No. The matrix is a software-driven mapping of your inputs to publicly available statutes. It is for informational use only. Engage qualified counsel before taking any compliance action. Every law cited links to the underlying statute so your counsel can verify and contextualize the obligations against your specific circumstances.

At launch we track 12 enforceable obligations: Colorado AI Act and its SB 25-318 amendment, California SB 53 + AB 1008, Texas TRAIGA, NYC Local Law 144, Illinois HB 3773, Utah AI Policy Act, Tennessee ELVIS Act, Florida AI Transparency Act, Michigan AI Political Advertising Act, plus the contested federal Executive Order 14410 as a watch entry.

Every YAML rule file is reviewed by outside counsel before publication. The methodology page lists the reviewing firm, the reviewer name, the review date, and the scope of review. We commit to a quarterly review cadence and emergency updates within five business days of any material change (bill signing, injunction, AG guidance).

Every obligation cites the exact statute section and links to the official source URL. The PDF brief carries a citation appendix with BibTeX entries. The complete ruleset is mirrored to a public GitHub repository under CC BY 4.0 so any third party can audit, fork, or contribute corrections.

Routine: quarterly counsel review, weekly automated freshness check (we email counsel when any rule passes 90 days since last review). Emergency: within five business days of a bill signing, court injunction, or AG enforcement guidance change. Monitoring alerts notify subscribers when the rules they care about change.

States with no enacted AI-specific statute return zero triggered laws. That does not mean AI is unregulated there — federal laws (HIPAA, FCRA, ECOA, FTC Act) plus state UDAP, privacy and anti-discrimination statutes still apply. Future updates will add state-by-state pending bill tracking.

Yes. The Colorado AI Act exempts businesses with fewer than 50 employees that meet specific conditions (no high-risk deployment, training-data transparency). Exemption thresholds are encoded in each YAML rule and applied automatically when your inputs match.

Most state AI laws split obligations into two roles. Developers create or substantially modify a model; deployers put it into use to make consequential decisions about consumers. The matrix asks if you build high-risk AI; the answer routes you to the appropriate obligation set for each triggered law.

Some obligations are satisfied by existing programs. If you already have NIST AI RMF in place, that satisfies CAIA risk-management programs. If you already do EU AI Act high-risk classification, that overlaps with CAIA documentation. The matrix flags these as quick wins separately from net-new gaps.

Two variants. A landscape one-pager: state × law tableau, penalty band, top P1 obligations, with footnoted citations. A portrait 10-14 page detailed report: executive summary, full obligation list, priority roadmap, quick-wins/gaps, budget implications, recommended next steps, and a citation + BibTeX appendix. Both carry the mandatory disclaimer on every page.

Inputs are stored as a hashed record so we can serve your results URL and reconstruct the run for audit. Email is captured only when you request the PDF or alerts. You can request data export or deletion via the dashboard. Personally identifying fields are anonymizable on request; the inputs hash is retained for audit purposes.

Sign in to subscribe. Pick the jurisdictions you care about and the change types you want to hear about (new law, effective-date change, enforcement guidance). Whenever any rule in your subscribed jurisdictions changes, you get a single email with the diff. We promise no marketing in alert emails.

No. This tool covers US state AI laws only. If you need EU AI Act classification or GDPR overlap analysis, our EU AI Act tool is the right surface. The wizard does ask if you have done EU AI Act classification — if you have, several US obligations are short-circuited as quick wins.

Yes. Each run gets a stable share URL plus an opaque public ID. The PDF brief is the recommended artifact for board distribution. The share URL is unindexed and only accessible by anyone with the link.

Yes. Two embed widgets are available: a single-state widget (top-3 triggered laws with a CTA to run the full matrix) and a nationwide choropleth. Both render in any third-party iframe with a copy-paste snippet. Attribution to Buzzi.ai is required.