Press "Enter" to skip to content
Utah artificial intelligence law

Utah Enacts Law Requiring Generative Artificial Intelligence Disclosures

Published March 31, 2025 by Eric Rosenkoetter

Utah artificial intelligence lawUtah Gov. Spencer Cox on March 27 signed into law Senate Bill 226 relating to the use of generative artificial intelligence in consumer transactions and regulated services. The law goes into effect on May 7, 2025.

For consumer transactions, a supplier that interacts with an individual using generative artificial intelligence must disclose that the individual is not interacting with a human if the individual asks or otherwise prompts the supplier about whether artificial intelligence is being used.

“Generative artificial intelligence” is an artificial intelligence technology system that:

  • is trained on data;
  • is designed to simulate human conversation with a consumer through one or more of the following:
    • text;
    • audio; or
    • visual communication; and
  • generates non-scripted outputs similar to outputs created by a human, with limited or no human oversight.

Individuals in a regulated occupation must be proactive when the interaction with an individual receiving services constitutes a high-risk artificial intelligence interaction.  A disclosure must be provided at the beginning of a verbal interaction, or otherwise in writing.

A “regulated occupation” is one that is regulated by the Department of Commerce and requires an individual to obtain a license or state certification to practice the occupation.

A “high-risk artificial intelligence interaction” means an interaction with generative artificial intelligence that involves:

    1. the collection of sensitive personal information, including:
      1. health data;
      2. financial data; or
      3. biometric data;
    2. the provision of personalized recommendations, advice, or information that could reasonably be relied upon to make significant personal decisions, including the provision of:
      1. financial advice or services;
      2. legal advice or services;
      3. medical advice or services; or
      4. mental health advice or services; or
    3. other applications as defined by division rule.

The Division of Consumer Protection may impose administrative fines up to $2,500 for each violation.

Photo: Jason/stock.adobe.com

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/

Published in Data Privacy and Security and State & Local Regulation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.