What is AI regulation in the Americas?
AI regulation: countries and regions
Across the Americas there is no single AI law. As at June 2026, the United States has no comprehensive federal AI statute; Washington favours deregulation while individual states such as Colorado, California, Texas, Illinois and New York legislate. Canada has no AI law after its proposed Act died in 2025. In Latin America, Brazil's bill is still proposed, and existing data protection regimes remain the working baseline almost everywhere.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
AI regulation in the Americas is a patchwork, not a single rulebook. The clearest pattern is that dedicated, comprehensive AI laws are rare and mostly either narrow, proposed or contested. What actually governs AI day to day in most of the region is older law: data protection statutes, consumer protection rules, civil rights law and sector regulation.
The United States shows the sharpest split. The federal government under the Trump administration has chosen a deregulatory, pro-innovation stance and is actively trying to limit state AI rules. Yet states have pressed ahead, producing the most active AI lawmaking in the hemisphere. Canada sits at the other extreme: its attempt at a federal AI law collapsed, leaving privacy law to do the work. Latin America largely relies on data protection authorities while AI bills move slowly through legislatures.
This page is an orientation hub. It summarises the regional picture and points you to the individual country and US-state articles where the detail lives. Because this area moves quickly, treat every status below as current to June 2026 and expect change.
Why it matters
If you build, buy or deploy AI anywhere in the Americas, your obligations depend heavily on geography and on the calendar. A tool that is lightly regulated at the US federal level may still trigger duties in Colorado, California, Illinois, Texas or New York, or under Quebec's Law 25, or under Brazil's data protection law. The federal-versus-state fight in the United States creates genuine uncertainty: rules can be enacted, delayed, stayed by a court, or replaced within months. Treating "the Americas" as one regime is a mistake. The practical baseline for most organisations is data protection compliance, layered with targeted AI rules where they exist.
How it works
The United States: federal restraint, state activity
The United States has no comprehensive federal AI statute. Federal policy is set mainly through executive action. President Biden's Executive Order 14110 (October 2023) was rescinded on 20 January 2025, and replaced by President Trump's Executive Order 14179, "Removing Barriers to American Leadership in Artificial Intelligence", signed 23 January 2025. That order directed an AI Action Plan, released on 23 July 2025 as "Winning the Race: America's AI Action Plan", which frames AI as a matter of national competitiveness and calls for removing regulatory barriers.
The federal posture is deregulatory. The NIST AI Risk Management Framework (AI RMF 1.0), released in January 2023, remains voluntary; the AI Action Plan directed that it be revised to remove references to diversity, equity and inclusion, and it is currently under revision. Enforcement of AI harms at federal level largely runs through existing law, such as the Federal Trade Commission Act's prohibition on unfair or deceptive practices and anti-discrimination statutes, rather than a bespoke AI regime.
Two further developments define the federal picture. First, a proposed moratorium that would have barred states from enforcing AI laws was stripped from the budget reconciliation bill (the One Big Beautiful Bill Act) by a 99-1 Senate vote, per the US Senate Commerce Committee, before the bill was signed on 4 July 2025; states therefore retain authority to regulate. Second, on 11 December 2025 President Trump signed a further executive order, "Ensuring a National Policy Framework for Artificial Intelligence", which directs the Attorney General to set up an AI Litigation Task Force to challenge state AI laws, instructs Commerce to evaluate state laws and condition certain broadband funding, and tasks the FCC and FTC with related proceedings. A legislative blueprint followed on 20 March 2026. These measures are contested and expected to face legal challenge.
The active US states
States, not Washington, are where binding AI rules are emerging. Lawmakers in all 50 states introduced 1,208 AI-related bills in 2025, of which 145 were enacted, per MultiState's State AI Legislation Tracker; it was the first year every state introduced at least one AI bill. The leading examples illustrate different models, and several have already shifted:
Colorado passed the first comprehensive US state AI law (SB 24-205, signed May 2024), targeting algorithmic discrimination in high-risk systems. Its history shows how fast this moves: the effective date was pushed from February 2026 to 30 June 2026; on 27 April 2026 a federal magistrate judge stayed enforcement after the US Department of Justice intervened in a constitutional challenge brought by xAI, the first federal move against a state AI law; and Governor Jared Polis signed a replacement, SB 26-189, on 14 May 2026 (the Senate passed it 8-1 on 7 May and the House on 9 May), repealing the original law in favour of a narrower notice-and-transparency framework now set to take effect 1 January 2027 subject to rulemaking.
