AI Laws in Mississippi (MS)

What companies in Mississippi need to know about AI compliance

Mississippi's regulatory posture on AI is silence rather than permission: mississippi insurance department has circulated draft guidance on ai in underwriting; no statute yet. No comprehensive privacy statute; UDAP coverage via Miss. Code sec. 75-24-5 provides the residual framework. Operators across sectors in Mississippi watch federal signals first.

The federal and neighboring-state framework that governs your AI operations. Cross-Sector operators in Mississippi operate under a federal-dominant framework anchored by FTC Section 5 (15 USC 45) and NIST AI RMF 1.0, with adjacent authorities Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679). FTC Operation AI Comply (Sep 2024) targeted five companies across sectors. The practical risk they have to price in is cross-sector FTC Section 5 exposure and state UDAP liability, and the bellwether signal to monitor is NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents. Alabama -- Executive Order on AI sets the de-facto regional floor. Mississippi Insurance Department has circulated draft guidance on AI in underwriting; no statute yet. Use this as a starting point; sector pages on this site go deeper into industry-specific obligations.

Mississippi's non-legislation on AI means the Mississippi Attorney General office has discretion to apply no comprehensive privacy statute to AI-driven consumer harms as they arise.

Federal law still governs Cross-Sector AI in Mississippi primarily through FTC Section 5 (15 USC 45) and NIST AI RMF 1.0. Adjacent federal authorities include Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679). Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (enforced by Federal Trade Commission; NIST) applies to saas platforms handling personal/financial data via ai must implement nist csf security standards: identify, protect, detect, respond, recover. Penalty exposure: ftc civil penalties up to $100,000/violation; private litigation for data breaches. FTC Operation AI Comply (Sep 2024) targeted five companies across sectors.

The enforcement surface for Cross-Sector centres on FTC, CFPB, State Attorneys General, and the statute operators most often under-document is California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199) — a gap that surfaces in cross-sector FTC Section 5 exposure disputes. Build an evidence binder covering AI inventory, risk-tier register, incident-response runbook, and board-level AI risk report. Treat NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents as your leading indicator and escalate when the signal shifts.

Three neighboring regimes create compounding exposure: Alabama (Executive Order on AI, penalty N/A (Executive)), Tennessee (ELVIS Act — AI Voice/Likeness, penalty Civil damages), and Louisiana (HB 312 — AI Transparency, penalty TBD). Multi-state Cross-Sector operators headquartered in Mississippi default to the strictest stack.

With 11-50 employees you can justify a half-time compliance lead and part-time external counsel on retainer. Small-stage Cross-Sector operators should deploy a named compliance lead, formal AI inventory, quarterly bias spot-checks, and a documented escalation path, with semi-annual internal audit with annual external review and ownership resting with a designated AI compliance lead reporting to the CEO. small-business budgets ($50K-$250K) justify a compliance lead plus a GRC tool such as Credo AI, Fairly, or Holistic AI. For Cross-Sector specifically, the sharpest exposure to manage is cross-sector FTC Section 5 exposure and state UDAP liability. Given Mississippi's concentration in healthcare delivery, financial services, and hospitality, rural telehealth platforms and credit decision systems serving underbanked populations deserve priority in your AI inventory.

Verified 2026-04-22. See https://www.ncsl.org/research/telecommunications-and-information-technology/state-artificial-intelligence-legislation-tracker.aspx for the Mississippi Attorney General public record on Mississippi AI policy.

The EU AI Act applies to any company serving EU customers, even if you're based in Mississippi. Penalties reach €35M or 7% of global revenue. Deadline: August 2, 2026.