The EU AI Act: A Global First in AI Regulation

In March 2024, the European Parliament officially passed the Artificial Intelligence Act, a groundbreaking law that seeks to create a unified legal framework for AI governance across all 27 EU member states. The legislation will be phased in over the next few years and introduces a risk-based approach to regulating AI technologies.

Under the AI Act, systems are categorized into four levels of risk:

• Unacceptable risk AI systems are banned entirely (e.g., social scoring by governments, real-time biometric surveillance in public spaces, and manipulative behavior).

• High-risk systems are allowed but subject to strict compliance measures. This includes AI used in medical devices, hiring tools, law enforcement, education, and critical infrastructure.

• Limited risk applications must meet transparency requirements, such as notifying users they are interacting with AI.

• Minimal risk applications (e.g., AI-powered spam filters) are largely unregulated.

The Act imposes significant legal obligations on developers, deployers, and users of high-risk AI systems, including:

• Conducting risk assessments

• Ensuring human oversight and accountability

• Providing clear information to users about system functionality

AI Regulation in the United States: A Sectoral and Decentralized Approach with a New Emphasis on Innovation

Unlike the European Union, the United States has not adopted a comprehensive federal AI law. Instead, the U.S. is taking a multi-pronged approach, relying on executive orders, agency guidance, and state-level legislation. The direction of federal AI policy has recently seen a significant shift with the introduction of the Trump administration's "Winning the AI Race: America's AI Action Plan" in July 2025.

"Winning the AI Race: America's AI Action Plan" (July 2025)

The Trump administration's new AI Action Plan, released on July 23, 2025, marks a notable departure from previous federal AI policy. This plan, which functionally replaces President Biden's Executive Order 14110 on AI, prioritizes accelerating AI innovation and securing American global leadership in the field, with a strong emphasis on reducing perceived regulatory burdens. The plan outlines over 90 federal policy initiatives across three strategic pillars:

• • Pillar I: Accelerate AI Innovation. This pillar focuses on reducing "red tape" and "onerous" regulations that might hinder AI development and adoption. It calls for federal agencies to review and potentially revise or repeal regulations deemed impediments to AI innovation. A significant aspect is the aim to ensure AI models procured by federal agencies are "objective and free from top-down ideological bias," with directives to revise the NIST AI Risk Management Framework to eliminate references to "misinformation, Diversity, Equity, and Inclusion, and climate change." The plan also proposes potentially withholding federal funding from states that have "burdensome" AI regulations that could impede innovation. Furthermore, it encourages open-source and open-weight AI models, and promotes a "try-first culture" for AI adoption in critical sectors like healthcare.

  • Pillar II: Build American AI Infrastructure. Recognizing the immense computational and energy demands of advanced AI, this pillar focuses on scaling domestic infrastructure. Key measures include streamlining permitting processes for data center construction, potentially through new Categorical Exclusions under the National Environmental Policy Act (NEPA) and broadening the use of the FAST-41 process. It also calls for developing a strategy to upgrade the U.S. power grid and making federal lands available for data center and related energy generation projects. The plan emphasizes bolstering cybersecurity for critical infrastructure, including the establishment of an AI Information Sharing and Analysis Center (AI-ISAC) to promote information sharing on AI-security threats.

  • Pillar III: Lead in International AI Diplomacy and Security. This pillar aims to secure and maintain American AI leadership internationally. It focuses on promoting American AI exports, including "full-stack AI export packages" (hardware, models, software, applications, and standards) to allied nations. The plan also seeks to counter rival nations' influence in global AI governance bodies and strengthen export controls on advanced AI and semiconductor technologies to prevent their acquisition by adversaries.

The "Winning the AI Race" plan underscores the administration's belief that accelerating technological advancement and fostering an environment of minimal regulatory barriers are crucial to maintaining America's competitive edge in the global AI landscape.

