After years of moving slower than the technology, US lawmakers have shifted gears. Three major AI bills are currently advancing through Congress, and their combined provisions would represent the most significant technology regulation since GDPR's ripple effects hit American companies. If you build, deploy, or invest in AI systems serving US users, you need to understand what's coming.
The AI Transparency and Accountability Act (ATAA)
The most far-reaching bill currently in committee, the ATAA would require any AI system that "materially affects" decisions in healthcare, housing, employment, credit, or criminal justice to publish detailed technical documentation — including training data sources, model architecture, performance metrics across demographic groups, and known limitations. Systems affecting over 1 million US users annually would also be required to undergo third-party audits every two years.
For large tech companies, compliance is expensive but manageable. For startups, the audit requirement is the most concerning provision — third-party AI audits currently run $200,000 to $2 million depending on system complexity. A small health-tech startup that can't afford an audit could effectively be blocked from high-stakes AI applications. Industry groups are lobbying hard for a tiered compliance regime based on company size and revenue.
The Deepfake and Synthetic Media Disclosure Act
This narrower bill has bipartisan support and is likely to pass. It would require that any AI-generated image, video, or audio of a real person be clearly labeled as synthetic, with penalties of up to $150,000 per violation for failure to disclose. Exceptions exist for clearly satirical content and artistic works. The bill also creates a civil right of action — meaning individuals could sue companies directly for undisclosed synthetic media of them, without waiting for federal enforcement.
The immediate impact would fall heaviest on social media platforms, ad-tech companies, and the rapidly growing "digital human" industry. It would also affect news organizations using AI-generated graphics and video, requiring disclosure labels on synthetic content.
The National AI Safety Board Act
Modeled partly on the National Transportation Safety Board, this bill would create a federal agency with authority to investigate AI incidents — cases where AI systems cause significant harm — and recommend safety standards. The proposed board would have 12 members drawn from academia, industry, civil society, and government, with 5-year terms and an operating budget of $480 million annually.
The debate around this bill is less about whether to create the board than about its scope. Tech industry lobbying has focused on limiting the board's jurisdiction to "high-risk" AI systems (generally defined as those affecting critical infrastructure or making autonomous consequential decisions), while civil rights advocates are pushing for broader coverage including employment screening and predictive policing systems.
What This Means for Your Business
If you're a small startup not operating in regulated sectors, near-term impact is limited. The bills as currently written exempt most low-risk AI applications. If you're in healthcare, finance, or hiring technology, begin mapping which of your AI systems would qualify as "high-risk" under the proposed definitions — that exercise will be necessary whether or not these specific bills pass, because state-level legislation (California AB 2930, Colorado SB 205, Illinois AEDT) is already moving.
The wisest move for any US company building AI: document everything now. Training data provenance, model version history, performance evaluations, and deployment decisions. The companies that fare best under AI regulation will be those that already have the audit trail.