AI Laws in Wyoming (WY)

What companies in Wyoming need to know about AI compliance

Wyoming's regulatory posture on AI is silence rather than permission: wyoming legislature has considered blockchain and data studies but no ai-specific bill has advanced. No comprehensive state privacy statute; UDAP coverage via Wyoming Consumer Protection Act (Wyo. Stat. sec. 40-12-101) provides the residual framework. Operators across sectors in Wyoming watch federal signals first.

Three neighboring regimes create compounding exposure: Colorado (SB 205 — AI Consumer Protection, penalty Per-violation fines under CCPA framework), Utah (SB 149 — AI Policy Act, penalty Up to $2,500 per violation), and Montana (Consumer Data Privacy Act (AI provisions), penalty Up to $7,500 per violation). Multi-state Cross-Sector operators headquartered in Wyoming default to the strictest stack.

Wyoming's non-legislation on AI means the Wyoming Attorney General office has discretion to apply no comprehensive state privacy statute to AI-driven consumer harms as they arise.

Federal law still governs Cross-Sector AI in Wyoming primarily through FTC Section 5 (15 USC 45) and NIST AI RMF 1.0. Adjacent federal authorities include Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679). Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (enforced by Federal Trade Commission; NIST) applies to saas platforms handling personal/financial data via ai must implement nist csf security standards: identify, protect, detect, respond, recover. Penalty exposure: ftc civil penalties up to $100,000/violation; private litigation for data breaches. FTC Operation AI Comply (Sep 2024) targeted five companies across sectors.

The federal and neighboring-state framework that governs your AI operations. Cross-Sector operators in Wyoming operate under a federal-dominant framework anchored by FTC Section 5 (15 USC 45) and NIST AI RMF 1.0, with adjacent authorities Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679). FTC Operation AI Comply (Sep 2024) targeted five companies across sectors. The practical risk they have to price in is cross-sector FTC Section 5 exposure and state UDAP liability, and the bellwether signal to monitor is NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents. Colorado -- SB 205 — AI Consumer Protection sets the de-facto regional floor. Wyoming legislature has considered blockchain and data studies but no AI-specific bill has advanced. Use this as a starting point; sector pages on this site go deeper into industry-specific obligations.

With 11-50 employees you can justify a half-time compliance lead and part-time external counsel on retainer. Small-stage Cross-Sector operators should deploy a named compliance lead, formal AI inventory, quarterly bias spot-checks, and a documented escalation path, with semi-annual internal audit with annual external review and ownership resting with a designated AI compliance lead reporting to the CEO. small-business budgets ($50K-$250K) justify a compliance lead plus a GRC tool such as Credo AI, Fairly, or Holistic AI. For Cross-Sector specifically, the sharpest exposure to manage is cross-sector FTC Section 5 exposure and state UDAP liability. Given Wyoming's concentration in energy, mineral extraction, and agricultural operations, oil/gas monitoring algorithms and ranching decision-support systems deserve priority in your AI inventory.

The enforcement surface for Cross-Sector centres on FTC, CFPB, State Attorneys General, and the statute operators most often under-document is California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (CA Civil Code §§ 1798.100-1798.199) — a gap that surfaces in cross-sector FTC Section 5 exposure disputes. Build an evidence binder covering AI inventory, risk-tier register, incident-response runbook, and board-level AI risk report. Treat NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents as your leading indicator and escalate when the signal shifts.

Verified 2026-04-22. See https://www.wyoleg.gov/ for the Wyoming Attorney General public record on Wyoming AI policy.

The EU AI Act applies to any company serving EU customers, even if you're based in Wyoming. Penalties reach €35M or 7% of global revenue. Deadline: August 2, 2026.