Blog & Insights

Home > Blog & Insights > New AI Rules for Collectors: What You Can (and Can’t) Do, and How to Prove It

New AI Rules for Collectors: What You Can (and Can’t) Do, and How to Prove It

Angela Erwin
June 2, 2026
ai

Share This Article

ARM ARM 3rd Party Embedded AI

This is the second post in our three-part blog series, Responsible AI in Collections: Privacy, Proof, and Practical Guardrails.

Regulators are no longer relying solely on general data privacy laws to govern artificial intelligence (AI). They are now naming AI, distinguishing between its subtypes and telling us how we can use them.

All 50 states have introduced AI-related legislation, and adopted an active stance in response to concerns around the many types of AI systems and the context in which they may be used. To date, five states have signed legislation to regulate the use of AI within and outside of their borders. Below are some highlights from each of these laws.

 

Responsible AI in Collections, as Defined by Legislators in Five States

 

Colorado

Colorado was the first state to enact a comprehensive AI law, SB 24-205, governing “high-risk AI systems.” This law, which closely mirrors the EU AI Act and focuses on developers and deployers, became effective on February 1, 2026. Covered entities must use reasonable care, run risk management programs, conduct impact assessments, perform annual reviews, and provide consumer notice, correction, and appeal, with human review when feasible. In practice, this means documenting how decisioning tools avoid algorithmic discrimination and how consumers can appeal those decisions.

 

Utah

Effective May 1, 2024, the Utah Artificial Intelligence Policy Act requires disclosure when consumers interact with generative AI. For regulated professions, disclosure is mandatory at the start of AI interactions; for others, it must be provided on request. This law forces AI transparency out of policy documents and into everyday operations.

 

California

California has enacted multiple AI governance laws, each taking effect on January 1, 2026.

  • Bot disclosure: Online bots must clearly and conspicuously disclose that they are not human when communicating with California consumers.
  • AI Training Data Transparency: Developers must post documentation on their website any time a new version, release or update to their gen AI system or service that materially changes its functionality or performance.
  • AI Transparency Act: Covered providers must offer AI detection tools at no cost to the user. Covered providers must also offer an AI disclosure in image, video, audio, or any combination thereof.
  • Transparency in Frontier AI: Large “frontier model” developers must publish safety frameworks, risk protocols, and incident reporting.

 

New York

New York’s Responsible AI Safety and Education Act requires developers of “frontier” AI models with training compute costs of over $100M to implement rigorous safety protocols, publish risk assessments, and report safety incidents within 72 hours. This law focuses on transparency, accountability, and preventing risks for massive AI systems.

 

Texas

The Texas Responsible Artificial Intelligence Governance Act requires clear and conspicuous disclosure that a consumer is interacting with an AI system either before or at the time of interaction with the system. The law reinforces explainability, auditability, and consumer rights.

Regulatory Guardrails for AI Use

Disclose when AI is in use and allow a human opt out route where required or it makes sense.
Describe how AI is used (purpose, boundaries) and how privacy is handled in privacy policies.
Adhere to data minimization and deletion rights where applicable.
Capture consent for AI interactions where law or policy requires; align with TCPA principles when using AI channels to communicate (e.g., prior express consent for autodialed/prerecorded outreach).
Prohibit training on unlicensed copyrighted material; require vendor attestations and/or indemnities.
Perform look-back bias testing and adjust models if disparate impacts emerge; keep records of tests, fixes, and outcomes.

As we explored in our earlier post, AI in Collections: If You Can’t Explain It, Don’t Ship It, states are calling for deployers of AI systems to use AI responsibly, effectively, and transparently or suffer hefty fines. At the federal level, the CFPB has reinforced the states’ position on responsible AI use, with a no-excuses approach to the use of AI under existing consumer protection laws.

 

How to Use AI to Your Advantage While Ensuring Compliance

So, what can you do to keep in line with regulatory guidance, operationalize this patchwork of AI requirements, and continue to innovate?

Governance must be built into the system itself. This means AI that is explainable, auditable, configurable, and always operating inside the compliance rules, disclosures, and human oversight your business requires.

At Finvi, our Velosidy platform enables you to:

  • Disclose clearly and conspicuously the use of AI to consumers, while providing the ability to opt out and interact with a human
  • Audit repayment and contact-prioritization models for disparate outcomes, validate decision rules against compliance logic, and document adjustments
  • Adapt regulatory compliance with composable rule modules, version controlled audit trails, and no code enforcement logic you can update fast as regs evolve

The regulatory message is clear. It is no longer enough to say your AI is compliant. You must be able to demonstrate what the AI does, why it made a decision, and how you can control the risk in each jurisdiction where you operate.

AI in Collections: Related Posts for Further Reading

AI in Collections: Why Unstructured Data Is the Real Breakthrough
What’s New and Next in Collections: Using AI, Automation, and Compliance to Compete

Putting Compliant AI into Practice Doesn’t Have to Mean Slowing Down

In our recent Finvi Horizon webinar, we showed how agencies are using embedded guardrails, automated compliance workflows, and AI-driven prioritization to improve recovery while reducing exposure.

Explore the full webinar replay for a closer look at what’s working and what’s coming next.

SEE COMPLIANT AI IN ACTION
Angela Erwin

Angela Erwin

As the Vice President Risk and Compliance and a Certified Compliance Receivables Professional (CRCP), Angela plays a pivotal role in navigating the complexities of the risk and compliance landscape. Her expertise enables Finvi’s products and services to be at the forefront of compliance, meeting applicable regulatory, security, and privacy standards. Angela is an internationally recognized compliance innovator and has garnered many professional awards for her achievements within her field. As a recognized national speaker, she shares her insights on critical legislation such as the Fair Debt Collection Practices Act, the Fair Credit Reporting Act, federal and state consumer protection regulations, the Telephone Consumer Protection Act, Americans with Disabilities Act, and the Health Insurance Portability and Accountability Act. Angela’s dedication to excellence, coupled with her commitment to advancing industry standards, cements her reputation as a trusted advisor and thought leader in the risk and compliance arenas.

Categories

Suggested Articles

Get to know the power of the Finvi platform

SCHEDULE A DEMO