State Tech Laws Are Exploding. Here’s What Just Hit Your State

Congress failed tech regulation again in 2025. So states stepped in hard.

Starting January 1st, 2026, Americans face a patchwork of new rules covering AI systems, social media time limits, right-to-repair protections, and crypto ATM refunds. Plus, one major federal law finally kicks in after a year-long delay.

The catch? These laws vary wildly by state. What’s required in California might be banned in Texas. So buckle up for a confusing year of tech compliance.

California Goes All-In on AI Transparency

California just activated SB 53, requiring major AI companies to publish detailed safety protocols and security measures. The law also protects whistleblowers who report problems.

This matters because it’s a watered-down version of SB 1047, which Governor Gavin Newsom vetoed in 2024 after intense pushback. The new version survived by dropping the most controversial requirements. But it still represents the nation’s strongest AI transparency mandate.

Several companion bills add specific restrictions. SB 243 targets AI companion chatbots, forcing them to prevent self-harm discussions and remind young users every few hours that they’re talking to software, not humans. Meanwhile, SB 524 makes law enforcement agencies disclose exactly how they use AI tools.

However, all these rules face an existential threat. The incoming Trump administration wants to ban state-level AI regulations entirely. So California’s framework could become a legal battleground that determines whether states can regulate AI at all.

Right-to-Repair Laws Finally Take Effect

Colorado activated HB24-1121, one of America’s most comprehensive repair rights packages. Manufacturers must now provide repair parts, tools, and documentation for a massive range of electronic devices.

Washington State followed suit with two laws: HB 1483 and SB 5680. According to iFixit, these rules ban parts pairing (where manufacturers lock replacement components to specific devices) and add special protections for wheelchair users who need repairs.

These laws represent years of advocacy against manufacturer repair monopolies. Companies like Apple and John Deere fought hard to prevent them. But consumer frustration finally won out.

The real test comes next. Will manufacturers comply gracefully or find creative workarounds? Early signs suggest both strategies are in play.

Virginia Just Killed Teen Social Media Access

If you’re under 16 in Virginia, prepare for major restrictions. SB 854 limits you to one hour per day on each social media app after age verification.

Parents can adjust that limit up or down. But the default is 60 minutes, period.

This represents the most aggressive social media time restriction in America. Other states have age-appropriate design codes or content restrictions. But Virginia went straight for hard time caps.

Critics immediately sued, arguing the law violates First Amendment rights. That legal challenge could block enforcement or gut the requirements. So Virginia teens might not face these limits for long.

Still, other states are watching closely. If Virginia wins in court, expect copycat bills nationwide.

Data Privacy Laws Get Mixed Reviews

Indiana, Kentucky, and Rhode Island all activated new data privacy frameworks this year. These laws supposedly give consumers rights to access, correct, and delete personal information companies hold about them.

But consumer protection groups say they’re basically worthless. A 2025 report card from PIRG and the Electronic Privacy Information Center gave all three states an F grade.

The problem? These states followed the “Virginia model” – a framework that lets companies keep collecting whatever data they want as long as they disclose it somewhere in a privacy policy. Plus, opt-outs remain deliberately onerous.

In contrast, strong privacy laws like California’s CCPA and Europe’s GDPR actually restrict data collection upfront. Disclosure without meaningful limits doesn’t protect anyone.

So if you live in Indiana, Kentucky, or Rhode Island, don’t expect real privacy protections despite the new laws.

Crypto ATM Scams Face New Colorado Rules

Colorado just added consumer protections to cryptocurrency ATMs with SB25-079. The law requires daily transaction limits for new customers and mandatory refunds for first-time users who transfer money internationally.

This targets a massive fraud problem. Scammers reportedly stole hundreds of millions of dollars through crypto ATMs in 2024 by convincing victims to convert cash into cryptocurrency and send it to anonymous wallets.

The refund provision specifically helps fraud victims. Most crypto ATM scams involve tricking people into sending money overseas. So requiring refunds for those transactions catches the majority of fraud attempts.

