Legal Resource Library

Technology-relevant laws across US federal, state, and international jurisdictions. Browse by map, jurisdiction, or topic.

Choose Your Approach

Explore the Globe

Click any country to see its laws. Click the US to zoom into states.

→

Browse by Jurisdiction

US Federal, state-by-state, and international — organized alphabetically.

→

Browse by Topic

Find laws by what you're trying to do — data privacy, AI, payments, and more.

→

Explore the Globe

Click a country to view its laws · Click USA to zoom into states

Browse by Jurisdiction

US Federal

1 ▼

Browse by Topic

Cybersecurity17 Government contracting112 Privacy & data protection66 Procurement & government contracting57 Using or building AI11 Collecting & handling user data64 Data security & breach response17 Open meetings & sunshine laws107 Open records & FOIA53 Selling or operating internationally35 Website & platform compliance40 Accepting payments / fintech5 Hiring & employment tech7 Marketing & communications8 Protecting intellectual property5 Antitrust & competition3

Press Enter to go · ESC to close · Press / to open

All 271 Laws

United States

ADA Title II Web Accessibility Rule (ADA Title II — 42 U.S.C. §§ 12131–12165)
The U.S. Department of Justice's 2024 rule under Title II of the Americans with Disabilities Act requiring state and local governments to make their websites and mobile apps accessible to people with disabilities. It adopts WCAG 2.1 Level AA as the technical standard and sets phased compliance deadlines based on population size. It applies to public entities including state agencies, cities, counties, public colleges, and K–12 school districts — as well as to third-party EdTech and software vendors whose content or services are offered through those entities.

Website & platform compliance
Americans with Disabilities Act Title III (ADA Title III — 42 U.S.C. §§ 12181–12189)
Prohibits discrimination on the basis of disability by places of public accommodation. Courts are split on whether websites qualify, but plaintiffs continue to pursue website accessibility claims — the practical standard is WCAG 2.1 AA.

Website & platform compliance
Bank Secrecy Act (BSA — 31 U.S.C. §§ 5311–5332)
Requires financial institutions (broadly defined to include many fintechs and money services businesses) to keep records, file reports, and maintain customer identification programs to assist in detecting money laundering and financial crime.

Accepting payments / fintech
CAN-SPAM Act (CAN-SPAM — 15 U.S.C. §§ 7701–7713)
Sets rules for commercial email and gives recipients the right to opt out. Requires honest subject lines, clear sender identification, a functional unsubscribe mechanism, and a valid physical postal address in every commercial message.

Marketing & communications, Website & platform compliance
Children's Online Privacy Protection Act (COPPA — 15 U.S.C. §§ 6501–6506)
Prohibits unfair or deceptive practices in the online collection of personal information from children under 13. Requires parental consent before collecting, using, or disclosing a child's data. Enforced by the FTC through the COPPA Rule (16 CFR Part 312), which specifies notice, consent, security, and data retention obligations for operators of child-directed websites and services.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Clayton Antitrust Act (Clayton Act — 15 U.S.C. §§ 12–27)
Prohibits specific anticompetitive practices including price discrimination, tying arrangements, and mergers that substantially lessen competition. It supplements the Sherman Act by giving regulators and private plaintiffs more targeted tools to challenge anti-competitive conduct. Applies to all businesses engaged in interstate commerce.

Antitrust & competition
Communications Decency Act Section 230 (Section 230 — 47 U.S.C. § 230)
Section 230 provides significant immunity to online platforms for third-party content posted by users. It is particularly relevant to AI chat systems, social platforms, marketplaces, moderation systems, and products involving user-generated or AI-assisted content, although important limitations and ongoing legal challenges exist.

Using or building AI, Website & platform compliance
Computer Fraud and Abuse Act (CFAA — 18 U.S.C. § 1030)
The federal anti-hacking statute. Criminalizes unauthorized access to computer systems and creates a civil cause of action companies use against former employees and competitors who misuse credentials or exceed authorized access.

Website & platform compliance, Data security & breach response, Cybersecurity
Copyright Act (17 U.S.C. §§ 101–1205)
The foundational federal law protecting original works of authorship. Copyright attaches automatically upon fixation; registration is not required for protection but is required before suing for infringement and to recover statutory damages.

Protecting intellectual property
Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA — 6 U.S.C. §§ 681–681g)
Requires critical infrastructure entities to report substantial cyber incidents to CISA within 72 hours and ransomware payments within 24 hours. CISA is developing final implementing rules. Applies to entities in the 16 critical infrastructure sectors — including IT, communications, financial services, and energy. Tech companies operating critical infrastructure or providing services to those that do should monitor CISA's rulemaking.

Data security & breach response, Cybersecurity
DOJ Bulk Sensitive Data Rule
Implements Executive Order 14117 restricting the bulk transfer of Americans' sensitive personal data to countries of concern (China, Russia, Iran, North Korea, Cuba, Venezuela). Effective April 2025. Covers genomic data, biometric data, precise geolocation, health data, financial data, and certain government-related data. Tech companies handling large-scale personal data should evaluate whether their data flows implicate these restrictions.

Collecting & handling user data, Privacy & data protection
Defend Trade Secrets Act (DTSA — 18 U.S.C. §§ 1836–1839)
Created a federal civil cause of action for trade secret misappropriation. Lets companies sue in federal court and seek injunctions, damages, and — in egregious cases — seizure of misappropriated materials.

Protecting intellectual property
Digital Millennium Copyright Act (DMCA — 17 U.S.C. § 512)
Establishes safe harbors for online service providers against liability for user-uploaded infringing content, provided they implement notice-and-takedown procedures. Critical for any platform hosting user-generated content.

Protecting intellectual property, Website & platform compliance
Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank — 12 U.S.C. § 5301 et seq.)
Sweeping financial reform law that created the Consumer Financial Protection Bureau and imposed new obligations on fintech companies, payment processors, and any business offering consumer financial products.

Accepting payments / fintech
EEOC Guidance on AI and Employment Decisions (EEOC AI Guidance)
The EEOC has issued guidance explaining how employers may violate anti-discrimination laws when using AI hiring or workforce management tools. If your company uses or builds resume screening systems, automated interview tools, employee scoring systems, or workforce analytics platforms, this guidance outlines how existing civil rights laws apply to those tools.

Using or building AI
Electronic Communications Privacy Act (ECPA — 18 U.S.C. §§ 2510–2522)
Governs how the government and private parties can access electronic communications and stored data, covering real-time interception, stored records, and metadata collection. It is the primary federal statute protecting the privacy of digital communications. Applies to any entity that intercepts, accesses, or stores electronic communications.

Collecting & handling user data, Data security & breach response, Privacy & data protection, Cybersecurity
Electronic Fund Transfer Act (EFTA — 15 U.S.C. §§ 1693–1693r)
Governs electronic fund transfers involving consumer accounts — ACH, debit cards, and digital wallets. Sets disclosure requirements, error resolution procedures, and liability limits for unauthorized transactions.

Accepting payments / fintech
Electronic and Information Technology Accessibility (Section 508) (Section 508 — 29 U.S.C. § 794d)
Requires federal agencies to make their electronic and information technology accessible to people with disabilities. Directly applicable to any tech company selling to the federal government — your product must meet Section 508 standards or you cannot win federal contracts. Standards align with WCAG 2.1 AA for web content. Enforced through the Access Board and federal procurement requirements.

Website & platform compliance, Government contracting
Export Administration Regulations (EAR — 15 CFR §§ 730–774)
Controls the export and re-export of dual-use items -- commercial goods with potential military applications -- including encryption technology and certain software. Administered by the Bureau of Industry and Security, it requires export licenses for controlled items. Applies to any company exporting technology, software, or technical data outside the United States.

Selling or operating internationally
FTC Act Section 5 (FTC Act — 15 U.S.C. § 45)
Section 5 prohibits unfair or deceptive acts or practices in commerce and serves as the FTC's primary authority for regulating deceptive AI claims, unfair automated systems, and problematic data practices. It applies broadly to technology companies making representations about AI capabilities, automation, security, personalization, or algorithmic decision-making.

Collecting & handling user data, Using or building AI, Marketing & communications, Website & platform compliance, Privacy & data protection
Fair Credit Reporting Act (FCRA — 15 U.S.C. §§ 1681–1681x)
Regulates the collection, use, and sharing of consumer credit and background information. Applies to any company using background checks, credit reports, or algorithmic consumer evaluations for employment, housing, or credit decisions.

Collecting & handling user data, Accepting payments / fintech, Privacy & data protection
Federal Acquisition Regulation (FAR — 48 CFR Ch. 1)
The primary body of rules governing all federal government procurement. Applies to all executive branch agencies. Micro-purchase threshold: $15,000. Simplified acquisition threshold: $350,000. Formal competition required above $350,000.

Government contracting, Procurement & government contracting
Federal Advisory Committee Act (FACA — 5 U.S.C. §§ 1001–1014)
Governs advisory committees that advise federal agencies — including many AI and technology advisory panels. Requires public notice and open meetings for most advisory committee sessions.

