As artificial intelligence (AI) continues to permeate the public and private sectors, U.S. states are establishing guidelines that protect citizens while enabling innovation. One such state, Kentucky, has just enacted what may be the most comprehensive state-level AI governance law to date. But Kentucky is not alone. States like Vermont and Connecticut have also moved forward with AI legislation, and common threads are beginning to emerge. Together, these efforts signal the rise of a coherent, risk-based model for AI regulation that balances transparency, accountability, and public trust.

Kentucky’s Bold AI Law: A Model for Others?

On March 24, 2025, Governor Andy Beshear signed Kentucky Senate Bill 4 (SB 4) into law, marking a significant milestone in AI oversight. Championed by Senate Republicans Amanda Mays Bledsoe and Brandon Storm, the legislation passed with overwhelming bipartisan support—30-3 in the Senate and 86-10 in the House.

Key Features of Kentucky SB 4

• Risk-Based Governance Framework: The law introduces a structured approach to AI management based on the risk level of the technology in use.
• High-Risk AI Definition: It targets systems that are a “substantial factor” in making consequential decisions—those that affect legal rights, access to services, or costs to citizens and businesses.
• Transparency Requirements: Agencies must disclose the use of AI, especially when decisions affect individuals or businesses, and must provide mechanisms for appeal.
• AI Governance Committee: This body will oversee the implementation of standards and maintain a registry of generative and high-risk AI systems.
• Risk Management Policies: Before using high-risk AI, agencies must design and implement protocols to identify and mitigate bias or potential harm.
• Election Integrity: The law addresses the threat of AI-generated deepfakes in campaign communications, offering legal remedies for targeted candidates.

Emerging Trends in State-Level AI Legislation

While Kentucky’s SB 4 stands out in its depth and scope, it shares notable features with AI laws in other states, particularly Vermont and Connecticut. Collectively, these state laws reveal several emerging commonalities that may shape a broader regulatory template.

1. Focus on High-Risk Systems

Like Kentucky, both Vermont and Connecticut identify and regulate high-risk AI systems. These typically include technologies used in decision-making processes that affect health, housing, education, employment, or legal status.

Shared Characteristics:

• Systems involved in consequential decisions receive heightened scrutiny.
• Definitions often include similar exclusions—narrow tools, assistive technologies, or infrastructure systems like firewalls are typically exempt.
• The ambiguity of terms like “substantial factor” and “consequential decision” is a recurring challenge across jurisdictions.

2. Governance and Oversight Structures

AI governance committees or similar oversight bodies are becoming standard practice.

Core Responsibilities:

• Develop and enforce standards for AI system implementation.
• Maintain registries for transparency.
• Ensure ethical design, documentation, and accountability procedures.
• Monitor bias and implement risk mitigation strategies.

3. Transparency and Human Oversight

Transparency is the bedrock of these emerging laws, emphasizing clear communication about when and how AI is used.

Common Transparency Requirements:

• Disclosures when AI contributes to a decision or produces public-facing content.
• Availability of appeals processes for those affected by AI-based decisions.
• System cards or documentation made accessible to explain AI behavior and capabilities.

4. Anti-Discrimination and Equity Safeguards

All three states require that agencies assess whether AI systems could lead to unlawful discrimination and document safeguards accordingly.

Evaluation Metrics Include:

• Fairness and non-discrimination analysis.
• Human-in-the-loop oversight for critical decisions.
• Evaluation of societal and demographic impacts.

5. Election Integrity Provisions

Kentucky SB 4 is particularly forward-looking in addressing the dangers of AI in elections—a topic gaining national relevance.

Provisions Include:

• Legal recourse for candidates targeted by deepfake content.
• Mandatory disclosures on synthetic media used in electioneering communications.
• Public education and transparency to reduce the impact of misinformation.

Implications for Federal Action and Private Sector Regulation

One of the most compelling statements during the Kentucky Senate hearing came from Senator Amanda Mays Bledsoe, who called on Congress to develop similar regulations for the private sector. This sentiment echoes a growing consensus that while states are setting the pace, a unified federal framework is essential for comprehensive oversight—especially given the interstate nature of data and commerce.

Moreover, state laws are increasingly influencing corporate behavior. As companies interact with state governments or operate within their jurisdictions, they are being nudged toward compliance with these emerging standards. This is particularly true for vendors of high-risk AI systems, who may need to meet different but overlapping requirements across states.

A Patchwork That’s Starting to Align

The wave of AI legislation emerging from states like Kentucky, Vermont, and Connecticut is anything but chaotic. In fact, it reveals a growing convergence around core principles of risk-based governance, transparency, accountability, and human oversight. While each state law has its own nuances, the direction is clear: public trust in AI will depend on consistent safeguards, clearly defined responsibilities, and mechanisms for redress.

With Kentucky setting a new benchmark through SB 4, it’s likely that more states—and perhaps eventually Congress—will adopt similar frameworks. What once looked like a regulatory patchwork is beginning to resemble a blueprint. And that’s good news for policymakers, technologists, and citizens alike.