Ryan Steidl, Constangy partner and co-chair of the AI practice group, authored an article for the May 2025 issue of Cybersecurity Law & Strategy offering insight on how data privacy laws can be instructive on what to expect with AI regulation going forward.
“While the amount of AI legislation introduced in various states is relatively limited, the scope of issues being legislated is quite broad—bills run a wide gamut of attempting to regulate automated decision-making usage, chatbots, and even energy requirements for data centers that power AI,” Steidl wrote. “Despite the many uncertainties that remain to be clarified, there are actually many parallels between how data privacy laws took shape five years ago, and how AI legislation is developing today.”
In addition to looking at similarities between today’s AI regulatory landscape and the first wave of data privacy lawmaking, Steidl also explored differences between developments in the two areas of law. For example, many states are trying to integrate AI regulation into existing legal frameworks, such as rules related to discriminatory practices, privacy, data use and more. Data privacy laws, on the other hand, were fundamentally new in many ways, with few analogues to existing law.
Taking all of this into account, we can expect most states choosing to incorporate AI by amending existing laws and passing new, tightly focused laws, with some overlap with ongoing data privacy reforms. “For the foreseeable future, rather than face the challenge of trying to assemble broad (and often tenuous support) for passing a comprehensive law, states are likely to continue quickly pushing through narrower AI legislation that is spread out between existing and new laws,” Steidl said.
For the full article, please click here.