Not legal advice This tool surfaces obligations triggered by your inputs against statutes published as of the date below. It is not legal advice. Engage qualified counsel before acting on any output. Β© Buzzi.ai. Statute text is summarized; original sources govern. β€” engage qualified counsel before acting on outputs.

Methodology

How the US State AI Compliance Matrix works

Last reviewed 2026-03-15 by pending_counsel_review Β· YAML rule corpus version a1868efcf6c7f5fa

Counsel-reviewed rule corpus

Every law in the matrix is reviewed by a US-licensed attorney before publication. Status, effective date, statute citation, and obligation mapping are checked against the published statute or regulation, not commentary.

Reviewer signed off in last_reviewed and reviewer fields per law. Contact research@buzzi.ai for the original review notes.

Deterministic rule engine

The engine evaluates trigger expressions against your inputs in a deterministic order. Each rule is a YAML law with triggers, obligations, and penalty_range. There is no probabilistic ranking β€” if your inputs satisfy triggers.all_of, the law applies.

Obligations are split by role (if_deployer, if_developer, if_either). Penalty exposure is aggregated as a sum of penalty_range.max_usd for triggered laws, scaled by per_violation when relevant.

Rule schema

Every law in the corpus follows this YAML schema:

law:
  id: co-caia
  name: Colorado AI Act
  statute: SB 24-205
  effective: 2026-06-30
  source_url: https://leg.colorado.gov/...
  jurisdiction: Colorado residents
  enforcement: Colorado Attorney General
  status: active
  last_reviewed: 2026-03-15
  reviewer: <firm>
triggers:
  all_of:
    - state_includes: [co]
    - any_use_case: [ai_hiring, ai_lending]
obligations:
  if_deployer: [...]
  if_developer: [...]
penalty_range:
  min_usd: 2000
  max_usd: 20000
  per_violation: true
  enforcement: Colorado AG

Triggers and obligations are pure data β€” no JavaScript runs server-side beyond the deterministic evaluator. The corpus is published as JSON and YAML for external auditors.

Review cadence

  • Initial publication: attorney review before the law enters the matrix.
  • Quarterly: every law re-reviewed each quarter; the last_reviewed timestamp is updated.
  • Emergency review: when a court order, regulator guidance, or amendment changes the law's effect, the matrix is updated within 10 business days.
  • Automated checks: CI runs schema_validation, statute_url_health, and last_reviewed staleness checks daily; broken links and stale entries page on-call.

What triggers an update

  • A new state AI law is signed or a new sector regulation is finalised.
  • A court order enjoins, narrows, or expands enforcement of a tracked statute.
  • An attorney general or regulator publishes formal guidance that changes obligation scope.
  • A statute is amended β€” the matrix records the amendment and re-reviews obligations.

Public dataset

The full rule corpus is published as JSON at laws.json for external auditors, AI engines, and researchers. The dataset is CORS-open and edge-cached.

Framework alignment

  • NIST AI RMF: obligations map to AI RMF functions β€” Govern, Map, Measure, Manage β€” to support unified compliance programs.
  • EU AI Act: high-risk classifications cross-reference applicable US obligations, so multi-jurisdiction teams can plan once.
  • ISO 42001: AI management system controls are tagged against US obligations to support certification audits.
  • Algorithmic Impact Assessment (AIA): assessment frameworks from regulators and industry are referenced where they short-circuit obligations.

Integrity policy

Scores are editorial; vendors do not pay for placement, prioritisation, or omission. Correction requests are reviewed within 10 business days; track open requests at github.com/buzzi-ai/us-ai-compliance-matrix.

Not legal advice

The matrix surfaces obligations triggered by your inputs against statutes published as of the date below. It is not legal advice. Engage qualified counsel before acting on any output. Statute text is summarized; the original sources govern.