Skip to content

Congress’ tech plate is full, with little time at the table

States are engaged in their own efforts on AI, data privacy and kids’ online safety

Some states are looking to pass age-appropriate design laws, advocated by groups such as the youth-led coalition Design It For Us.
Some states are looking to pass age-appropriate design laws, advocated by groups such as the youth-led coalition Design It For Us. (Leigh Vogel/Getty Images)

Congress has a full slate of technology policy challenges to resolve, ranging from artificial intelligence systems to data privacy and children’s online safety — with not much time on the congressional calendar before the November election intrudes. 

In the absence of federal legislation, more than a dozen states have enacted data privacy laws, and more are in the pipeline. Likewise, several states also have established, or are mulling, laws relating to artificial intelligence systems, all of which increases the pressure to create national policies.

Starting Wednesday, there will be fewer than 50 days left in which both chambers of Congress are scheduled to be in session before the election on Nov. 5.

Congress may end up enacting narrower bills on AI before November but is unlikely to pass a comprehensive measure before then, said Linda Moore, CEO of TechNet, a group whose members include top executives of Amazon.com Inc., Apple Inc., Google LLC, Meta Platforms Inc., OpenAI and others. 

“Congress has had a hard time coming together around issues that are really necessary to make sure that we have good, solid, foundational AI policy,” as well as a national privacy law and immigration changes necessary for the tech industry to thrive, Moore said in an interview. 

“In terms of a comprehensive AI policy package, I don’t expect that to come together for passage this year for a lot of different reasons,” Moore said. “We know that they have a very full plate, and they have a lot of things that they need to get done before the end of the year but they haven’t yet.”

Congress may enact legislation restricting the use of AI deepfakes in elections or fully fund the National AI Research Resource — a collaborative venture between the National Science Foundation, 10 federal agencies and about 25 nongovernmental agencies — Moore said. The goal of the effort is to expand access to resources throughout the country to advance development of AI systems. 

Senate Majority Leader Charles E. Schumer, D-N.Y., held a series of closed-door briefings in 2023 for lawmakers on AI systems with the goal of building a consensus on broad AI legislation, but he hasn’t yet indicated when he might propose such a measure. 

In February the House created an AI task force led by Reps. Jay Obernolte, R-Calif., and Ted Lieu, D-Calif., who have said they don’t envision putting out catchall legislation that would cover the technology broadly. The task force is expected to release its report by the end of this year. 

The expectation that Congress will pass a federal data privacy law rose this month after Sen. Maria Cantwell, D-Wash., chair of the Senate Commerce Committee, and Rep. Cathy McMorris Rodgers, R-Wash., chair of the House Energy and Commerce Committee, said they had reached agreement on draft legislation. But the proposal has yet to garner widespread support in both chambers. 

The legislation would give consumers rights over their data and also give them the right to sue companies for violations of privacy. Small businesses, not yet defined in the proposal, would be exempt from the bill’s provisions.

The legislation would preempt a patchwork of state laws and create a national standard, but state attorneys general would have the authority to enforce the law, as would the Federal Trade Commission. The House Energy and Commerce Committee plans to hold a subcommittee hearing this week on the proposal, but the Senate Commerce Committee has yet to schedule one.

A congressional aide said the Senate committee’s staff was working to drum up support. 

Maryland measures

While Congress debates how to proceed on a federal privacy measure, one state passed legislation with tougher provisions than most others that have enacted laws of their own. 

Maryland’s legislature earlier this month passed a measure that would limit companies to collecting only the data that is necessary for a transaction and would restrict the collection of sensitive data such as location details. If signed by Gov. Wes Moore, the law would go into effect in October 2025. 

The data minimization requirements in Maryland’s law go further than legislation enacted in 14 other states and are similar to what Congress is considering in the Cantwell-Rodgers proposal. 

Other states have required companies to get users’ consent to collect the data that a business entity deems necessary. But Maryland has avoided the consent approach, said Keir Lamont, director of U.S. legislation at the Future of Privacy Forum, an advocacy group focused on data privacy. 

The legislation’s effect is to “deemphasize consent, generally, and instead put default limits on what data can be collected,” Lamont said in an interview. “This is a new approach to protecting privacy at the state level. If we continue to see other states adopt similar language, that may impact the federal conversation about privacy legislation.” 

States’ efforts on artificial intelligence systems and kids’ online safety may impel federal legislation as well.

Four states — California, Connecticut, Louisiana and Vermont — have enacted laws to protect individuals from any unintended, yet foreseeable, impacts of unsafe or ineffective AI systems, according to the Council of State Governments, a nonpartisan group that promotes states’ efforts. Other states are requiring companies to disclose to users when they use AI systems in hiring or in other decision-making roles, according to the council. 

Congress also has been debating tightening rules to ensure the safety and privacy of kids using online platforms, but those efforts have yet to yield enacted legislation. Two bipartisan bills addressing kids’ online safety were approved by the Senate Commerce Committee last year, but they have yet to get a floor vote.

States yet again are stepping into the breach, Lamont said.  

Maryland’s legislature passed a separate measure earlier this month on what’s known as age-appropriate design that would require tech companies to craft their platforms with privacy as a default option and ensure that services are fit for the age of the users. 

The measure is similar to a 2021 law enacted by California that has been challenged in courts by NetChoice, a tech industry trade group. Although a U.S. District Court halted parts of the law, California has appealed the ruling. 

Vermont also is considering an age-appropriate design law.

“States are increasingly stepping up and legislating on topics that might otherwise be left to the federal government,” Lamont said.

This report has been corrected to reflect the accurate membership of TechNet

Recent Stories

Seniority shakeup? House Democrats test committee norms

Republicans sink attempts to force release of Gaetz report

DOGE day afternoon on Capitol Hill

House task force finishes work on Trump assassination attempt

Hegseth soldiers on with meeting GOP senators

Protesters urging Congress to ‘flush bathroom bigotry’ arrested after sit-in