Executive Order 14110 on AI (October 30, 2023) - Rescinded

It is important to note that President Trump, shortly after taking office in January 2025, rescinded President Biden's Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While this order previously directed federal agencies to establish standards for AI safety, privacy, bias mitigation, and intellectual property protection, its provisions are now superseded by the new AI Action Plan. The Biden EO had aimed to require developers of powerful AI models to report safety test results to the Department of Commerce, task the National Institute of Standards and Technology (NIST) with creating rigorous testing standards, and provide guidance for the use of AI in critical sectors.

Agency Guidance and Enforcement

Despite the shift in federal AI policy towards deregulation, various federal agencies continue to leverage their existing authorities to address AI-related concerns.

• • Federal Trade Commission (FTC): The FTC has consistently stated it will regulate deceptive or biased uses of AI under existing consumer protection laws. In prior years, the FTC warned businesses about false claims involving “AI-powered” tools and emphasized the need for fairness, transparency, and accuracy in automated decision-making. While the new federal plan de-emphasizes "woke" AI concerns, the FTC's fundamental mandate to protect consumers from unfair or deceptive practices remains.

  • Other Federal Agencies: Agencies like the Equal Employment Opportunity Commission (EEOC) and the Department of Health and Human Services (HHS) will likely continue to address how AI intersects with civil rights, employment law, and medical privacy, albeit within the new federal policy framework that prioritizes innovation and efficiency.

State-Level Legislation

In the absence of a comprehensive federal AI law—and potentially facing federal pushback on "burdensome" regulations—several states are moving forward with their own AI-related laws. This creates a diverse and sometimes fragmented regulatory landscape.

• • California: California has been active in AI-related legislation, including laws that update the definition of "personal information" to encompass AI systems, prohibit the commercial use of digital replicas of deceased performers without consent, and require generative AI developers to post documentation about training data. Proposed legislation continues to explore algorithmic transparency and prohibitions on discriminatory AI outcomes.

  • Utah: Utah was the first state to enact an AI-specific regulation, the Utah Artificial Intelligence Policy Act, which became effective May 1, 2024. This act primarily requires entities offering consumer-facing generative AI services in regulated professions to disclose when individuals are interacting with AI, particularly during "high-risk" interactions involving health, financial, or biometric data.

  • Colorado: Colorado passed the Colorado AI Act, which will become effective February 1, 2026. This comprehensive legislation requires developers and deployers of "high-risk" AI systems to use reasonable care to avoid algorithmic discrimination and disclose certain information to consumers.

  • Other States: Many other states are actively considering or have introduced AI-related bills in 2025. For example, Tennessee adopted the "ELVIS Act" to prohibit unauthorized AI duplication or mimicry of music industry professionals' voices. Arkansas requires public entities to develop AI use policies and establishes ownership rights for AI-generated content. Over 90 bills related to AI have been introduced across all 50 states, Puerto Rico, the Virgin Islands, and Washington D.C. in 2025, addressing areas such as deepfakes in elections, AI in healthcare, and the "right to compute."

Global Momentum and the Need for Compliance

Taken together, the EU’s sweeping legislation and the U.S.’s targeted, yet now innovation-focused, approach reflect a growing international understanding: AI must be managed to protect societal interests, promote fairness, and ensure accountability, even as the global "AI Race" intensifies.

For businesses developing or deploying AI systems—especially those that operate internationally—it is crucial to:

• • Stay informed about jurisdiction-specific obligations, particularly considering the federal emphasis on deregulation alongside ongoing state-level activity.

  • Conduct regular audits of AI tools and vendors.

  • Document compliance efforts, especially regarding data use, bias mitigation (where applicable by state or existing federal law), and consumer disclosures.

Legal frameworks are still evolving, but enforcement actions and reputational risks are already very real.

Final Thoughts

Whether you are a startup building AI products or a small business integrating AI into your operations, understanding the legal landscape is essential. The EU AI Act will likely serve as a model for other countries, and U.S. regulators are actively shaping new expectations, now with a clear federal mandate to "win the AI race" through accelerating innovation.

Staying ahead of regulatory developments today can help you avoid legal exposure tomorrow.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Please contact Roper Legal to discuss your specific artificial intelligence needs and obligations. If you have questions about how AI regulations may affect your business—or need guidance on risk management, disclosures, or compliance planning—contact Roper Legal for a consultation.