Government contracting, Open meetings & sunshine laws
Federal Risk and Authorization Management Program (FedRAMP — 44 U.S.C. §§ 3607–3616)
A government-wide program establishing security assessment standards for cloud services used by federal agencies. Not a law but effectively mandatory if you want to sell cloud services to the federal government. Authorization is expensive and time-consuming but creates a significant competitive moat — relatively few cloud providers have full authorization. Managed by GSA. Authorization levels: Low, Moderate, High corresponding to sensitivity of data processed.

Website & platform compliance, Data security & breach response, Government contracting, Cybersecurity
Freedom of Information Act (FOIA — 5 U.S.C. § 552)
Gives any person the right to request access to federal agency records. Heavily used by businesses, law firms, and lawyers to obtain government data about competitors, regulatory proceedings, enforcement actions, and agency decision-making. Official portal: foia.gov.

Website & platform compliance, Government contracting, Open records & FOIA
Government in the Sunshine Act (Sunshine Act — 5 U.S.C. § 552b)
Requires multi-member federal agencies to conduct meetings open to the public. Applies to agencies like the FTC, FCC, SEC, and similar collegial bodies. Relevant for monitoring regulatory rulemaking and enforcement policy decisions.

Government contracting, Open meetings & sunshine laws
Gramm-Leach-Bliley Act (GLBA — 15 U.S.C. §§ 6801–6809)
Requires financial institutions to explain their information-sharing practices and protect sensitive customer data. The Safeguards Rule mandates specific administrative, technical, and physical data security measures.

Collecting & handling user data, Accepting payments / fintech, Data security & breach response, Privacy & data protection, Cybersecurity
Health Information Technology for Economic and Clinical Health Act (HITECH — 42 U.S.C. §§ 17931–17954)
Strengthened HIPAA enforcement and extended HIPAA obligations directly to business associates. Introduced tiered civil penalties and required HHS to conduct periodic audits of covered entities and business associates. Relevant to any tech company that is or may become a HIPAA business associate.

Collecting & handling user data, Data security & breach response, Privacy & data protection, Cybersecurity
Health Insurance Portability and Accountability Act (HIPAA — 42 U.S.C. §§ 1320d–1320d-9)
Any tech company building health apps, handling patient records, operating as a business associate of a covered entity, or processing protected health information must understand HIPAA. The Privacy Rule, Security Rule, and Breach Notification Rule each impose distinct obligations. HIPAA's definition of "covered entity" and "business associate" is broader than most tech founders assume — a SaaS platform that processes health data on behalf of a hospital is a business associate and must have a signed BAA. HHS Office for Civil Rights actively enforces, particularly against tech companies following data breaches.

Collecting & handling user data, Website & platform compliance, Data security & breach response, Privacy & data protection, Cybersecurity
NIST AI Risk Management Framework (NIST AI RMF)
The NIST AI Risk Management Framework provides a widely used structure for identifying and managing AI-related risks, including bias, reliability, explainability, and governance concerns. Although voluntary, it is increasingly referenced in enterprise contracts, cybersecurity reviews, and government procurement — making it practically important for any company selling AI-powered products to larger organizations or government agencies.

Using or building AI
NIST Cybersecurity Framework 2.0 (NIST CSF)
A voluntary framework — not a law — but practically functions as a de facto compliance standard. Referenced in state breach notification laws (Tennessee), required or strongly encouraged for federal contractors, and used by courts and regulators to assess reasonableness of cybersecurity programs. CSF 2.0 released February 2024 adds a new "Govern" function to the original five (Identify, Protect, Detect, Respond, Recover). Any tech company should understand this framework before claiming to have "reasonable" security.

Website & platform compliance, Data security & breach response, Cybersecurity
Open Source Licensing Frameworks (OSS Licenses)
Not a single law but a critical compliance area. Open source licenses create legally binding obligations when you use, modify, or distribute open source software. Key license families: Permissive (MIT, Apache 2.0, BSD — few obligations, allow proprietary use); Weak Copyleft (LGPL, MPL — share-alike requirements apply only to the licensed component); Strong Copyleft (GPL, AGPL — require distributing source code of the entire combined work). AGPL is particularly significant for SaaS companies — network use may trigger copyleft obligations even without distributing software. Every tech company needs an open source policy.

Protecting intellectual property, Website & platform compliance
Patent Act (35 U.S.C. §§ 1–390)
The federal law governing patents for inventions and designs. Establishes the USPTO, defines patentable subject matter, and creates enforcement rights. Patent eligibility for software remains a contested area post-Alice.

Protecting intellectual property
Privacy Act of 1974 (Privacy Act — 5 U.S.C. § 552a)
Governs federal agency collection, maintenance, use, and dissemination of personal information. Applies to information the government holds about individuals — relevant to tech companies whose products interact with federal agencies or whose data may be in government systems.

Government contracting, Open records & FOIA, Privacy & data protection
SBIR/STTR Programs (SBIR/STTR — 15 U.S.C. § 638)
Small Business Innovation Research and Small Business Technology Transfer programs provide federal R&D funding to small businesses across 11 agencies. Awardees generally retain IP rights under Bayh-Dole principles. A major entry point for tech companies seeking federal contracts.

Government contracting, Procurement & government contracting
Sherman Antitrust Act (Sherman Act — 15 U.S.C. §§ 1–7)
The foundational federal antitrust statute, prohibiting agreements in restraint of trade and monopolization or attempted monopolization of any market. Violations can carry criminal penalties including imprisonment. Applies to all businesses in interstate commerce and is increasingly used to challenge the market power of major technology platforms.

Antitrust & competition
Telephone Consumer Protection Act (TCPA — 47 U.S.C. § 227)
Restricts telemarketing calls, auto-dialed calls, prerecorded voice messages, and unsolicited text messages. It requires prior express consent for most automated contacts and maintains the National Do Not Call Registry. Applies to any business that contacts consumers by phone or text, making it one of the most heavily litigated consumer protection statutes in the country.

Marketing & communications
Video Privacy Protection Act (VPPA — 18 U.S.C. § 2710)
The VPPA restricts the disclosure of personally identifiable information relating to a consumer's video viewing history without consent. Although originally enacted for video rental records, it is increasingly invoked in litigation involving online video platforms, embedded video content, tracking pixels, analytics tools, and advertising technologies that share user viewing activity with third parties.

Collecting & handling user data, Privacy & data protection

Australia

Privacy Act 1988 (Privacy Act 1988 — No. 119, 1988)
Australia's federal privacy law establishing the Australian Privacy Principles, which govern the collection, use, disclosure, storage, and cross-border transfer of personal information. It was significantly reformed in 2022 with increased penalties. Applies to Australian government agencies and private organizations with annual turnover over A$3 million.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Security of Critical Infrastructure Act 2018 (SOCI Act — No. 29, 2018)
Governs cybersecurity obligations for critical infrastructure sectors in Australia, including communications, data storage, financial services, and technology. It requires risk management programs, incident reporting, and allows government intervention during cyber emergencies. Applies to owners and operators of critical infrastructure assets in Australia.

Data security & breach response, Cybersecurity
Spam Act 2003 (Spam Act 2003 — No. 129, 2003)
Prohibits sending unsolicited commercial electronic messages -- email, SMS, and MMS -- without consent in Australia. Messages must include sender identification and a functional unsubscribe mechanism. Applies to any organization sending commercial messages with an Australian link, whether through the sender, recipient, or infrastructure.

Marketing & communications

Brazil

Lei Geral de Proteção de Dados Pessoais (LGPD — Lei nº 13.709/2018)
Brazil's comprehensive data protection law, heavily influenced by the GDPR. It establishes ten legal bases for processing, data subject rights, and a national data protection authority (ANPD) with enforcement powers. Applies to any organization processing personal data of individuals in Brazil, regardless of where the organization is based.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Marco Civil da Internet (Marco Civil — Lei nº 12.965/2014)
Brazil's "Internet Bill of Rights" establishing principles of net neutrality, privacy, and freedom of expression online. Imposes data retention, user notification, and due process requirements on internet service providers.

Selling or operating internationally, Website & platform compliance

Canada

Cross-Border

APEC Cross-Border Privacy Rules Framework (APEC CBPR — APEC Framework)
A voluntary, accountability-based framework enabling cross-border data transfers among APEC member economies. Companies certify compliance through a government-approved accountability agent rather than through regulation. Relevant for businesses transferring personal data across the Asia-Pacific region.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
EU Standard Contractual Clauses (EU SCCs — Commission Decision 2021/914)
Pre-approved contractual terms adopted by the European Commission for transferring personal data from the EU to countries without an adequacy decision. They are the most widely used mechanism for lawful cross-border data transfers from the EU. Any company receiving personal data from the EU without an adequacy finding must implement the appropriate SCC module.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
EU-US Data Privacy Framework (EU-US DPF — Adequacy Decision (EU) 2023/1795)
The current mechanism allowing certified US companies to receive personal data from the EU without additional safeguards like Standard Contractual Clauses. US companies self-certify through the Department of Commerce. It replaces the invalidated Privacy Shield, and its long-term durability remains uncertain.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
UK International Data Transfer Agreements (UK IDTAs — ICO Standard)
The UK's mechanism for lawful personal data transfers to countries without a UK adequacy decision, replacing the EU SCCs for UK data flows after Brexit. They are required whenever UK personal data is transferred to a non-adequate country. Any company receiving UK personal data must implement the appropriate transfer agreement.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

European Union

Digital Markets Act (DMA — Regulation (EU) 2022/1925)
Targets large online platforms designated as "gatekeepers" -- such as Apple, Google, Amazon, Meta, and Microsoft -- imposing obligations around interoperability, data portability, fair ranking, and prohibitions on self-preferencing. It aims to ensure contestable and fair digital markets. Applies to platforms meeting specific user and revenue thresholds in the EU.

