US State AI Laws in 2026: Colorado, Texas, California, Illinois

In the absence of a comprehensive federal AI statute, US states are setting the rules — and 2026 is the year several of those rules were supposed to bite. The reality is messier than the headlines: the most ambitious law has been stalled by litigation and a legislative do-over, while narrower transparency and anti-discrimination measures quietly took effect on schedule. This roundup states what is verified as of May 2026, separating what is in force from what is delayed, paused, or being rewritten.

A note on method, because this area moves fast: every status and date below traces to a primary source (the bill page or the regulator) or to dated practitioner analysis, and where a law’s fate is genuinely unsettled, this piece says so rather than guessing.

Colorado SB 24-205: The Stalled Flagship

Colorado’s SB 24-205, the Consumer Protections for Artificial Intelligence act, was the first comprehensive US state AI law. Signed in May 2024 and modeled in part on the EU AI Act, it imposed duties on developers and deployers of “high-risk” AI systems used in consequential decisions to use reasonable care against algorithmic discrimination, with risk-management programs, impact assessments, and disclosure obligations.

Its path to enforcement has been anything but smooth:

• The original effective date was February 1, 2026.
• In August 2025, Governor Polis signed a bill postponing implementation to June 30, 2026.
• A federal magistrate judge stayed enforcement in late April 2026.
• Both chambers of the Colorado legislature then passed a replacement bill that drops the original’s risk-management programs, annual impact assessments, and broad algorithmic-discrimination duties in favor of a narrower notice-and-transparency framework — with a proposed effective date of January 1, 2027 if signed.

The practical takeaway: the original SB 24-205 framework, as written, is effectively not being enforced, and the obligations organizations actually face will be defined by the replacement. Anyone who built a compliance program against the 2024 text should treat it as provisional and watch for the final replacement language. This is the clearest example in US AI law of why effective dates on the books are not the same as enforced obligations.

Texas TRAIGA (HB 149): In Effect January 1, 2026

The Texas Responsible Artificial Intelligence Governance Act (TRAIGA), signed by Governor Abbott in June 2025, took effect January 1, 2026. Unlike Colorado’s risk-management model, the enacted version of TRAIGA is built around prohibited uses plus disclosure duties:

• It prohibits developing or deploying AI for specified harmful purposes — including unlawful behavioral manipulation, unlawful discrimination, and the creation of certain illegal content.
• Government agencies must disclose to consumers when they are interacting with an AI system, and healthcare providers must disclose when AI is used in a patient’s care.
• It establishes a regulatory sandbox (allowing approved participants to test AI systems with temporary regulatory relief for up to 36 months) and an AI Advisory Council.

Enforcement sits with the Texas Attorney General; TRAIGA creates no private right of action, and civil penalties run from roughly $10,000 to $200,000 per violation. Its reach is broad: it applies to those who promote or conduct business in Texas, produce products or services used by Texas residents, or develop or deploy AI in the state.

California AB 2013: Training-Data Transparency, Effective January 1, 2026

California’s AB 2013, the Generative AI Training Data Transparency Act, took effect January 1, 2026. It requires developers of generative AI systems made available to Californians (for systems released on or after January 1, 2022) to publish a high-level summary of the datasets used to train the system on their website.

That summary must cover, among other things: the sources or owners of the data; whether datasets include copyrighted, trademarked, or patented material; whether data was purchased or licensed; whether it includes personal information as defined under the CCPA; and whether synthetic data was used. Developers must post the disclosure before the system is made publicly available and update it on substantial modification.

The law is notably wide-reaching because it captures systems released since 2022, not just new ones. It is enforceable through California’s Unfair Competition Law. It is also being challenged in court — xAI has argued the compelled disclosure of training-data details amounts to an unconstitutional taking of trade secrets — so the contours of enforcement may shift.

Illinois HB 3773: AI in Employment, Effective January 1, 2026

Illinois’s HB 3773 amended the Illinois Human Rights Act and took effect January 1, 2026. It does two things for employers:

1. Prohibits the use of AI that has a discriminatory effect on employees on the basis of a protected class across recruitment, hiring, promotion, discipline, discharge, and related decisions — and bars using zip codes as a proxy for protected classes.
2. Requires notice to employees and applicants when AI is used in those covered decisions.

The Illinois Department of Human Rights is tasked with issuing implementing rules (notice and recordkeeping specifics), and as of this writing the draft rules have circulated among stakeholders but await formal adoption. Employers in Illinois using AI in hiring or HR decisions are already in scope for the substantive prohibition even before the rules are finalized.

The 2026 Map at a Glance

Law	Scope	Status (May 2026)	Effective
Colorado SB 24-205	High-risk AI, anti-discrimination	Stayed; being replaced	Original deferred to 6/30/26; replacement proposed 1/1/27
Texas TRAIGA (HB 149)	Prohibited uses + disclosures	In effect	1/1/2026
California AB 2013	GenAI training-data disclosure	In effect (litigated)	1/1/2026
Illinois HB 3773	AI in employment	In effect (rules pending)	1/1/2026

The Pattern Across States

Two models are emerging. Colorado attempted the comprehensive risk-management approach (the EU AI Act template) — and it is the one that stalled under industry pushback, litigation, and a legislative rewrite. The laws that took effect cleanly are narrower and more objective: a disclosure obligation (AB 2013), a prohibited-use list plus notice (TRAIGA), a discrimination prohibition tied to existing civil-rights machinery (HB 3773). Objective, bounded duties are proving more durable than open-ended “reasonable care” mandates.

For multistate organizations, the compliance reality in 2026 is a patchwork: a training-data disclosure to satisfy California, AI-interaction and healthcare disclosures for Texas, employment-AI notice and anti-discrimination diligence for Illinois, and a watching brief on Colorado’s replacement. Underlying all of it is the federal vacuum that makes this state-by-state divergence the operative regime for the foreseeable future.

Cross-references

For the comprehensive risk-management model that Colorado tried to import, see the EU side in the Article 50 transparency obligations and the EU AI Office enforcement priorities for 2026. For the California privacy-law overlay that now sits alongside AB 2013, see the companion piece on CCPA/CPRA and automated decisionmaking.

For broader AI-policy coverage, AI policy watch ↗ tracks state and federal developments in depth.