Workforce Bulletin

On July 23, 2025, the president signed three AI-related Executive Orders (“E.O.s”) to accompany the recently released White House’s Artificial Intelligence (AI) Action Plan (“AI Action Plan”). These E.O.s seek to add clarity to, and drive forward, federal policy in the AI space.

While they all relate to AI, the E.O.s otherwise vary considerably in subject matter: “Accelerating Federal Permitting of Data Center Infrastructure”; “Promoting the Export of the American AI Technology Stack”; and “Preventing Woke AI in the Federal Government.”

As we noted in our July 24 blog, the White House is clearly determined to outpace other countries so that the U.S. benefits from any gains provided by AI through building AI infrastructure and bolstering AI-related exports. The Center for Data Innovation, from its perspective, stated in a press release that the actions pursued by the executive orders will advance U.S. goals of global AI dominance and enable the U.S. to better compete with China.

The long-awaited White House Artificial Intelligence (AI) Action Plan (“AI Action Plan”) is here, setting forth the Trump administration’s policy recommendations to achieve the goal of “global AI dominance.”

The White House released the AI Action Plan on July 23, 2025, and delivered remarks on the plan during an AI summit. The same day, the president signed three AI-related Executive Orders to further the AI Action Plan, relating to: 1) “Accelerating Federal Permitting of Data Center Infrastructure”; 2) “Promoting the Export of the American AI Technology Stack”; and 3) “Preventing Woke AI in the Federal Government.” Yet it remains to be seen whether and how successfully the AI Action Plan will unfold—particularly with respect to impacts on incongruous state regulatory action.

Likening the global AI race to the space race during the Cold War, the introduction to the 28-page AI Action Plan emphasizes the need “to innovate faster and more comprehensively than our competitors in the development and distribution of new AI technology across every field and dismantle unnecessary regulatory barriers that hinder the private sector in doing so.” 

It’s July, and the White House Artificial Intelligence (“AI”) Action Plan (“Action Plan” or “the plan”) is almost here.

In Executive Order 14179 of January 23, 2025—entitled “Removing Barriers to American Leadership in Artificial Intelligence”—President Donald Trump directed federal officials to develop an Action Plan to achieve the policies of sustaining and enhancing America’s dominance in global AI. The plan is expected to drop by July 23, to coincide with an address by the President outlining his vision for American AI.

The release of the Action Plan will follow a number of recent developments in AI at the state and federal levels that show no signs of abating. On July 15, for instance, the White House announced $90 billion in energy and data center investments in Pennsylvania, according to Reuters. Bloomberg reported the same day that President Trump is planning to sign another executive order to implement the Action Plan upon its release to push the policy forward.

[8/28/2025 UPDATE: Following a special session called by Governor Jared Polis, the Colorado legislature passed SB 25B-004 and it was signed by the governor on August 28, 2025. SB 25B-004 will delay the effective date for implementation of SB 24-205, the state’s historic artificial intelligence law, to June 30, 2026, instead of February 1, 2026.]

On May 17, 2024, Colorado Governor Jared Polis signed Colorado’s historic artificial intelligence (AI) consumer protection bill, SB 24-205, colloquially known as “Colorado’s AI Act” (“CAIA”), into law. As we noted at the time, CAIA aims to prevent algorithmic discrimination in AI decision-making that affects “consequential decisions”—including those with a material, legal, or similarly significant effect with respect to health care services and employment decision-making. The bill is scheduled to take effect February 1, 2026.

The same day he signed CAIA, however, Governor Polis addressed a “signing statement” letter to Colorado’s General Assembly articulating his reservations. He urged sponsors, stakeholders, industry leaders, and more to “fine tune” the measure over the next two years to sufficiently protect technology, competition, and innovation in the state.

As the local and national political climate steers toward a less restrictive AI policy, Governor Polis drafted another letter to the Colorado legislature. On May 5, 2025, Polis—along with Attorney General Phil Weiser, Denver Mayor Mike Johnston, and others—requested that CAIA’s effective date be delayed until January 2027.

Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some counts. Many of these state laws will go into effect starting Q4 of 2024 through 2025.

We have previously written in more detail on New Jersey’s comprehensive data privacy law, which goes into effect January 15, 2025, and Tennessee’s comprehensive data privacy law, which goes into effect July 1, 2025. Some laws have already gone into effect, like Texas’s Data Privacy and Security Act, and Oregon’s Consumer Privacy Act, both of which became effective July of 2024. Now is a good time to take stock of the current landscape as the next batch of state privacy laws go into effect.

[8/28/2025 UPDATE: Following a special session called by Governor Jared Polis, the Colorado legislature passed SB 25B-004 and it was signed by the governor on August 28, 2025. SB 25B-004 will delay the effective date for implementation of SB 24-205, the state’s historic artificial intelligence law, to June 30, 2026, instead of February 1, 2026.]

On May 17, 2024, Colorado Governor Jared Polis signed into law SB 24-205—concerning consumer protections in interactions with artificial intelligence systems—after the Senate passed the bill on May 3, and the House of Representatives passed the bill on May 8.

In a letter to the Colorado General Assembly, Governor Polis noted that he signed the bill into law with reservations, hoping to further the conversation on artificial intelligence (AI) and urging lawmakers to “significantly improve” on the law before it takes effect.

SB 24-205 will become effective on February 1, 2026, making Colorado the first state in the nation to enact broad restrictions on private companies using AI. The measure aims to prevent algorithmic discrimination affecting “consequential decisions”—including employment-related decisions.

As reported in a June 3, 2022 press release from the House Committee on Energy and Commerce, U.S. Representatives Frank Pallone, Cathy McMorris Rodgers, and Senator Roger Wicker released a “discussion draft” of a federal data privacy bill entitled the “American Data Privacy and Protection Act” (the “Draft Bill”), which would impact the data privacy and cybersecurity practices of virtually every business and not-for-profit organization in the United States.

As further described below, the Draft Bill’s highlights include: (i) a comprehensive nationwide data privacy framework; (ii) preemption of state data privacy laws, with some exceptions; (iii) a private right of action after four (4) years, subject to the individual’s prior notice to the Federal Trade Commission (“FTC”) and applicable state attorney general before commencement of lawsuit; (iv) exemptions for covered entities that are in compliance with other federal privacy regimes such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Gramm-Leach Bliley Act (“GLBA”) solely with respect to data covered by those statutes; (v) exclusions from Act’s requirements for certain “employee data”; and (vi) a requirement for implementation of reasonable administrative, technical and physical safeguards to protect covered data. The Draft Bill would be enforced by the FTC, and violations treated as unfair or deceptive trade practices under the Federal Trade Commission Act, as well as by state attorneys general.

Recent data thefts and systems intrusions, particularly with respect to ransomware, have assured that cybersecurity is top of mind for corporate executives and compliance officials. We at EBG have tried to keep you up to date with respect to legislative, regulatory and litigation developments and recommended best practices and procedures.

As we close out the year, we all should remain mindful that cyber criminals, especially those who are supported or protected by foreign adversaries, have little incentive to rest up during the holidays.