Selling or operating internationally, Antitrust & competition
Digital Services Act (DSA — Regulation (EU) 2022/2065)
Comprehensive EU regulation governing online intermediaries and platforms. Imposes content moderation, transparency, and risk-mitigation obligations — with tiered requirements based on platform size. Very Large Online Platforms face the strictest rules.

Selling or operating internationally, Website & platform compliance
European Union AI Act (EU AI Act — Regulation (EU) 2024/1689)
The EU AI Act establishes a comprehensive risk-based regulatory framework for artificial intelligence systems, including obligations for high-risk systems, transparency requirements, and governance rules for general-purpose AI models. It applies extraterritorially to many companies offering AI systems or AI-generated outputs to users in the European Union, even if the company is based in the United States.

Using or building AI, Selling or operating internationally
General Data Protection Regulation (GDPR — Regulation (EU) 2016/679)
The EU's landmark data protection regulation and the global benchmark for privacy law. It establishes comprehensive rules for collecting, processing, and transferring personal data, with fines up to 4% of global annual revenue. Applies to any organization processing personal data of individuals in the EU, regardless of where the organization is located.

Collecting & handling user data, Selling or operating internationally, Data security & breach response, Privacy & data protection, Cybersecurity
ePrivacy Directive (ePrivacy Directive — Directive 2002/58/EC)
Governs electronic communications privacy across the EU, including the cookie consent rules that drive cookie banners, direct marketing restrictions, and confidentiality of communications. It complements the GDPR with sector-specific rules for electronic communications. Applies to providers of electronic communications services and any website or app using cookies or similar tracking technologies in the EU.

Collecting & handling user data, Marketing & communications, Privacy & data protection

France

Digital Republic Act (Loi République Numérique — Loi n° 2016-1321)
French law establishing principles of openness, fairness, and loyalty for digital platforms. Includes provisions on data portability, platform transparency, and algorithmic accountability.

Selling or operating internationally, Website & platform compliance
Loi Informatique et Libertés (LIL — Loi n° 78-17)
France's foundational data protection law, originally enacted in 1978 and updated to align with the GDPR. It is enforced by the CNIL, one of Europe's most active and influential data protection authorities. Applies to all organizations processing personal data of individuals in France.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Germany

Bundesdatenschutzgesetz (BDSG — BGBl. I 2017, S. 2097)
Germany's federal data protection law supplementing the GDPR with specific requirements for employment data processing, video surveillance, and the appointment of data protection officers. It is one of the strictest national implementations in the EU. Applies to all organizations processing personal data in Germany.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG — BGBl. I 2021, S. 1982)
Germany's telecommunications and telemedia data protection law, governing cookie consent, device access, and confidentiality of telecommunications. It is the national implementation of the EU ePrivacy Directive. Applies to providers of telecommunications and telemedia services in Germany.

Collecting & handling user data, Marketing & communications, Privacy & data protection

India

Digital Personal Data Protection Act 2023 (DPDP Act — Act No. 22 of 2023)
India's comprehensive data protection law, enacted in 2023 with implementing rules still being finalized. It establishes consent-based processing, data principal rights, and significant penalties up to 250 crore rupees. Applies to processing of digital personal data within India or of Indian residents' data abroad.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Ireland

Data Protection Act 2018 (IE DPA 2018 — No. 7 of 2018)
Ireland's national implementation of the GDPR, particularly significant because Ireland's Data Protection Commission supervises many major US tech companies -- including Apple, Google, Meta, and Microsoft -- whose European headquarters are based there. Applies to all organizations processing personal data of individuals in Ireland.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Israel

Privacy Protection Law 5741-1981 (Privacy Protection Law 5741-1981)
Israel's primary privacy legislation, regulating database registration, data collection and processing, and data security requirements. Israel holds an EU adequacy decision, making it a significant hub for cross-border data transfers. Applies to all entities managing databases containing personal data in Israel.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Privacy Protection Regulations (Data Security) 2017 (Privacy Protection Regulations 2017)
Detailed security regulations under Israel's Privacy Protection Law, specifying technical and organizational security measures required for databases at four classification levels. Requirements scale with the sensitivity of the data held. Applies to all database owners and managers in Israel.

Data security & breach response, Cybersecurity

Italy

Codice in materia di protezione dei dati personali (Codice Privacy — D.Lgs. 196/2003)
Italy's data protection code, amended to align with the GDPR, including Italian-specific provisions for processing related to archiving, scientific research, and statistical purposes. It works alongside the GDPR as the national implementing law. Applies to all organizations processing personal data of individuals in Italy.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Japan

Act on the Protection of Personal Information (APPI — Act No. 57 of 2003)
Japan's comprehensive data protection law, substantially amended in 2022 to strengthen cross-border transfer rules and expand data subject rights. It regulates the collection, use, and transfer of personal information with breach notification requirements. Applies to all businesses handling personal information of individuals in Japan.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Mexico

Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP — DOF 05-07-2010)
Mexico's federal data privacy law governing private-sector data processing. It requires privacy notices, consent, and provides data subjects with access, rectification, cancellation, and opposition (ARCO) rights. Applies to all private entities processing personal data in Mexico.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Netherlands

Uitvoeringswet AVG (UAVG — Stb. 2018, 144)
The Dutch implementation act supplementing the GDPR with specific provisions on processing national identification numbers, health and genetic data, criminal conviction data, and exemptions for journalistic and academic purposes. It tailors the GDPR to the Dutch legal system. Applies to all organizations processing personal data in the Netherlands.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

New Zealand

Harmful Digital Communications Act 2015 (HDCA 2015 — No. 63 of 2015)
New Zealand law creating civil and criminal remedies for online harassment and digital abuse. Imposes takedown and content-moderation obligations on digital communications providers.

Website & platform compliance
Privacy Act 2020 (NZ Privacy Act — No. 31 of 2020)
New Zealand's updated privacy law, replacing the 1993 Act. It introduces mandatory data breach notification, strengthens cross-border data transfer controls, and enhances the Privacy Commissioner's enforcement powers. Applies to any agency, public or private, collecting or holding personal information in New Zealand.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Poland

Act on Personal Data Protection 2018 (PL DPA 2018 — Dz.U. 2018 poz. 1000)
Poland's national implementation of the GDPR, supplementing EU requirements with Polish-specific provisions on penalties and the powers of the national data protection authority (UODO). It fills gaps left by the GDPR with local administrative and procedural rules. Applies to all organizations processing personal data of individuals in Poland.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Singapore

Computer Misuse Act (SG CMA)
Criminalizes unauthorized access to computer systems, hacking, and cyber attacks in Singapore. Updated in 2023 to cover denial-of-service attacks and dealing in stolen credentials. Applies to offenses committed within Singapore or targeting systems located there.

Data security & breach response, Cybersecurity
Cybersecurity Act (SG Cybersecurity Act)
Establishes a regulatory framework for the oversight and protection of critical information infrastructure in Singapore. CII owners must comply with codes of practice, report cybersecurity incidents, and undergo regular audits. Applies to owners and operators of designated critical information infrastructure.

Data security & breach response, Cybersecurity
Personal Data Protection Act (PDPA — No. 26 of 2012)
Singapore's comprehensive data protection law governing the collection, use, and disclosure of personal data by private organizations. It includes consent requirements, mandatory data breach notification, and maintains a national Do Not Call Registry. Applies to all private organizations processing personal data in Singapore.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

South Korea

Act on Promotion of Information and Communications Network Utilization and Information Protection (Network Act — Act No. 19310)
Imposes data protection, security, and user consent obligations on operators of information and communications networks in South Korea. One of Asia's earliest comprehensive internet regulatory frameworks.

