Federal Privacy and AI Bills Are Gaining Traction

Two recently introduced House bills would set national rules on data privacy and artificial intelligence. States, meanwhile, keep adding new requirements of their own.

U.S. House of Representatives lawmakers introduced two significant bills last month. On April 22, 2026, Rep. John Joyce (R-Pa.)—chair of the House Energy and Commerce Subcommittee on Oversight and Investigations and leader of the committee’s Privacy Working Group—introduced H.R. 8413, the SECURE Data Act, which would set a national consumer privacy standard. Five days later, Reps. Ted Lieu (D-Calif.) and Jay Obernolte (R-Calif.) introduced the American Leadership in AI Act, a nearly 200-page bipartisan package that draws on the recommendations of last Congress’s House AI Task Force. SIA has long supported a federal privacy law that streamlines divergent state rules and AI policy that is human-centric, ethical and trustworthy without putting security applications at risk, and these bills are a step in that direction. SIA joined more than 50 trade associations in a U.S. Chamber of Commerce statement supporting the SECURE Data Act, and we will stay closely engaged as the bills move forward.

The SECURE Data Act: A Proposed National Standard

The SECURE Data Act is the product of more than a year of work by the House Privacy Working Group, through a process incorporating feedback from industry that SIA participated in. The bill borrows heavily from the consensus framework already in place in 20 states with comprehensive privacy laws on the books and turns it into one national rule.

Companies that handle the personal data of more than 200,000 U.S. consumers would face the kinds of obligations already familiar from state laws: collect only what is needed, tell consumers what their data is being used for, secure it and get permission before using sensitive information. Consumers would gain the right to access, correct, delete and port their data and opt out of targeted advertising and sales. Additionally, like in most state laws, provisions are made to ensure data can be used effectively for security, anti-fraud and public safety purposes.

The Federal Trade Commission and state attorneys general would share enforcement, and businesses would have 45 days to fix problems before formal action could begin. The bill does not create a private right of action, which has killed past federal proposals. It also exempts financial institutions covered by Gramm-Leach-Bliley, health care entities subject to HIPAA, nonprofits, colleges and universities, so existing sector rules are not duplicated. The House Committee on Financial Services’ GUARD Act (H.R. 8398) updates Gramm-Leach-Bliley to provide a parallel national standard for financial institutions.

Importantly, the bill’s preemption language is as strong as a federal privacy bill is likely to get. The SECURE Data Act would replace the current state-by-state patchwork, which currently includes 24 U.S. statewide laws that impose requirements on the use of personal data, including biometric data and other types, with a single federal standard. That uniform rule of the road is the single most valuable feature of the bill for the security industry.

Security industry companies generally do not serve limited regions or work state by state. Manufacturers, integrators, monitoring centers and end users operate across state lines every day. Compliance can be complicated and expensive when it comes to a camera platform serving a national retailer, or an access control system serving a multi-state property manager, for example, when dealing with different definitions of personal data, consent rules and sets of consumer rights, and accounting for differing privacy laws.

The American Leadership in AI Act: A Measured, Pro-Innovation Approach

The American Leadership in AI Act is the most comprehensive bipartisan AI bill introduced in this Congress. It draws on the 2024 House AI Task Force report and pulls more than 20 standalone proposals into one package. The bill has six titles covering AI standards and evaluation, research infrastructure, federal AI governance and procurement, workers and small businesses, AI-enabled crime and AI education.

Important for industry to keep an eye on, Title I directs the National Institute of Standards and Technology to develop voluntary guidance on AI reliability, robustness, security and safety.

Title III sets up a voluntary AI vulnerability and incident tracking framework, and Title VI invests in the AI workforce, including a cybersecurity training tax credit that would help build the talent pipeline our industry depends on.

Individual States Have Made the Case for Federal Action Even Stronger

Colorado just revised its 2024 AI Act after Attorney General Phil Weiser agreed in April to suspend enforcement following a federal lawsuit. The state’s replacement bill, Senate Bill 26-189, would regulate the use of automated decision-making technology in “consequential decisions” across employment, housing, financial services, insurance, health care and education.

California, the first to enact state-level privacy regulation, expanded its data broker registration law in 2025 and added a new consumer health data privacy law that took effect this January.

Texas is enforcing both its 2024 Texas Data Privacy and Security Act and a new Texas Responsible Artificial Intelligence Governance Act that took effect Jan. 1, 2026.

Washington has its biometric privacy law and the 2023 My Health My Data Act, and other states from Florida to Connecticut have their own variations.

Illinois remains the most cited example because of the plaintiff-driven litigation under its 2008 Biometric Information Privacy Act.  

In 2026, Oklahoma and Alabama passed data privacy laws, and the count keeps growing.

SIA will continue to monitor these important policy developments. Member questions and concerns about how any of these proposals would affect your business can be directed to SIA’s government relations team—Jake Parker, senior director of government relations (jparker@securityindustry.org), and Lauren Bresette, senior manager of government relations (lbresette@securityindustry.org).