Privacy & Information Security Law Blog

On May 1, 2024, Utah’s Artificial Intelligence Policy Act (“AI Policy Act”) entered into effect. Along with Colorado, Utah is the second state to pass legislation specifically regulating AI in the U.S. this year. The AI Policy Act introduces obligations for companies subject to Utah’s consumer protection laws with respect to use of generative AI applications.  Key requirements of the law include:

• Transparency obligations: Individuals who provide services of a “regulated occupation” must prominently disclose when a person is interacting with generative AI in the provision of regulated services. This disclosure must be provided either verbally at the beginning of a conversation or through electronic messaging before a written exchange. The law also requires individuals outside of regulated occupations to disclose that a person is interacting with generative AI and not a human if asked or prompted by the person. Regulated occupations are those that require a license or state certification and are regulated by the Department of Commerce.
• Accountability obligations: Under the AI Policy Act, any company that violates a statute administered and enforced by Utah’s Division of Consumer Protection through use of generative AI will be responsible for the violation even if the generative AI application made the violative statement, undertook the violative act or was used in furtherance of the violation. In other words, the company remains responsible for violations caused by its generative AI applications.

Companies in violation of the AI Policy Act are subject to fines of up to $2,500 per violation and the Division of Consumer Protection may bring an action in court to enforce a provision of the law, in addition to the Division’s administrative and injunctive remedies. If a company violates an administrative or court order issued for violating the AI Policy Act, it may be subject to a civil penalty of $5,000 for each violation.

The AI Policy Act also establishes an Office of AI Policy to create an AI Learning Laboratory Program, including an invitation for companies to apply for a temporary “regulatory mitigation” to test AI products in the market, similar to an AI regulatory sandbox initiative. The Office of AI Policy will also play a role in analyzing the risks, benefits and policy implications of AI technology, encourage development of AI technology in the state and evaluate the viability of current or proposed AI legislation.