Website & platform compliance, Data security & breach response, Cybersecurity
Personal Information Protection Act (PIPA — Act No. 16933)
South Korea's comprehensive data protection law, one of the strictest in Asia. It requires explicit consent for most data processing, mandates data breach notification, and imposes criminal penalties for violations. Applies to all public and private entities processing personal information in South Korea.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Spain

Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales (LOPDGDD — Ley Orgánica 3/2018)
Spain's national data protection law supplementing the GDPR with innovative digital rights provisions, including the right to digital disconnection in the workplace and rights related to digital wills. It extends data protection into broader digital rights territory. Applies to all organizations processing personal data in Spain.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

Sweden

Dataskyddslag (Dataskyddslag — SFS 2018:218)
Sweden's national data protection act supplementing the GDPR with provisions on processing personal identity numbers and the powers of the Swedish Data Protection Authority (IMY). It adapts the GDPR to the Swedish legal context. Applies to all organizations processing personal data in Sweden.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

United Arab Emirates

ADGM Data Protection Regulations (ADGM DPR — 2021)
Data protection rules for entities operating within the Abu Dhabi Global Market financial free zone, closely modeled on the GDPR. It establishes data subject rights, breach notification duties, and cross-border transfer controls for the ADGM jurisdiction. Applies to companies registered in or processing data through the ADGM.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
DIFC Data Protection Law (DIFC DPL — DIFC Law No. 5 of 2020)
Data protection law for the Dubai International Financial Centre free zone, closely modeled on the GDPR. It establishes data subject rights, breach notification obligations, and cross-border transfer controls specific to the DIFC jurisdiction. Applies to entities registered in or processing data through the DIFC.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL — Federal Decree-Law No. 45/2021)
The UAE's first comprehensive federal data protection law, establishing consent requirements, data subject rights, cross-border transfer restrictions, and breach notification obligations. It brings the UAE closer to international data protection standards. Applies to all processing of personal data within the UAE, excluding the ADGM and DIFC free zones which have their own laws.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection

United Kingdom

Computer Misuse Act 1990 (CMA 1990 — c.18)
The UK's primary cyber crime statute, criminalizing unauthorized access to computer systems, unauthorized modification of computer material, and the creation or distribution of hacking tools. It was one of the first laws of its kind when enacted in 1990. Applies to offenses committed within or targeting systems in the United Kingdom.

Data security & breach response, Cybersecurity
Data Protection Act 2018 (UK DPA 2018 — c.12)
The UK's primary data protection legislation, working alongside the UK GDPR after Brexit. It covers law enforcement processing, intelligence services processing, and supplements the UK GDPR with UK-specific derogations. Applies to all organizations processing personal data of individuals in the United Kingdom.

Collecting & handling user data, Selling or operating internationally, Privacy & data protection
Online Safety Act 2023 (OSA 2023 — c.50)
UK law imposing duty-of-care obligations on online platforms to protect users — especially children — from illegal and harmful content. Ofcom enforces with fines up to 10% of global turnover.

Website & platform compliance
UK General Data Protection Regulation (UK GDPR — UK Data Protection Act 2018, Sch. 1)
The retained EU GDPR as incorporated into UK law after Brexit, substantively similar to the EU version but enforced by the UK Information Commissioner's Office (ICO). Companies serving both EU and UK markets must comply with both versions independently. Applies to all organizations processing personal data of individuals in the United Kingdom.

Collecting & handling user data, Selling or operating internationally, Data security & breach response, Privacy & data protection, Cybersecurity

Alabama

Alabama Competitive Bid Law (Ala. Code §§ 41-16-1–41-16-82)
Two-track system: State Procurement Code governs state agencies, Competitive Bid Law governs local government. Local contracts above $15,000 require sealed competitive bids. State small purchase threshold is $25,000.

Government contracting, Procurement & government contracting
Alabama Open Meetings Act (Ala. Code §§ 36-25A-1 to 36-25A-11)
Requires meetings of governmental bodies to be open to the public, with notice requirements and limited executive session exceptions.

Open meetings & sunshine laws
Alabama Open Records Act (Ala. Code §§ 36-12-40–36-12-41)
Alabama's public records statute entitles every citizen to inspect and copy public writings of the state, subject to a limited set of statutory exemptions.

Government contracting, Open records & FOIA

Alaska

Alaska Open Meetings Act (Alaska Stat. §§ 44.62.310 to 44.62.319)
Governs public access to meetings of state and local government bodies in Alaska.

Open meetings & sunshine laws
Alaska Procurement Code (AS §§ 36.30.005–36.30.990)
Follows ABA Model Procurement Code. Geographic realities create unique considerations — transportation costs and remote delivery recognized in regulations. Online vendor registration via AlaskaSE.

Government contracting, Procurement & government contracting
Alaska Public Records Act (AS §§ 40.25.100–40.25.220)
Alaska's Public Records Act gives any person the right to inspect, review, and copy public records of state and local agencies during regular office hours, with narrow exemptions.

Government contracting, Open records & FOIA

Arizona

Arizona Open Meeting Law (Ariz. Rev. Stat. §§ 38-431 to 38-431.09)
Requires public bodies to conduct business openly with advance notice and accessible minutes; enforced by the Attorney General.

Open meetings & sunshine laws
Arizona Procurement Code (ARS §§ 41-2501–41-2672)
Centrally administered by State Procurement Office. Simplified procedures up to $100,000; formal competitive solicitation above that. Revised in April 2025 for public-private partnerships. Active NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Arizona Public Records Law (ARS §§ 39-121–39-127)
Arizona's public records law presumes all records of public bodies are open for inspection, placing the burden on the custodian to justify any denial or redaction.

Government contracting, Open records & FOIA

Arkansas

Arkansas Freedom of Information Act (Ark. Code §§ 25-19-101–25-19-110)
Arkansas's FOIA gives citizens broad access to public records and meetings and is among the more liberal open-government statutes in the country.

Government contracting, Open records & FOIA
Arkansas Freedom of Information Act — Open Meetings Provisions (Ark. Code § 25-19-106)
In Arkansas, a single statute (the Arkansas FOIA, Ark. Code §§ 25-19-101 to 25-19-110) governs both public records and open meetings. The open-meetings provisions are at § 25-19-106. The records provisions are in §§ 25-19-103 to 25-19-105 — see the Open Records section above for the full records framework.

Open meetings & sunshine laws
Arkansas Procurement Code (Ark. Code §§ 19-11-201–19-11-268)
Modernized 2019, closely follows ABA Model Procurement Code. Mandatory procurement training for all state purchasing employees. Formal competitive bidding above $75,000. Vendor registration via ArkansasBid.com.

Government contracting, Procurement & government contracting

California

California Bagley-Keene Open Meeting Act (Cal. Gov. Code §§ 11120-11132)
Governs open meetings for California state-level bodies (boards, commissions, agencies). Companion to the Brown Act, which covers local bodies.

Open meetings & sunshine laws
California Brown Act (Brown Act — Cal. Gov. Code §§ 54950–54963)
Applies to all local legislative bodies; strict requirements for public notice and open meetings.

Government contracting, Open meetings & sunshine laws
California Consumer Privacy Act / California Privacy Rights Act (CPRA/CCPA — Cal. Civ. Code §§ 1798.100–1798.199.100)
California's comprehensive consumer privacy law giving residents rights to know, delete, correct, and opt out of the sale or sharing of their personal information. Applies to businesses meeting revenue or data-volume thresholds processing California residents' data.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
California Public Contract Code (Cal. Pub. Cont. Code §§ 1–22355)
One of the most complex state procurement systems. Department of General Services is central purchasing authority. Strong small business and DVBE preferences. Active regulations on environmentally preferable purchasing and social equity.

Government contracting, Procurement & government contracting
California Public Records Act (Gov. Code §§ 7920.000–7931.000)
California's Public Records Act creates a presumption of access to records held by state and local agencies and sets timelines for agency response to requests.

Government contracting, Open records & FOIA

Colorado

Colorado Artificial Intelligence Act (Colorado AI Act — Colo. Rev. Stat. §§ 6-1-1701–6-1-1707)
Colorado's AI Act creates obligations for developers and deployers of high-risk AI systems used in consequential decisions involving employment, housing, lending, healthcare, education, and similar activities. Companies may need to conduct impact assessments, implement risk-management measures, and provide disclosures relating to algorithmic decision-making.

Using or building AI
Colorado Open Meetings Law (Sunshine Law) (Colo. Rev. Stat. §§ 24-6-401 to 24-6-402)
Requires meetings of state and local public bodies to be open to the public, with notice and minutes requirements.

Open meetings & sunshine laws
Colorado Open Records Act (CORA — Colo. Rev. Stat. §§ 24-72-200.1–24-72-206)
Colorado's Open Records Act (CORA) provides public access to most records held by state and local government entities, with enumerated exemptions for personnel and investigative files.

Government contracting, Open records & FOIA
Colorado Privacy Act (CPA — Colo. Rev. Stat. §§ 6-1-1301–6-1-1313)
Colorado's comprehensive privacy law modeled on the CCPA structure. Grants residents access, deletion, correction, portability, and opt-out rights, and requires data protection assessments for high-risk processing.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Colorado Procurement Code (CRS §§ 24-101-101–24-114-104)
Hybrid centralized/decentralized model. Small purchase threshold $150,000; formal competition above $150,000 for goods/services, $500,000 for IT. Sustainability and social value requirements in procurement.

Government contracting, Procurement & government contracting

Connecticut

Connecticut Data Privacy Act (CTDPA — Conn. Gen. Stat. §§ 42-515–42-525)
Connecticut's comprehensive privacy law providing residents with rights to access, correct, delete, and opt out of targeted advertising, sale of data, and profiling. Enforcement by the attorney general.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Connecticut Electronic Monitoring Notice Requirement (CT Electronic Monitoring — Conn. Gen. Stat. § 31-48d)
Requires Connecticut employers who engage in any type of electronic monitoring of employees to give prior written notice to all employees who may be affected.

Hiring & employment tech
Connecticut Freedom of Information Act (CGS §§ 1-200–1-242)
Connecticut's FOIA is administered by the state FOI Commission and provides a strong right of access to government records along with an administrative appeal process.