What Does Idaho's Lemon Law Cover?

Idaho's Lemon Law applies to new motor vehicles purchased or licensed in Idaho that are subject to an applicable manufacturer's written warranty. This includes cars, trucks, and vans weighing 12,000 pounds or less and primarily used for personal, family, or household purposes.

The law covers "nonconformities," which are defects or conditions that substantially impair the vehicle's use or market value. It's important to note that the law does not cover nonconformities resulting from abuse, neglect, or unauthorized modifications to the vehicle.

When Does a Vehicle Qualify as a "Lemon"?

A vehicle may be considered a "lemon" under Idaho law if the manufacturer or its authorized dealers are unable to repair a substantial nonconformity after a "reasonable number of attempts." The law sets out specific presumptions for what constitutes a "reasonable number of attempts," which include:

• • Four or more unsuccessful attempts to repair the same defect, and the nonconformity continues to exist.

  • One unsuccessful attempt to repair a defect that causes the complete failure of the steering or braking system, and that failure is likely to cause death or serious bodily injury.

  • The vehicle has been out of service for 30 or more cumulative business days due to warranty repairs.

These repair attempts or days out of service must generally occur within the term of the express warranty, or within two years or 24,000 miles from the date of original delivery, whichever comes first.

Your Duty to Notify the Manufacturer

Before seeking a refund or replacement, you must notify the manufacturer or its authorized dealer in writing of the problem and give them at least one opportunity to repair the defect. This written notification is crucial for establishing your claim under the Lemon Law. It's highly advisable to send this notification via certified mail with a return receipt requested to create a clear record.

What Remedies Are Available?

If your vehicle qualifies as a "lemon," the manufacturer must either:

• • Replace the vehicle with a comparable new motor vehicle; or

  • Refund the vehicle's full purchase price, which can include sales tax, license fees, registration fees, and reimbursement for towing and rental vehicle expenses incurred due to the vehicle being out of service. A reasonable allowance for your use of the vehicle may be deducted from the refund.

Arbitration: A Potential First Step

Idaho law requires manufacturers doing business in the state to offer a consumer arbitration program to address warranty-related disputes. If the manufacturer requires it, consumers must typically go through this arbitration process before filing a lawsuit. Arbitration offers a faster and often less formal way to resolve disputes compared to traditional litigation.

Statute of Limitations

While the primary period for defects to manifest is generally within the first two years or 24,000 miles, it's important to understand the broader timeframe for filing a claim. You can generally file a lawsuit any time within three years of the original delivery date, provided you first reported the defect within the applicable warranty period, two years, or 24,000 miles, whichever came first.

Empowering Yourself as a Consumer

Idaho's Lemon Law serves as a vital safeguard for consumers, providing a pathway to recourse when a new vehicle fails to meet the basic expectations of reliability and quality. Understanding the provisions of this law empowers you to advocate for your rights and protect your significant investment. Remember to meticulously document all repair attempts and communications with the dealership and manufacturer, as thorough record-keeping is fundamental to any potential claim. Ultimately, the Idaho Lemon Law is a testament to the principle that consumers deserve a fair shake when purchasing a new vehicle. By knowing your rights and the steps involved, you can work towards a satisfactory resolution and ensure your new car lives up to its promise.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Please contact Roper Legal to discuss your specific lemon law needs.

Hiring and Onboarding

When bringing on new employees, it's important to follow proper procedures. This includes having clear job descriptions, conducting thorough interviews, and providing offer letters that detail the terms of employment.

• Ensure all hiring practices are non-discriminatory.

• Accurately classify workers as employees or independent contractors.

• Maintain proper records of employment eligibility verification (Form I-9).

Wage and Hour Laws

Small businesses must adhere to federal and state wage and hour laws, including minimum wage, overtime pay, and record-keeping requirements.

• Pay at least the federal or state minimum wage, whichever is higher.

• Provide overtime pay to eligible employees for hours worked beyond 40 in a workweek.

• Keep accurate records of employee hours worked and wages paid.

Workplace Safety

Providing a safe work environment is not just good practice; it's a legal requirement. The Occupational Safety and Health Administration (OSHA) sets standards for workplace safety, and small businesses must comply.

