing automated decisions? That’s an obligation. Flagged for review.

High-relevance bills get promoted for consultant attention. Low-relevance bills get filtered as noise. The band in between gets manual review – because legislation is nuanced and AI scoring isn’t infallible.

Stage 2: Scope Tagging

Scored bills get scope tags extracted automatically: which industries does this bill affect? What AI system types? What risk levels? What data categories? What purposes – hiring, credit scoring, law enforcement, healthcare diagnosis, housing, biometrics?

These tags aren’t decorative metadata. They’re the matching surface.

Stage 3: Client Matching via Horizon

This is where the tracker stops being a database and starts being a tool.

The Horizon tab builds a profile of each client from their system inventory – industry, AI system types, purposes, risk classifications, data categories, and the US states where they operate. Then it queries discovered bills against that profile.

The matching engine evaluates multiple dimensions – industry alignment, system type overlap, risk level relevance, data category overlap, and purpose alignment. Each dimension contributes to a composite match score.

A bill about AI in insurance underwriting gets a high match score for your insurance client. Near zero for your manufacturing client. The same bill, different signal depending on who you’re advising.

Bills that are both highly relevant and strongly matched to your client’s profile surface at the top. Bills with weak relevance or low profile overlap sink to the bottom. Your attention goes where it should.

What the Data Shows

We’ve been running the discovery engine since February. A few patterns have emerged.

The volume is concentrated. California, New York, Illinois, Texas, and Massachusetts account for roughly 40% of all AI bills. But the compliance-relevant bills – the ones that create actual obligations – are more evenly distributed. Colorado’s AI Act is 24 obligations in one piece of legislation. That’s more enforceable specificity than most of California’s 2026 session combined.

Employment AI is the hottest category. Bills regulating AI in hiring, promotion, and termination decisions appear in more states than any other category. Illinois started it with AIVIA. Colorado’s SB 24-205 covers it. New York City’s Local Law 144 proved it was enforceable. Now the pattern is replicating. If your client uses AI anywhere in the employee lifecycle, this is the wave to watch.

The NIST safe harbor pattern is spreading. Colorado created a safe harbor for organizations that follow NIST AI RMF. We wrote about this in our Colorado AI Act analysis – 24 obligations become 161 when you account for the NIST reference. Other states are adopting similar language. NIST AI RMF compliance is becoming a de facto national standard through state-level adoption, not federal mandate. Our NIST obligation mapping identified 137 discrete requirements. That number keeps showing up.

Enactment rates are low but rising. Brookings analyzed 2025 passage rates and found that “responsible governance” bills – the category most likely to create compliance obligations – passed at 38.6%, the highest of any category. That’s up from negligible passage rates three years ago. The bills that create real work for compliance teams are the ones most likely to become law.

The Consultant’s Monday Morning

Here’s what this looks like in practice.

You manage six clients. Three are in healthcare, one in financial services, one in employment tech, one in insurance. They operate across 18 states collectively.

Monday morning. You open the Horizon tab for Client A – the healthcare company deploying a diagnostic AI in California, Texas, and New York. Three new bills appeared last week. One is a California bill expanding the definition of “health data” to include AI-generated diagnostic suggestions. Strong match. That’s a flag.

Client B – the employment tech company. Five new bills. Two specifically reference “automated employment decisions.” One is in a state where Client B just launched. High match. That’s a call.

Client C – the insurance firm. One bill. Low match. You glance at it, confirm it’s about auto insurance rate transparency (not underwriting), and move on.

Fifteen minutes. Six clients. You know what changed, who’s affected, and where to focus. The alternative was reading 1,561 bill titles on four different tracker websites and mentally mapping each one to each client’s risk profile.

What This Isn’t

This is not a legal research tool. We don’t interpret bill text into legal advice. We don’t predict which bills will pass. We don’t tell you what your client is “required to do” based on a proposed bill – because proposed bills don’t require anything yet.

What we do: surface the bills most likely to affect your specific clients, based on their actual AI system inventory, and let you decide what to monitor, what to ignore, and what to escalate.

The scoring is transparent. Every bill shows its relevance score, the reasoning behind it, and the scope tags Claude extracted. If you disagree with a classification, you can see why it was classified that way. Explainability isn’t optional when AI is analyzing regulation – especially regulation about AI.

The Fragmentation Is the Feature

2,000 market surveillance authorities across the EU. 50 US states with independent AI legislative agendas. No comprehensive federal AI law in sight.

This fragmentation frustrates policy advocates. For compliance consultants, it’s the reason your clients need you. Nobody inside an enterprise has the bandwidth to monitor 50 state legislatures, cross-reference bills against their system inventory, and assess regulatory exposure across jurisdictions. That’s consultant work.

But the fragmentation also means the manual approach has hit its ceiling. Twelve states was manageable. Eighteen was painful. All 50 is a full-time job on its own.

The overlap problem we mapped across EU frameworks – where GDPR, EU AI Act, and DORA share 1,570 obligations – has a domestic equivalent. Colorado references NIST. Illinois builds on New York City’s approach. California’s privacy framework shapes how other states define AI data requirements. The web of cross-references is growing faster than any consultant can trace by hand.

Automated discovery doesn’t replace the consultant’s judgment. It replaces the 15 hours per week spent finding the bills that need judgment applied to them.

Browse the Tracker

The bill discovery data is part of every ReguLume account. Discovered bills, relevance scores, scope tags, and state-by-state filtering are available in the admin view. Client-specific matching via the Horizon tab requires a system inventory – because matching without knowing what your client actually deploys is guessing, not monitoring.

If you’re managing clients with AI systems across US jurisdictions, the question isn’t whether to track state legislation. It’s whether you can afford to do it manually when the count hits 2,000.

At the current trajectory, that’s Q3.

Bill data sourced from LegiScan via API under CC BY 4.0 license. Volume statistics cited from MultiState AI Legislation Tracker, NCSL 2025 AI Legislation Summary, Brookings State AI Bill Analysis (March 2026), and Future of Privacy Forum State AI Report.