Government contracting, Open records & FOIA
Connecticut Freedom of Information Act — Open Meetings Provisions (Conn. Gen. Stat. §§ 1-225 to 1-232)
In Connecticut, a single statute (the Connecticut FOIA, Conn. Gen. Stat. §§ 1-200 to 1-242) governs both public records and open meetings. The open-meetings provisions are at §§ 1-225 to 1-232. The records provisions are at §§ 1-210 to 1-218 — see the Open Records section above for the full records framework.

Open meetings & sunshine laws
Connecticut State Purchasing Law (CGS §§ 4a-50–4a-60a)
DAS maintains statewide contracts; agencies required to use them when available. Formal competitive bidding above $50,000. Strong small business set-aside and CT supplier preference policies. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Delaware

Delaware Freedom of Information Act (29 Del. C. §§ 10001–10006)
Delaware's FOIA gives citizens of the state the right to inspect public records and attend public meetings of state and local bodies.

Government contracting, Open records & FOIA
Delaware Freedom of Information Act — Open Meetings Provisions (Del. Code tit. 29, §§ 10004, 10005)
In Delaware, a single statute (the Delaware FOIA, Del. Code tit. 29, §§ 10001 to 10007) governs both public records and open meetings. The open-meetings provisions are at §§ 10004 and 10005. The records provisions are at §§ 10002 and 10003 — see the Open Records section above for the full records framework.

Open meetings & sunshine laws
Delaware Personal Data Privacy Act (DPDPA — Del. Code tit. 6, ch. 12C)
Delaware's comprehensive privacy law granting residents standard consumer privacy rights. Applies to businesses processing personal data of 35,000+ Delaware residents. Effective January 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Delaware State Procurement Law (Del. Code tit. 29, §§ 6901–6988)
Centralized through OMB. Formal competitive bidding above $50,000 for goods, $100,000 for services. Strong in-state preference policy. Participates in several cooperative purchasing programs.

Government contracting, Procurement & government contracting

District of Columbia

D.C. Open Meetings Act (D.C. Code §§ 2-571–2-579)
Requires meetings of public bodies in the District of Columbia to be open to the public, with notice requirements and limited closed-session exceptions. Enforced by the Open Government Office.

Open meetings & sunshine laws

Florida

Florida Digital Bill of Rights (FDBR — Fla. Stat. §§ 501.701–501.721)
Florida's comprehensive privacy law focused on large tech companies with $1B+ in global revenue. Grants residents rights to access, delete, and opt out of targeted advertising and the sale of data.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Florida Government in the Sunshine Law (Fla. Stat. §§ 286.011–286.012)
One of the broadest state open meetings laws; applies to any meeting of two or more government officials discussing public business.

Government contracting, Open meetings & sunshine laws
Florida Procurement Law (Fla. Stat. §§ 287.001–287.137)
One of the most active state procurement systems. Formal competitive solicitation above $35,000 (Category Two). MyFloridaMarketPlace online procurement required for state agencies. Significant small and minority business programs. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Florida Public Records Law (Fla. Stat. §§ 119.01–119.19)
Florida's constitutionally enshrined public records law is among the broadest in the country, covering virtually all records made or received by state and local agencies.

Government contracting, Open records & FOIA

Georgia

Georgia Open Meetings Act (O.C.G.A. §§ 50-14-1 to 50-14-6)
Requires meetings of agencies to be open to the public, with notice requirements and a clear list of permissible executive sessions.

Open meetings & sunshine laws
Georgia Open Records Act (O.C.G.A. §§ 50-18-70–50-18-77)
Georgia's Open Records Act provides public access to records of state and local government agencies, with response deadlines and a fee schedule for copies.

Government contracting, Open records & FOIA
Georgia Procurement Law (GA Code §§ 50-5-50–50-5-81)
Centralized State Purchasing Division with statewide contracts. Formal competitive bidding above $100,000. Active small business and veteran-owned business preferences. TeamWorks procurement platform.

Government contracting, Procurement & government contracting

Hawaii

Hawaii Public Procurement Code (HRS §§ 103D-101–103D-712)
One of the most comprehensive state codes, modeled on ABA Model Procurement Code. Formal competitive bidding above $25,000 for goods, $50,000 for services. Geographic isolation creates unique shipping and vendor availability considerations. Active Hawaii business preferences.

Government contracting, Procurement & government contracting
Hawaii Sunshine Law (Haw. Rev. Stat. §§ 92-1 to 92-13)
Governs open meetings of Hawaii state and county boards; enforced by the Office of Information Practices (OIP).

Open meetings & sunshine laws
Hawaii Uniform Information Practices Act (HRS §§ 92F-1–92F-42)
Hawaii's UIPA governs access to state and county government records and is administered by the Office of Information Practices.

Government contracting, Open records & FOIA

Idaho

Idaho Code of Purchasing (Idaho Code §§ 67-5701–67-5734)
Lean centralized system. Small purchase threshold $50,000; formal competitive bidding above that. Participates in NASPO ValuePoint. Online vendor registration via Idaho VendorNet.

Government contracting, Procurement & government contracting
Idaho Open Meeting Law (Idaho Code §§ 74-201 to 74-208)
Requires governing bodies of public agencies to conduct business openly with notice and accessible minutes.

Open meetings & sunshine laws
Idaho Public Records Act (Idaho Code §§ 74-101–74-126)
Idaho's Public Records Act presumes records are open and sets a three-working-day deadline for agencies to respond to most requests.

Government contracting, Open records & FOIA

Illinois

Illinois AI Generated Content Disclosure Act (IL AIGA — Pub. Act 103-0736)
Requires disclosure when AI-generated content is used in certain commercial contexts. Relevant for marketing, media, and content companies using AI-generated images, text, or video in commercial communications.

Using or building AI, Marketing & communications
Illinois Artificial Intelligence Video Interview Act (IL AI Video Act — 820 ILCS 42/1 et seq.)
Regulates the use of artificial intelligence analysis of applicant video interviews in Illinois, requiring notice to applicants, consent, and limits on who may view the video.

Using or building AI, Hiring & employment tech
Illinois Biometric Information Privacy Act (BIPA — 740 ILCS 14/1 et seq.)
Landmark biometric privacy statute requiring private entities to obtain informed written consent before collecting fingerprints, face geometry, or other biometric identifiers. Notable for its private right of action with statutory damages.

Collecting & handling user data, Hiring & employment tech, Privacy & data protection
Illinois Freedom of Information Act (5 ILCS 140/1–140/11.5)
Illinois's FOIA requires public bodies to respond to records requests within five business days and creates a Public Access Counselor to resolve disputes.

Government contracting, Open records & FOIA
Illinois Open Meetings Act (5 ILCS 120/1–120/7.5)
Requires public bodies to hold meetings openly and provide public notice.

Government contracting, Open meetings & sunshine laws
Illinois Procurement Code (30 ILCS 500/1-1–500/99-99)
Comprehensive independently developed code, not ABA Model-based. Illinois Procurement Bulletin is official publication for notices. Formal competitive selection above $100,000. Significant small business, veteran-owned, and MBE programs. Robust procurement ethics requirements.

Government contracting, Procurement & government contracting

Indiana

Indiana Access to Public Records Act (IC §§ 5-14-3-1–5-14-3-10)
Indiana's Access to Public Records Act (APRA) guarantees access to records of public agencies, enforced in part by the Public Access Counselor.

Government contracting, Open records & FOIA
Indiana Consumer Data Protection Act (Indiana CDPA — Ind. Code §§ 24-15-1–24-15-9)
Indiana's comprehensive privacy law following the Virginia model. Grants residents access, correction, deletion, and opt-out rights. Effective January 2026.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Indiana Open Door Law (Ind. Code §§ 5-14-1.5-1 to 5-14-1.5-8)
Requires meetings of governing bodies to be open to the public; complaints and advisory opinions handled by the Public Access Counselor.

Open meetings & sunshine laws
Indiana Purchasing Law (IC §§ 5-22-1-1–5-22-22-10)
Tiered small purchase system — simplified procedures below $150,000 for goods, $200,000 for services. Formal competitive solicitation above those thresholds. Automated Vendor Service (AVS) for registration. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Iowa

Iowa Consumer Data Protection Act (Iowa CDPA — Iowa Code ch. 715D)
Iowa's comprehensive privacy law. Provides residents with more limited rights than other state privacy laws (no correction right, no profiling opt-out). Effective January 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Iowa Open Meetings Act (Iowa Code ch. 21 (§§ 21.1 to 21.11))
Requires meetings of governmental bodies to be open and preceded by reasonable public notice; enforcement available through the Iowa Public Information Board.

Open meetings & sunshine laws
Iowa Open Records Law (Iowa Code ch. 22)
Iowa's Open Records Law creates a presumption that every person shall have the right to examine and copy a public record of a government body.

Government contracting, Open records & FOIA
Iowa Procurement Law (Iowa Code §§ 8A.311–8A.317)
Centralized through DAS. Formal competitive bidding above $50,000. Strong Iowa-based business preference. Emphasizes value analysis and total cost of ownership. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Kansas

Kansas Open Meetings Act (KOMA) (Kan. Stat. §§ 75-4317 to 75-4320f)
Governs public access to meetings of legislative and administrative bodies in Kansas with notice and procedural requirements.