Other states will likely copy this approach. Crypto ATMs remain largely unregulated at the federal level, making them a perfect fraud vector.

Texas Dodged App Store Age Checks (For Now)

Texas was supposed to start requiring age verification through app stores on January 1st. But a district court blocked SB 2420 with a preliminary injunction just weeks before enforcement.

The law would have forced Apple and Google to verify users’ ages, then share that information with app developers. Privacy advocates and tech companies argued this creates surveillance infrastructure with massive abuse potential.

However, Texas will almost certainly appeal to the Fifth Circuit Court of Appeals. That court has a track record of reversing lower court rulings on internet regulation. So this fight isn’t over – just delayed.

Meanwhile, Utah passed a similar law that takes effect in May 2026. App stores have until then to implement age verification systems.

Federal Take It Down Act Finally Gets Teeth

Congress passed the Take It Down Act in 2025, criminalizing AI-generated nonconsensual intimate imagery at the federal level. But the platform takedown requirements got delayed one year.

That grace period expires May 19th, 2026. After that date, online platforms must rapidly remove reported AI-generated intimate images or face legal consequences.

Free speech advocates worry about the vague “rapid removal” standard. How fast is fast enough? What happens if platforms over-remove content to avoid liability? The Cyber Civil Rights Initiative called this provision a “poison pill” that could enable censorship.

We’re about to find out if those concerns were justified. May will reveal whether platforms implement reasonable systems or panic and block massive amounts of content.

Nebraska Bans Addictive App Features for Kids

LB 504 restricts notifications, in-game purchases, and infinite scrolling for children. The goal is stopping “dark patterns” that keep young users compulsively online.

This is another age-appropriate design code, similar to laws passed in several other states. But California’s version got blocked in court, suggesting Nebraska’s law might face legal challenges too.

The fundamental question remains unsolved: Can states require different app designs for children without violating the First Amendment or creating impossible compliance burdens?

Courts haven’t answered that definitively yet. So Nebraska’s law becomes another test case in an ongoing legal battle over children’s online protections.

New York’s RAISE Act Arrives Weakened

New York’s RAISE Act was supposed to be a landmark AI safety law requiring transparency and accountability for large model developers.

But legislators gutted it at the last minute, removing most substantive requirements. The version taking effect March 19th barely resembles the original proposal.

Still, it sets a precedent. New York attempted comprehensive AI regulation and partially succeeded. Other states will learn from both its victories and compromises.

Plus, the Trump administration’s proposed ban on state AI laws would kill even this watered-down version. So its survival depends on winning a much bigger political fight.

Michigan Gets Anti-SLAPP and “Taylor Swift” Bills

Michigan activated HB 4045, an anti-SLAPP law that helps defendants fight abusive lawsuits designed to silence critics.

On the same date, Michigan’s “Taylor Swift bills” take effect – rules targeting ticket scalping bots modeled on the federal BOTS Act.

While these aren’t exclusively tech laws, they address major tech-related problems. Billionaires like Elon Musk have weaponized lawsuits to intimidate critics. Meanwhile, bot-driven ticket scalping remains rampant despite federal prohibitions.

The ticket bot laws probably won’t solve the problem entirely. Enforcement remains weak and technical workarounds exist. But they signal states are willing to fight back against automated scalping operations.

The Patchwork Problem Gets Worse

Here’s the nightmare scenario for tech companies: 50 different state laws with contradictory requirements.

California mandates AI transparency. Trump’s administration wants to ban that. Texas requires app store age verification. Courts keep blocking it. Virginia limits teen screen time. Nebraska bans specific app features.

Complying with all these rules simultaneously might be impossible. A feature legal in one state could be banned in another. An app design required by one law might violate a different law.

This is why companies keep begging Congress to pass federal standards. A single national framework would be easier to follow than dozens of conflicting state rules.

But Congress remains paralyzed on tech policy. So the state patchwork keeps growing, creating chaos for companies and confusion for users.

The only certainty for 2026? More legal battles over which level of government can regulate technology, and how far those regulations can push.