Primary Research · State Profile · NY
New York's AI regulatory landscape is the most fragmented in the country, split across municipal, state, and sector-specific authorities. New York City Local Law 144 governs automated employment decision tools (AEDTs) for NYC jobs; NYDFS 23 NYCRR 500 sets cybersecurity (and increasingly AI) expectations for financial institutions; NY State Bar Opinion #1224 (2024) bound lawyer AI use; NY SHIELD Act governs data security; NY Civil Rights Law §52-c addresses deepfake intimate imagery; and the NY Department of Labor has issued guidance on AI in employment decisions. The 2025 session also produced the New York LOADING Act and several bills targeting algorithmic transparency in healthcare and insurance.
New York's regulatory posture in 2026 emphasizes audit-based accountability and sector-specific oversight. NYC LL144 requires independent annual bias audits by an unaffiliated auditor, with public posting on the employer's website and pre-use notice to candidates at least 10 business days before AEDT use. Enforcement runs through the NYC Department of Consumer and Worker Protection with $500-$1,500 per violation, where each day of unlawful use is a separate violation. NYDFS oversight of financial institutions has increasingly extended to AI risk management — examiners now expect AI-specific governance, vendor due diligence, and incident reporting for AI-related cybersecurity events. The combination of municipal, state, and sector authorities means New York AI governance is rarely a single program; it is a portfolio.
Key provisions
Independent annual bias audit; public posting of audit summary; pre-use notice 10 business days before AEDT use; identify job qualifications the AEDT assesses; provide accommodations or alternative selection processes; $500-$1,500 per violation per day.
Key provisions
Cybersecurity program, CISO, MFA, risk assessment, penetration testing, vendor risk; 2023 amendments add governance expectations covering AI/ML model risk; incident reporting within 72 hours.
Key provisions
Reasonable cybersecurity safeguards for private data of NY residents; breach notification; AG enforcement.
Would require disclosure when AI is used to set prices based on individual consumer characteristics. Targeted at dynamic and personalized pricing systems.
Would require disclosure when AI is used in clinical decision-support for NY patients and a means to request human review.
Sector-specific frameworks layer on top of state AI laws and frequently impose stricter or earlier-binding obligations. These are the sectors most exposed in New York.
Financial services
NYDFS Part 500 is the binding constraint for state-chartered banks, insurers, and many fintechs. AI overlay includes model risk management aligned to SR 11-7 expectations.
Employment
NYC LL144 covers AEDTs for NYC-based jobs. Bias audit is the binding documentation requirement.
Legal
NY State Bar Opinion #1224 (2024) on lawyer AI use covers competence, confidentiality, supervision, and disclosure obligations.
Healthcare
NY DOH and pending NY S 7623 add transparency expectations on top of HIPAA for clinical AI.
Practical operational checklist for organizations subject to New York AI laws. Items are ordered by typical sequence of implementation, not by importance — most steps depend on the inventory work in the first item.
LL144 applies to NYC-based positions and to NYC-resident candidates; both sides matter.
Auditor must be unaffiliated. Schedule well before the use date.
Required by LL144. Summary must be accurate and not misleading.
Notice must include the job qualifications the AEDT assesses and accommodations process.
Examiners now expect AI-specific risk assessment, vendor diligence, and incident reporting.
Affects both law firm internal use and AI vendors serving NY lawyers.
Municipal + state + sector regulators rarely overlap; expect multiple parallel programs.
EFROS operates New York AI governance as a multi-program portfolio — NYC LL144 audit coordination, NYDFS Part 500 AI overlay for financial clients, NY State Bar Opinion #1224 alignment for law firm clients, and SHIELD Act security baselines. We assemble the right combination per organization rather than pretending one program covers everything.
Disclaimer: this profile is a research dataset, not legal advice. Compliance determinations for New York businesses require analysis of specific facts and should be made in consultation with qualified legal counsel licensed in New York.
Reference this resource with attribution under CC-BY-4.0. Copy any of the formats below for academic papers, blog posts, AI citations, or vendor evidence packages.
Efros, S. (2026, May). New York AI Law Tracker — 2026. EFROS. https://efros.com/research/state-ai-law-tracker/new-york/
Efros, Stefan. "New York AI Law Tracker — 2026." EFROS, May 2026, https://efros.com/research/state-ai-law-tracker/new-york/.
Efros, Stefan. 2026. "New York AI Law Tracker — 2026." EFROS. https://efros.com/research/state-ai-law-tracker/new-york/.
S. Efros, "New York AI Law Tracker — 2026," EFROS, May 2026. [Online]. Available: https://efros.com/research/state-ai-law-tracker/new-york/
@misc{efros2026newyorkailawtrac,
author = {Stefan Efros},
title = {New York AI Law Tracker — 2026},
year = {2026},
month = {May},
publisher = {EFROS},
url = {https://efros.com/research/state-ai-law-tracker/new-york/},
note = {Accessed: May 2026}
}https://efros.com/research/state-ai-law-tracker/new-york/
Site-wide citation metadata is also published as a CITATION.cff file at /CITATION.cff for citation-management tools and academic indexers.
All tracked US state AI laws in a single citation-ready dataset.
Open20 AI vendors scored on 12 US AI governance axes — including state-law overlays.
OpenFederal framework that anchors most state AI law deployer obligations.
OpenOperating program that implements multi-state AI law compliance.
Open5-minute classification across Colorado AI Act, NYC LL144, CA AB 2013, and NIST AI RMF.
Open