Open meetings & sunshine laws
Kansas Open Records Act (KORA — Kan. Stat. §§ 45-215–45-223)
Kansas's Open Records Act (KORA) governs public access to records held by state and local agencies, with enforcement through the Attorney General and the courts.

Government contracting, Open records & FOIA
Kansas Procurement and Contracts (KSA §§ 75-3738–75-3744)
Formal competitive sealed bidding above $50,000; sealed bids with 3 days notice between $25,000–$50,000. Active cooperative purchasing through NASPO ValuePoint.

Government contracting, Procurement & government contracting

Kentucky

Kentucky Consumer Data Protection Act (KCDPA — Ky. Rev. Stat. §§ 367.800–367.870)
Kentucky's comprehensive privacy law modeled on the Virginia framework. Grants residents access, correction, deletion, and opt-out rights. Effective January 2026.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Kentucky Model Procurement Code (KRS §§ 45A.010–45A.990)
Adopted ABA Model Procurement Code. Small purchase threshold $40,000; formal competitive solicitation above that. Strong ethical requirements and active debarment procedures. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Kentucky Open Meetings Act (Ky. Rev. Stat. §§ 61.800 to 61.850)
Establishes a strong public-access policy for meetings of public agencies; enforced by the Attorney General with binding advisory opinions.

Open meetings & sunshine laws
Kentucky Open Records Act (FOAA — 1 M.R.S. §§ 400–414)
Kentucky's Open Records Act requires prompt access to public records and provides for appeals to the Attorney General when access is denied.

Government contracting, Open records & FOIA

Louisiana

Louisiana Open Meetings Law (La. Rev. Stat. §§ 42:11 to 42:28)
Governs open meetings in Louisiana, supplemented by a constitutional open-government provision (La. Const. art. XII, § 3).

Open meetings & sunshine laws
Louisiana Procurement Code (La. R.S. §§ 39:1551–39:1755)
Comprehensive code. Formal competitive bidding above $30,000 for goods, $250,000 for services. Strong compliance requirements from past federal oversight. Vendor registration through Louisiana Vendor Portal required.

Government contracting, Procurement & government contracting
Louisiana Public Records Law (La. R.S. §§ 44:1–44:41)
Louisiana's Public Records Law is rooted in the state constitution and creates a broad right of access to records of public bodies.

Government contracting, Open records & FOIA

Maine

Maine Freedom of Access Act (1 M.R.S. §§ 400–414)
Maine's Freedom of Access Act (FOAA) establishes a right of access to public records and proceedings of state and local government bodies.

Government contracting, Open records & FOIA
Maine Freedom of Access Act — Open Meetings Provisions (1 M.R.S. §§ 401 to 414)
In Maine, a single statute (the Maine Freedom of Access Act, 1 M.R.S. §§ 401 to 414) governs both public records and open meetings. The full chapter contains both records and meetings provisions side-by-side — see the Open Records section above for the records framework.

Open meetings & sunshine laws
Maine Purchasing Law (Me. Rev. Stat. tit. 5, §§ 1811–1831)
Streamlined system. Formal competitive bidding above $50,000. Preference for Maine products and businesses. Participates in NASPO ValuePoint.

Government contracting, Procurement & government contracting

Maryland

Maryland Online Data Privacy Act (MODPA — Md. Code, Com. Law §§ 14-4601–14-4616)
Maryland's comprehensive privacy law — one of the strictest in the US. Imposes data minimization requirements and bans the sale of sensitive personal data without affirmative consent. Effective October 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Maryland Open Meetings Act (Md. Code, Gen. Prov. §§ 3-101 to 3-501)
Requires meetings of public bodies to be open to the public; the Open Meetings Compliance Board handles complaints and issues advisory opinions.

Open meetings & sunshine laws
Maryland Procurement Law (Md. Code, State Fin. & Proc. §§ 11-101–17-402)
Board of Public Works (Governor, Comptroller, Treasurer) approves major contracts. Formal competitive sealed bidding above $50,000 for goods, $100,000 for services. Active MBE programs with specific participation goals. eMaryland Marketplace Advantage (eMMA) is official portal.

Government contracting, Procurement & government contracting
Maryland Public Information Act (MPIA — Md. Code, Gen. Prov. §§ 4-101–4-601)
Maryland's Public Information Act gives the public a broad right to inspect records of state and local government, with enforcement by the Public Information Act Compliance Board.

Government contracting, Open records & FOIA

Massachusetts

Massachusetts Open Meeting Law (Mass. Gen. Laws ch. 30A, §§ 18 to 25)
Requires meetings of public bodies to be open to the public; enforced by the Attorney General's Division of Open Government.

Open meetings & sunshine laws
Massachusetts Public Records Law (MGL c. 66 §§ 10–10B)
Massachusetts's Public Records Law was substantially reformed in 2016 to strengthen access, impose response deadlines, and allow recovery of attorneys' fees.

Government contracting, Open records & FOIA
Massachusetts Uniform Procurement Act (MGL ch. 30B)
Two frameworks: Ch. 7C for state agencies, Ch. 30B for local governments. Ch. 30B formal competitive bidding above $50,000 for goods/services, $100,000 for construction. COMMBUYS procurement portal. OSD maintains statewide contracts.

Government contracting, Procurement & government contracting

Michigan

Michigan Freedom of Information Act (MCL §§ 15.231–15.246)
Michigan's FOIA provides public access to records of state and local public bodies (notably excluding the governor's office and legislature).

Government contracting, Open records & FOIA
Michigan Open Meetings Act (Mich. Comp. Laws §§ 15.261 to 15.275)
Requires meetings of public bodies to be open to the public with notice, minutes, and limited closed-session exceptions.

Open meetings & sunshine laws
Michigan Procurement Law (MCL §§ 18.1201–18.1299)
Managed by DTMB. Formal competitive bidding above $50,000 for goods and IT. Active small business and veteran-owned business programs. SIGMA Vendor Self Service portal for registration.

Government contracting, Procurement & government contracting

Minnesota

Minnesota Consumer Data Privacy Act (MNDPA — Minn. Stat. ch. 325O)
Minnesota's comprehensive privacy law with strong profiling and automated decision-making provisions. Grants residents access to profiling logic and contestation rights. Effective July 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Minnesota Government Data Practices Act (MGDPA — Minn. Stat. ch. 13)
Minnesota's Government Data Practices Act classifies all government data as public unless specifically classified otherwise by law, and regulates collection, use, and disclosure.

Government contracting, Open records & FOIA
Minnesota Open Meeting Law (Minn. Stat. ch. 13D (§§ 13D.01 to 13D.07))
Requires meetings of governing bodies to be open to the public; coordinates with the Minnesota Government Data Practices Act.

Open meetings & sunshine laws
Minnesota Procurement Law (Minn. Stat. §§ 16C.01–16C.35)
Well-organized central system through Materials Management Division. Formal competitive bidding above $100,000. Strong small business and targeted group business (TGB) requirements. eSupplier portal for registration. Active NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Mississippi

Mississippi Open Meetings Act (Miss. Code §§ 25-41-1 to 25-41-17)
Governs open meetings of public bodies in Mississippi; enforcement through the Ethics Commission.

Open meetings & sunshine laws
Mississippi Procurement Law (Miss. Code §§ 31-7-1–31-7-75)
Centralized through Office of Purchasing. Formal competitive bidding above $50,000 for goods, $100,000 for services. Strong in-state bidder preference. Mississippi Procurement Portal (PTR system). NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Mississippi Public Records Act (Miss. Code §§ 25-61-1–25-61-17)
Mississippi's Public Records Act establishes a presumption of openness for records of public bodies in the state.

Government contracting, Open records & FOIA

Missouri

Missouri Purchasing Law (RSMo §§ 34.010–34.380)
Formal competitive sealed bidding above $25,000; competitive quotes from 3+ vendors between $5,000–$25,000. Missouri Vendor Services portal. Active cooperative purchasing and NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Missouri Sunshine Law (RSMo §§ 610.010–610.035)
Missouri's Sunshine Law governs both open meetings and open records and is enforced by the Attorney General's Office.

Government contracting, Open records & FOIA
Missouri Sunshine Law (Mo. Rev. Stat. §§ 610.010 to 610.035)
Governs both open meetings and public records in Missouri (the records provisions live in the same chapter, §§ 610.010 et seq.).

Open meetings & sunshine laws

Montana

Montana Consumer Data Privacy Act (MCDPA — Mont. Code §§ 30-14-2801–30-14-2817)
Montana's comprehensive privacy law following the Connecticut model. Grants standard access, correction, deletion, portability, and opt-out rights.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Montana Open Meeting Law (Mont. Code §§ 2-3-201 to 2-3-221)
Requires meetings of public agencies to be open to the public, supplemented by a strong constitutional right-to-know.

Open meetings & sunshine laws
Montana Open Records Law (MCA §§ 2-6-1001–2-6-1023)
Montana's constitutional right-to-know provision and implementing statutes create one of the nation's strongest public access regimes.

Government contracting, Open records & FOIA
Montana Procurement Act (MCA §§ 18-4-101–18-4-501)
Small purchase threshold $25,000; formal competitive bidding above $50,000. Specific provisions for emergency procurement given rural nature. Montana Vendor Express system for registration.

