Navigating AI in Business: Understanding the Current Legal Framework

Written By Latrice Thomas

As artificial intelligence (AI) continues to evolve, businesses must carefully navigate a complex and expanding legal landscape. While comprehensive AI-specific legislation is still in development, companies are already subject to a range of existing laws and regulatory requirements that directly impact the use of AI tools.

In this article, we will examine the current legal frameworks that regulate AI, both in the United States and internationally, and provide key considerations for businesses seeking to integrate AI in a compliant manner.

The Patchwork of AI Regulations:
What Businesses Must Know

There is no single, unified law that governs the use of AI. Instead, businesses must address a combination of existing statutes, agency guidelines, and industry-specific regulations. This patchwork creates compliance challenges that require thoughtful attention.

Key U.S. Regulations Impacting AI Use

California Consumer Privacy Act (CCPA)

The CCPA requires businesses to provide transparency regarding the collection, use, and sharing of consumer data. When AI systems process personal data, companies must ensure:

  • Proper consumer disclosures

  • Adherence to consumer opt-out rights

  • Secure data handling practices

Failure to comply may result in significant fines and class action exposure in cases of data breaches.

Federal Trade Commission (FTC) Guidance

The FTC actively monitors businesses using AI for potential deceptive or unfair practices, particularly when:

  • AI is used in consumer decision-making (e.g., pricing, lending)

  • Marketing or advertising materials overstate AI capabilities

  • AI-generated decisions may mislead or harm consumers

The FTC has issued warnings that businesses will be held accountable for how AI tools impact consumers.

International Regulations with Global Reach

General Data Protection Regulation (GDPR)

The GDPR, applicable to businesses that process the personal data of EU residents, imposes strict requirements, including:

  • Clear documentation of AI system purposes

  • Explicit consumer consent for automated processing

  • The right to human review of AI-driven decisions

Non-compliance can lead to penalties of up to 4% of annual global turnover or €20 million, whichever is greater.

The Forthcoming EU AI Act

The EU AI Act, expected to take effect soon, is poised to become the world’s most comprehensive AI-specific regulation. It classifies AI systems by risk level:

  • Unacceptable Risk: Prohibited uses (e.g., social scoring by governments)

  • High Risk: Heavily regulated (e.g., AI in critical infrastructure, employment decisions)

  • Limited Risk: Subject to transparency obligations

  • Minimal Risk: Few restrictions

Businesses serving EU markets must prepare for new registration, reporting, and monitoring obligations under this framework.

The Compliance Imperative:
Why Early Action Matters

Waiting for AI-specific laws to become fully codified is not a viable option. Businesses are already facing enforcement actions under current privacy, consumer protection, and contract law.

Key compliance steps include:

  • Conducting a comprehensive AI risk assessment

  • Updating privacy policies to address AI data processing

  • Reviewing and modifying contracts to allocate AI-related responsibilities

  • Implementing AI governance policies within the organization

Neglecting these steps can result in significant financial, operational, and reputational consequences.

How Thomas Law Supports AI Regulatory Compliance

At Thomas Law, we partner with businesses to:

  • Perform regulatory compliance reviews specific to AI activities

  • Draft AI use policies aligned with U.S. and international requirements

  • Structure contracts to manage risk across vendors, partners, and customer relationships

  • Provide ongoing monitoring as the AI regulatory landscape evolves

Our team understands the emerging AI space and works to ensure your company stays ahead of the curve.

Next Steps

If your business is currently using AI or evaluating its integration, now is the time to ensure your operations are fully aligned with applicable regulations.

Contact Thomas Law today to schedule a consultation and learn how we can assist with AI policy development, contract structuring, and regulatory compliance.

 

Coming Up Next in the Series

In the next article, we will explore how businesses can protect their trade secrets and data privacy when using AI tools, particularly those provided by third-party vendors.

Stay informed. Stay protected.

Latrice Thomas
Next

Navigating AI in Business: Opportunities and Legal Considerations