California vetoed its high-profile safety bill SB 1047 in 2024 but enacted a suite of narrower AI laws. Training-data transparency (AB 2013) took effect 1 January 2026; the AI Transparency Act (SB 942) was amended by AB 853 and its operative date moved to 2 August 2026; and the Transparency in Frontier Artificial Intelligence Act (SB 53) was signed in September 2025.
Utah's AI Policy Act (SB 149, effective May 2024) was the first US state AI disclosure law, focused on telling consumers when they interact with generative AI; it was amended in 2025. Texas enacted the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), effective 1 January 2026, built on intent-based prohibitions and exclusive enforcement by the state attorney general. Illinois amended its Human Rights Act (HB 3773), effective 1 January 2026, to bar discriminatory AI in employment, alongside its long-standing biometric privacy law (BIPA). New York's RAISE Act, aimed at frontier models, was signed in December 2025 and finalised by chapter amendment in 2026, with an effective date of 1 January 2027; New York City's Local Law 144 already requires bias audits of automated hiring tools.
Canada: no AI law, privacy fills the gap
Canada has no comprehensive AI statute. The Artificial Intelligence and Data Act (AIDA), part of Bill C-27, died when Parliament was prorogued in January 2025 and has not been reintroduced. The working baseline is the federal Personal Information Protection and Electronic Documents Act (PIPEDA), dating from 2000, supplemented by Quebec's Law 25, which gives the most demanding rules on automated decision-making in the country, plus a voluntary code on generative AI and the Treasury Board directive for federal government systems. On 4 June 2026 the Carney government launched a national AI strategy, "AI for All", which promises future legislation but leans heavily on voluntary measures.
Latin America: data protection as the baseline
Across Latin America the consistent picture is that GDPR-influenced data protection laws are the operative regime, while dedicated AI laws are mostly proposed or absent. Brazil is the regional bellwether: its AI bill (PL 2338/2023) passed the Senate in December 2024 but remains under review in the Chamber of Deputies and is not yet law; as at early June 2026, no committee report had been delivered and no vote had been taken, and a plenary vote targeted for 27 May 2026 was postponed. Brazil's existing baseline is the General Data Protection Law (LGPD) and its authority, the ANPD, which the bill would make the coordinating AI regulator.
Peru is the exception that has crossed the line: its Law No. 31814 of 2023 gained implementing regulations via Supreme Decree No. 115-2025-PCM, approved on 9 September 2025 and effective 22 January 2026, establishing a risk-based framework with prohibited and high-risk categories. It is the only country in the region with enacted AI-specific law of this kind. Mexico, Chile, Colombia and Argentina mostly rely on data protection law and national AI strategies or policies, with comprehensive AI bills pending or stalled. Several countries recognise rights against purely automated decision-making within their privacy laws, which is why data protection is the practical starting point for AI compliance in the region.
Examples
An employer using AI to screen job candidates faces sharply different duties by location. In New York City, Local Law 144 requires an independent bias audit and candidate notice. In Illinois, the amended Human Rights Act bars discriminatory AI in employment decisions from 1 January 2026. At the US federal level there is no equivalent statute, so existing anti-discrimination law applies.
A generative AI developer offering services to Californians must publish training-data documentation under AB 2013, which took effect 1 January 2026. There is no matching federal mandate, illustrating how a single product can be lightly regulated nationally yet face concrete state duties.
A company deploying AI in Canada and Brazil finds neither has a comprehensive AI law in force. In Canada it must work to PIPEDA and, in Quebec, Law 25's automated-decision rules; in Brazil it must comply with the LGPD while Brazil's AI bill remains pending.
Common misunderstandings
"The US has a federal AI law." It does not. Federal policy is set by executive action and existing statutes; binding AI-specific rules come mainly from states.
"State AI laws were banned by a federal moratorium." A moratorium was proposed but removed from the budget bill before it was signed in July 2025. States retain authority, though the federal government is now trying to challenge some state laws.
"Colorado's AI Act is in force." The original 2024 law was delayed, stayed by a court, then repealed and replaced in May 2026 by a narrower law not due to take effect until 2027.