Government contracting, Procurement & government contracting

Nebraska

Nebraska Data Privacy Act (NDPA — Neb. Rev. Stat. §§ 87-1101–87-1116)
Nebraska's comprehensive privacy law modeled on the Texas framework. Applies to businesses processing personal data that are not small businesses under the SBA definition.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Nebraska Open Meetings Act (Neb. Rev. Stat. §§ 84-1407 to 84-1414)
Requires meetings of public bodies to be open to the public with notice, agendas, and accessible minutes.

Open meetings & sunshine laws
Nebraska Public Records Statutes (Neb. Rev. Stat. §§ 84-712–84-712.09)
Nebraska's public records statutes give citizens a right of free examination of records of state and local government bodies.

Government contracting, Open records & FOIA
Nebraska State Purchasing Law (Neb. Rev. Stat. §§ 81-145–81-162)
Materiel Division maintains statewide contracts. Formal competitive bidding above $50,000. Nebraska Business Registered Enterprise program for in-state vendors. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Nevada

Nevada Open Meeting Law (Nev. Rev. Stat. §§ 241.010 to 241.040)
Requires meetings of public bodies to be open to the public; enforced by the Attorney General's Office.

Open meetings & sunshine laws
Nevada Public Records Act (NRS §§ 239.001–239.013)
Nevada's Public Records Act is construed liberally in favor of disclosure and places the burden on the government agency to justify withholding.

Government contracting, Open records & FOIA
Nevada State Purchasing Act (NRS ch. 333)
Small purchase threshold $100,000; formal competitive solicitation above that. Active small business programs and Nevada-based preferences. NevadaEPro portal. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

New Hampshire

New Hampshire Privacy Act (NH Privacy Act — N.H. Rev. Stat. ch. 359-R)
New Hampshire's comprehensive privacy law granting residents standard consumer privacy rights. Effective January 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
New Hampshire Procurement Law (RSA §§ 21-I:11–21-I:22)
Streamlined framework. Formal competitive bidding above $25,000. Leader in leveraging cooperative contracts from NASPO ValuePoint.

Government contracting, Procurement & government contracting
New Hampshire Right-to-Know Law (RSA ch. 91-A)
New Hampshire's Right-to-Know Law protects public access to governmental records and proceedings under Chapter 91-A of the Revised Statutes.

Government contracting, Open records & FOIA
New Hampshire Right-to-Know Law — Open Meetings Provisions (N.H. Rev. Stat. ch. 91-A)
In New Hampshire, a single statute (the Right-to-Know Law, N.H. Rev. Stat. ch. 91-A, §§ 91-A:1 to 91-A:10) governs both public records and open meetings. The chapter covers both topics side-by-side — see the Open Records section above for the records framework.

Open meetings & sunshine laws

New Jersey

New Jersey Data Privacy Act (NJ DPA — N.J.S.A. §§ 56:8-166–56:8-199)
New Jersey's comprehensive privacy law. Grants residents access, correction, deletion, portability, and opt-out rights. Effective January 2025.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
New Jersey Open Public Records Act (OPRA — N.J.S.A. §§ 47:1A-1–47:1A-13)
New Jersey's Open Public Records Act (OPRA) provides access to government records and creates the Government Records Council to mediate disputes.

Government contracting, Open records & FOIA
New Jersey Procurement Law (NJSA §§ 52:34-6.1–52:34-25)
Significant centralization through Division of Purchase and Property. Formal competitive bidding above $44,000 (adjusted periodically). Strong set-asides for small, veteran-owned, and MWBE businesses. NJSTART eProcurement system. Local procurement separately governed by Local Public Contracts Law.

Government contracting, Procurement & government contracting
Senator Byron M. Baer Open Public Meetings Act (N.J.S.A. §§ 10:4-6 to 10:4-21)
Requires meetings of public bodies to be open to the public with advance notice and accessible minutes.

Open meetings & sunshine laws

New Mexico

New Mexico Inspection of Public Records Act (IPRA — N.M. Stat. §§ 14-2-1–14-2-12)
New Mexico's IPRA guarantees the right of every person to inspect public records of state and local government, with narrow exceptions.

Government contracting, Open records & FOIA
New Mexico Open Meetings Act (N.M. Stat. §§ 10-15-1 to 10-15-4)
Requires meetings of public bodies to be open to the public; enforced through the Attorney General and private right of action.

Open meetings & sunshine laws
New Mexico Procurement Code (NMSA §§ 13-1-1–13-1-199)
Comprehensive code. Small purchase threshold $60,000; formal competitive solicitation above that. Strong small business and resident business preferences. Significant requirements around protecting Native American businesses and tribal sovereign interests.

Government contracting, Procurement & government contracting

New York

NYC Local Law 144 (NYC LL 144 — N.Y.C. Admin. Code § 20-870 et seq.)
First US law regulating automated employment decision tools (AEDTs). Requires employers using AEDTs in hiring or promotion to conduct an independent bias audit and provide notice to candidates.

Using or building AI, Hiring & employment tech
New York Electronic Monitoring Notice Requirement (NY Electronic Monitoring — N.Y. Civ. Rights Law § 52-c)
Requires New York private-sector employers to provide written notice to employees upon hiring of any electronic monitoring of telephone, email, or internet use.

Hiring & employment tech
New York Freedom of Information Law (FOIL — N.Y. Pub. Off. Law §§ 84–90)
New York's FOIL creates a broad right of access to records of state and local government agencies and establishes the Committee on Open Government to guide compliance.

Government contracting, Open records & FOIA
New York Open Meetings Law (N.Y. Pub. Off. Law §§ 100–111)
Requires meetings of public bodies to be open to the general public.

Government contracting, Open meetings & sunshine laws
New York Procurement Law (NY State Fin. Law §§ 112, 163)
One of the most complex state systems. OGS maintains extensive statewide contracts; agencies required to use them. Formal competitive bidding above $50,000. Highly developed MWBE programs with specific participation requirements. NY eMarketplace platform. Local procurement follows General Municipal Law.

Government contracting, Procurement & government contracting
New York SHIELD Act (SHIELD Act — N.Y. Gen. Bus. Law § 899-aa)
New York's data security and breach notification law. Requires businesses that own or license private information of New York residents to implement reasonable safeguards and notify affected individuals after a breach.

Collecting & handling user data, Website & platform compliance, Privacy & data protection

North Carolina

North Carolina Open Meetings Law (N.C. Gen. Stat. §§ 143-318.9 to 143-318.18)
Requires meetings of public bodies to be open to the public with notice and accessible minutes.

Open meetings & sunshine laws
North Carolina Procurement Law (NC GS §§ 143-48–143-64.3)
Division of Purchase and Contract manages state procurement. Formal competitive bidding above $90,000 for goods, $300,000 for services. Significant NC HUB (Historically Underutilized Business) requirements. Interactive Purchasing System (IPS) for opportunities.

Government contracting, Procurement & government contracting
North Carolina Public Records Law (GS §§ 132-1–132-10)
North Carolina's Public Records Law broadly defines public records as those made or received in connection with public business and provides for judicial enforcement.

Government contracting, Open records & FOIA

North Dakota

North Dakota Open Meetings Law (N.D. Cent. Code §§ 44-04-17.1 to 44-04-21.2)
Requires meetings of public bodies to be open to the public; supplemented by a constitutional open-government provision.

Open meetings & sunshine laws
North Dakota Open Records Law (NDCC §§ 44-04-18–44-04-18.27)
North Dakota's open records statute is embedded in the state constitution and broadly presumes access to records of public entities.

Government contracting, Open records & FOIA
North Dakota Procurement Law (NDCC §§ 54-44.4-01–54-44.4-14)
Streamlined system. Small purchase threshold $25,000; formal competitive bidding above $50,000. Strong preference for ND-based businesses. ND Buylines system for registration. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Ohio

Ohio Open Meetings Act (Sunshine Law) (Ohio Rev. Code § 121.22)
A single comprehensive section requires meetings of public bodies to be open to the public with notice and minutes.

Open meetings & sunshine laws
Ohio Procurement Law (ORC §§ 125.01–125.21)
One of the larger and more sophisticated state systems. State Term Schedule covers extensive pre-competed contracts. Formal competitive bidding above $50,000 for goods, $25,000 for services. Strong small and minority business programs. Ohio Vendor Services portal.

Government contracting, Procurement & government contracting
Ohio Public Records Act (ORC §§ 149.43–149.437)
Ohio's Public Records Act requires public offices to promptly prepare and make records available for inspection at all reasonable times during regular business hours.

Government contracting, Open records & FOIA

Oklahoma

Oklahoma Central Purchasing Act (Okla. Stat. tit. 74, §§ 85.1–85.45r)
Small purchase threshold $50,000; formal competitive sealed bidding above that. Active small business and disadvantaged business programs. iSupplier portal for vendor registration. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Oklahoma Open Meeting Act (Okla. Stat. tit. 25, §§ 301 to 314)
Requires meetings of public bodies to be open to the public with notice and accessible minutes.

Open meetings & sunshine laws
Oklahoma Open Records Act (51 OS §§ 24A.1–24A.30)
Oklahoma's Open Records Act gives the people the right to know and be fully informed about their government and provides access to public records.

