On June 12, a bipartisan group of 23 attorneys general wrote a letter to the chief counsel for the National Telecommunications and Information Administration (NTIA), recommending a risk-based approach to a regulatory framework for using and deploying AI technology. Driven by their “extensive experience enforcing data privacy and consumer protection laws,” the AGs noted that states, such as Colorado, California, Connecticut, Tennessee, and Virginia, already regulated AI through their respective state data protection and privacy laws.

The risk-based framework recognized that some AI uses require greater oversight than others, while defining “risk” by looking at multiple factors, including:

  • Categories of impact (e.g., individual physical or psychological safety, civil and human rights, or equal access to goods or services);
  • Types of data used (e.g., medical information, biometric data, or personal information of children); and
  • Whether the automated decision-making impacts an individual’s financial or legal situation.

The framework would leverage resources across public and private sectors to responsibly develop and deploy AI in a trusted and fair manner so as not to discourage innovation.

Further, the AGs proposed foundational principles to develop the risk-based framework. Specifically, the AGs endorsed independent standards for transparency, including: (1) testing, (2) assessments, and (3) audits of AI solutions. Like the Energy Star program, NTIA or NIST (or a partnership between the two) would establish independent standards, so trusted auditors could certify an AI system and build public trust. For high-risk AI solutions, the AGs proposed mandatory external third-party audits that would occur periodically. Unsurprisingly, state AGs also reccommended concurrent enforcement authority under any federal regulatory regime to “enable more effective enforcement to redress possible harms.”

Why It Matters

2023 has been the year of AI. With private companies adopting AI solutions to perform many business functions and with private access to AI engines like ChatGPT, AI is ripe for regulatory oversight. And as evidenced by this letter, state AGs are eager to begin regulating the young industry. Companies that build and deploy AI solutions should keep abreast of regulatory developments to anticipate future regulatory requirements. Failure to do so could result in onerous compliance obligations that may necessitate pulling AI systems offline, so they can be rebuilt to comply with applicable requirements.


More on Artificial Intelligence + the Future of Law.


Troutman Pepper State Attorneys General Team

Ashley Taylor – Co-leader and Firm Vice Chair
Ashley is a partner in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and co-leader of the State Attorneys General practice. He focuses primarily on federal and state government regulatory and enforcement matters involving state attorneys general, the Consumer Financial Protection Bureau (CFPB), and the Federal Trade Commission (FTC). Drawing upon his experience as a deputy attorney general, Ashley has developed an extensive consumer practice with regard to the consumer financial services industry.
Clay Friedman – Co-leader
Clay is a partner in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and co-leader of the State Attorneys General practice. Informed by nearly a decade in a state attorneys general office, and more than 25 years in private practice, Clay spends much of his time representing clients in singular or multistate regulatory actions. Clay has repeatedly led teams before all 50 state attorneys general and also handles matters with the Federal Trade Commission, the Consumer Financial Protection Bureau, and other local, state and federal agencies.
Judy Jagdmann
Judy is a partner in the firm’s Regulatory Investigations, Strategy and Enforcement (RISE) practice, based in the Richmond office. She brings experience serving as chair and commissioner of the Virginia State Corporate Commission (VSCC) from 2006 through 2022, which includes regulating the utilities, insurance, banking, and securities industries. She also served as Virginia’s attorney general from 2005-2006.
Stephen Piepgrass
Stephen represents clients interacting with, and being investigated by, state attorneys general and other enforcement bodies, including the CFPB and FTC, as well as clients involved with litigation, particularly in heavily regulated industries.
Avi Schick
A former deputy attorney general of New York, Avi applies his experience in bet-the-company matters, representing clients in criminal and civil investigations and enforcement actions before state and federal regulators, prosecutors and enforcement agencies.
Michael Yaghi
Michael handles high-profile state attorneys general, FTC, and CFPB investigations by advising clients through these complex government inquiries. He assists clients through the entire life cycle of investigations, from regulatory enforcement through formal litigation.
Ketan Bhirud
As a former government official at the state and federal level, Ketan leverages extensive experience in the public and private sectors to skillfully represent client interests.
Tim Bado
Tim is an attorney in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, with a primary focus on financial services litigation.
Chris Carlson
Chris represents clients in regulatory, civil and criminal investigations and litigation. In his practice, Chris regularly employs his prior regulatory experience to benefit clients who are interacting with and being investigated by state attorneys general.
Natalia Jacobo
Natalia is an associate in the firm’s business litigation practice. She recently received her J.D from the University of California, Davis School of Law.
Namrata Kang
Namrata is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, based in the Washington, D.C. office. Her work includes advising clients in regulatory investigations and compliance matters, in addition to representing clients in civil litigation matters.
Susan Nikdel
Susan is an associate in the firm’s Consumer Financial Services Practice Group, and focuses her practice on consumer financial services matters. She has defended several of the nation’s largest and most influential financial institutions in individual and class action litigation involving the Telephone Consumer Protection Act (TCPA), Fair Credit Reporting Act (FCRA), Fair Debt Collection Practices Act (FDCPA), and other consumer privacy statutes. Susan also represents banks, fintechs, and financial services companies in connection with regulatory examinations and investigations brought by the CFPB, state attorneys general, and the California Department of Financial Protection and Innovation.
John Sample
John represents clients in a wide variety of general and complex litigation matters, shareholder disputes, products liability, and privacy claims.
Whitney Shephard
Whitney is an attorney in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. She represents clients facing state and federal regulatory investigations and enforcement actions, as well as related civil litigation.
Trey Smith
Trey is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement practice. His experience includes serving as a summer associate at the firm in 2021.
Daniel Waltz
An experienced litigator, Daniel advises and represents regional, national and international companies, financial institutions and insurers in all facets of business, complex commercial and insurance coverage litigation. He is committed to working with his clients to find creative solutions to meet their needs.
Stephanie Kozol
Stephanie is Troutman Pepper’s senior government relations manager in the state attorneys general department.