"Canada has an AI Act." Canada's AIDA died in Parliament in January 2025 and is not law; privacy law is the baseline.
"Brazil has passed its AI law." Brazil's bill passed the Senate but is still proposed; it has not been enacted.
Risks and boundaries
This hub is a regional orientation, not legal advice, and it does not restate each country or state in full. The fastest-moving risk is treating any status here as fixed: US state laws in particular are enacted, delayed, stayed and replaced within months, and the federal effort to pre-empt state rules is contested and likely to be litigated. Proposed laws, including Brazil's bill and any revived Canadian AI legislation, may change substantially before enactment or may not pass at all. Where a jurisdiction has no dedicated AI framework, that is stated plainly rather than dressed up; in those places, data protection, consumer protection and anti-discrimination law are what actually bind. Always check the linked country or state article and the primary source for current status.
What to do next
Start by mapping where your AI is built, deployed and used, because obligations in the Americas are geographic. Treat data protection as your baseline everywhere: PIPEDA and Law 25 in Canada, the LGPD in Brazil, and the comparable regimes elsewhere in Latin America. In the United States, inventory exposure state by state, prioritising Colorado, California, Texas, Illinois and New York, and watch effective dates closely. Adopt a recognised risk framework such as the NIST AI Risk Management Framework, which several state laws reference as a defence. Monitor the federal pre-emption effort and any litigation over it, since the outcome will shape how durable state rules are. Revisit your position at least quarterly, and re-check before any launch in a new jurisdiction.
Explore individual entries: AI regulation in Antigua and Barbuda, AI regulation in Argentina, AI regulation in the Bahamas, AI regulation in Barbados, AI regulation in Belize, AI regulation in Bolivia, AI regulation in Brazil, AI regulation in California, AI regulation in Canada, AI regulation in Chile, AI regulation in Colombia, AI regulation in Colorado, AI regulation in Costa Rica, AI regulation in Cuba, AI regulation in Dominica, AI regulation in the Dominican Republic, AI regulation in Ecuador, AI regulation in El Salvador, AI regulation in Grenada, AI regulation in Guatemala, AI regulation in Guyana, AI regulation in Haiti, AI regulation in Honduras, AI regulation in Illinois, AI regulation in Jamaica, AI regulation in Mexico, AI regulation in New York, AI regulation in Nicaragua, AI regulation in Panama, AI regulation in Paraguay, AI regulation in Peru, AI regulation in Saint Kitts and Nevis, AI regulation in Saint Lucia, AI regulation in Saint Vincent and the Grenadines, AI regulation in Suriname, AI regulation in Texas, AI regulation in Trinidad and Tobago, AI regulation in the United States, AI regulation in Uruguay, AI regulation in Utah, AI regulation in Venezuela, AI regulation in Washington.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Is there one AI law for the Americas?
No. There is no regional framework. Each country, and in the United States each state, sets its own approach, and many have no dedicated AI law at all.
Does the United States have a federal AI law?
No comprehensive statute. Federal policy runs through executive orders and existing law, and the current administration favours deregulation and wants uniform national standards that would limit state rules.
Can US states still regulate AI?
Yes. A proposed federal moratorium was removed before the budget bill was signed in July 2025. States retain authority, although a December 2025 executive order directs the federal government to challenge some state laws.
Which US states are most active?
Colorado, California, Texas, Illinois and New York are the leaders, alongside Utah and New York City. Their laws differ in scope, from frontier-model safety to employment discrimination and consumer disclosure.
Is Canada's AIDA in force?
No. AIDA died when Parliament was prorogued in January 2025 and has not been reintroduced. PIPEDA and Quebec's Law 25 are the baseline.
Has Brazil passed its AI law?
Not yet. The bill (PL 2338/2023) passed the Senate in December 2024 but remains under review in the Chamber of Deputies, where a vote targeted for late May 2026 was postponed. The LGPD is the operative regime in the meantime.
What governs AI where there is no dedicated AI law?
Mainly data protection law, plus consumer protection, anti-discrimination and sector regulation. In Latin America, data protection authorities are the practical reference point.
How often does this change?
Frequently. US state law in particular moves within months. Always confirm the current status in the linked country or state article and the primary source.