• Identify and address potential workplace hazards.

• Provide necessary safety training and equipment.

• Maintain records of workplace injuries and illnesses.

Employee Leave and Benefits

Various federal and state laws govern employee leave and benefits, such as the Family and Medical Leave Act (FMLA).

• Understand eligibility and requirements for FMLA leave.

• Comply with state-specific leave laws.

• Offer benefits as required or chosen, and ensure non-discrimination.

Terminations and Layoffs

Ending an employment relationship requires careful consideration and adherence to legal guidelines.

• Document reasons for termination to avoid wrongful termination claims.

• Follow proper procedures for layoffs, including WARN Act notifications if applicable.

• Provide final paychecks in a timely manner, as required by state law.

Staying Compliant

Employment law is complex and constantly evolving. Here are some tips for staying compliant:

• Regularly review federal and state employment laws and regulations.

• Consult with an employment law attorney or HR professional.

• Provide ongoing training to managers and supervisors on employment law issues.

• Keep detailed and accurate employment records.

Navigating employment law can be challenging, but by staying informed and proactive, small businesses can create a positive and legally compliant work environment.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Please contact Roper Legal to discuss your specific employment law needs.

For example, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents significant rights over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale or sharing of their data. (California Civil Code §§ 1798.100-1798.199.100). Other states, such as Virginia, Colorado, Utah, and Connecticut, have also enacted their own comprehensive privacy laws, each with distinct provisions. (Virginia Consumer Data Protection Act, Va. Code Ann. §§ 59.1-571 et seq.; Colorado Privacy Act, Colo. Rev. Stat. §§ 6-1-1301 et seq.; Utah Consumer Privacy Act, Utah Code Ann. §§ 13-61-101 et seq.; Connecticut Data Privacy Act, Conn. Gen. Stat. §§ 42-515 et seq.) Each passing year more states adopt their own privacy laws.

Federal Trade Commission (FTC) Enforcement

Even in the absence of a comprehensive federal privacy law, the Federal Trade Commission (FTC) has been actively enforcing against companies that engage in unfair or deceptive practices related to data privacy. The FTC Act grants the agency broad authority to protect consumers from such practices. (15 U.S.C. § 45).

The FTC has brought numerous enforcement actions against companies for failing to protect consumer data, making misleading privacy promises, or violating specific privacy laws, such as the Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. §§ 6501-6506). These actions highlight the FTC's focus on holding businesses accountable for their data privacy practices.

International Data Transfers

With the growth of global commerce, many US businesses engage in international data transfers. However, transferring personal data to other countries can raise complex legal and compliance issues. Businesses must ensure that such transfers comply with applicable laws and regulations, such as the European Union's General Data Protection Regulation (GDPR).

The GDPR imposes strict requirements on the transfer of personal data from the EU to other countries, including the United States. (Regulation (EU) 2016/679). Businesses must have a legal basis for such transfers and may need to implement safeguards to protect the data. Recent developments in international data transfer agreements have further added to the complexity.

Emerging Technologies and Data Privacy

The rapid advancement of technology, such as artificial intelligence (AI), facial recognition, and the Internet of Things (IoT), presents new data privacy challenges. These technologies often involve the collection and processing of vast amounts of personal data, raising concerns about surveillance, discrimination, and misuse of information.

Businesses deploying these technologies must carefully consider the potential privacy implications and implement appropriate safeguards. Existing laws may need to be interpreted or updated to address the unique privacy challenges posed by emerging technologies.

Key Takeaways

Navigating the complexities of data privacy is essential for US businesses. To stay compliant and maintain consumer trust, businesses should:

• Stay informed about evolving state and federal privacy laws.

• Develop and implement robust data privacy policies and procedures.

• Conduct regular risk assessments and audits of their data practices.

• Provide transparency to consumers about how their data is collected and used.

• Train employees on data privacy best practices.

By prioritizing data privacy, businesses can protect themselves from legal risks and build stronger relationships with their customers.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Please contact Roper Legal to discuss your specific data privacy needs and obligations.