Government contracting, Open records & FOIA

Oregon

Oregon Consumer Privacy Act (OCPA — Or. Rev. Stat. §§ 646A.570–646A.604)
Oregon's comprehensive privacy law. Grants residents standard consumer privacy rights and includes strong protections for sensitive data, including children's information.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Oregon Public Contracting Code (ORS §§ 279A.005–279C.870)
Sophisticated three-chapter framework: 279A (general/ethics), 279B (goods/services), 279C (public improvements). Formal competitive sealed bidding above $150,000. Significant small business and MWBE programs. ORPIN for vendor registration.

Government contracting, Procurement & government contracting
Oregon Public Meetings Law (Or. Rev. Stat. §§ 192.610 to 192.705)
Requires meetings of governing bodies to be open to the public; enforced through the Attorney General's office and private right of action.

Open meetings & sunshine laws
Oregon Public Records Law (ORS §§ 192.311–192.478)
Oregon's Public Records Law provides a right of access to public records, with the Attorney General and Public Records Advocate playing oversight roles.

Government contracting, Open records & FOIA

Pennsylvania

Pennsylvania Procurement Code (Pa. C.S. tit. 62, §§ 101–4604)
Comprehensive code with strong transparency requirements. Formal competitive sealed bidding above $10,500 for commodities, $35,700 for services (indexed). Significant small diverse business (SDB) participation requirements. PA eMarketplace. Sunset Act creates periodic contract review requirements.

Government contracting, Procurement & government contracting
Pennsylvania Right-to-Know Law (RTKL — 65 P.S. §§ 67.101–67.3104)
Pennsylvania's Right-to-Know Law, substantially strengthened in 2008, created the Office of Open Records to hear appeals and promote transparency.

Government contracting, Open records & FOIA
Pennsylvania Sunshine Act (65 Pa. Cons. Stat. §§ 701 to 716)
Requires meetings of agencies to be open to the public, with notice, agendas, and limited executive session exceptions.

Open meetings & sunshine laws

Rhode Island

Rhode Island Access to Public Records Act (APRA — R.I. Gen. Laws §§ 38-2-1–38-2-15)
Rhode Island's APRA provides public access to records of state and municipal bodies, enforced by the Attorney General and through judicial review.

Government contracting, Open records & FOIA
Rhode Island Data Transparency and Privacy Protection Act (RIDPA — R.I. Gen. Laws §§ 6-48.1-1–6-48.1-13)
Rhode Island's comprehensive privacy law focused on transparency and notice obligations. Effective January 2026.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Rhode Island Open Meetings Act (R.I. Gen. Laws §§ 42-46-1 to 42-46-15)
Requires meetings of public bodies to be open to the public; enforced by the Attorney General.

Open meetings & sunshine laws
Rhode Island State Purchases Law (RIGL §§ 37-2-1–37-2-87)
Small purchase threshold $10,000; formal competitive bidding above $50,000. Strong RI-based business preferences. RI Contract Portal for opportunities. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

South Carolina

South Carolina Consolidated Procurement Code (SC Code §§ 11-35-10–11-35-5270)
Applies to both state and local government — one of the more unified frameworks. Small purchase threshold $50,000; formal competitive solicitation above that. Robust small and minority business programs. SC Statewide Procurement System.

Government contracting, Procurement & government contracting
South Carolina Freedom of Information Act (SC Code §§ 30-4-10–30-4-165)
South Carolina's FOIA establishes a right of public access to records of state and local government bodies and sets response deadlines.

Government contracting, Open records & FOIA
South Carolina Freedom of Information Act — Open Meetings Provisions (S.C. Code §§ 30-4-60 to 30-4-110)
In South Carolina, a single statute (the South Carolina FOIA, S.C. Code §§ 30-4-10 et seq.) governs both public records and open meetings. The open-meetings provisions are at §§ 30-4-60 to 30-4-110. The records provisions are at §§ 30-4-20 to 30-4-50 — see the Open Records section above for the records framework.

Open meetings & sunshine laws

South Dakota

South Dakota Open Meetings Law (S.D. Codified Laws ch. 1-25 (§§ 1-25-1 to 1-25-13))
Requires meetings of public bodies to be open to the public with notice and accessible minutes.

Open meetings & sunshine laws
South Dakota Open Records Law (SDCL §§ 1-27-1–1-27-47)
South Dakota's Open Records Law presumes records held by public bodies are open unless specifically closed by law.

Government contracting, Open records & FOIA
South Dakota Procurement Management Law (SDCL §§ 5-18A-1–5-18A-47)
Streamlined system. Small purchase threshold $25,000; formal competitive sealed bidding above $50,000. In-state preference policies. Intentionally simpler framework reflecting limited-government approach. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Tennessee

Tennessee Information Protection Act (TIPA — Tenn. Code §§ 47-18-3301–47-18-3313)
Tennessee's comprehensive privacy law. Notable for explicitly providing an affirmative defense for businesses that implement NIST-aligned privacy programs.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Tennessee Open Meetings Act (Sunshine Law) (Tenn. Code §§ 8-44-101 to 8-44-501)
Requires meetings of governing bodies to be open to the public; one of the broader sunshine laws in scope.

Open meetings & sunshine laws
Tennessee Procurement Law (TCA §§ 12-3-101–12-3-1209)
Central Procurement Office manages state purchasing. Formal competitive sealed bidding above $50,000. Active small business, veteran-owned, and MBE programs. Edison procurement system. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting
Tennessee Public Records Act (TCA §§ 10-7-503–10-7-512)
Tennessee's Public Records Act gives Tennessee citizens a right to inspect public records of state and local government entities.

Government contracting, Open records & FOIA

Texas

Texas Capture or Use of Biometric Identifier Act (CUBI — Tex. Bus. & Com. Code § 503.001)
Requires informed consent before a private entity may capture a biometric identifier (such as fingerprint, voice print, or iris scan) for a commercial purpose, and imposes storage and destruction requirements.

Collecting & handling user data, Hiring & employment tech, Privacy & data protection
Texas Contracting and Delivery Procedures for Construction Projects (Tex. Gov. Code §§ 2269.001–2269.413)
Authorizes alternative construction delivery methods for governmental entities including competitive sealed proposals, construction manager-at-risk (CMAR), design-build, and job order contracting. Sets procedures, qualification requirements, and evaluation criteria for each method.

Procurement & government contracting
Texas Data Privacy and Security Act (TDPSA — Tex. Bus. & Com. Code ch. 541)
Texas's comprehensive privacy law. Applies to any business processing Texas residents' data that is not a small business under the SBA definition — broader applicability than most state privacy laws.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Texas Municipal Purchasing and Contracting Authority (Tex. Local Gov. Code §§ 252.001–252.049)
The primary statute governing competitive purchasing by Texas municipalities. Requires competitive sealed bidding or proposals for expenditures over $50,000, sets exemptions, establishes best value criteria, and governs change orders and contract bonds.

Procurement & government contracting
Texas Open Meetings Act (Tex. Gov. Code §§ 551.001–551.146)
Strong public notice requirements for government body meetings.

Government contracting, Open meetings & sunshine laws
Texas Professional and Consulting Services Procurement Act (Tex. Gov. Code §§ 2254.001–2254.004)
Requires qualifications-based selection for architects, engineers, and surveyors — price cannot be a factor until after the most qualified firm is selected. Also governs consulting services contracts with state agencies.

Procurement & government contracting
Texas Public Information Act (PIA — Tex. Gov. Code §§ 552.001–552.376)
Texas's Public Information Act creates a strong presumption of access to government records and is enforced by the Attorney General through opinions, letter rulings, and litigation.

Government contracting, Open records & FOIA
Texas Purchasing and Contracting Authority of Municipalities and Counties (Tex. Local Gov. Code §§ 271.001–271.083)
Covers cooperative purchasing programs, electronic bidding, performance contracts, design-build for civil works, and the right to audit contractors. Subchapter D authorizes participation in cooperative purchasing programs like BuyBoard and TIPS.

Procurement & government contracting
Texas Responsible AI Governance Act (TRAIGA — Tex. Bus. & Com. Code ch. 546)
TRAIGA establishes governance requirements for certain AI systems used in consequential decision-making and public-sector contexts. It is particularly relevant to companies deploying automated systems affecting consumers, employment decisions, or government-related services in Texas.

Collecting & handling user data, Using or building AI, Hiring & employment tech, Privacy & data protection

Utah

Utah Artificial Intelligence Policy Act (Utah AI Act — Utah Code §§ 13-72-101–13-72-401)
Utah's AI law requires certain disclosures when generative AI systems interact with consumers in regulated professional contexts. It may apply to businesses deploying AI chatbots, automated support systems, or AI-generated communications involving consumer-facing services.

Using or building AI
Utah Government Records Access and Management Act (GRAMA — Utah Code §§ 63G-2-101–63G-2-901)
Utah's GRAMA balances the public's right of access to government records with privacy and confidentiality interests and creates the State Records Committee to hear appeals.

Government contracting, Open records & FOIA
Utah Open and Public Meetings Act (Utah Code §§ 52-4-101 to 52-4-305)
Requires meetings of public bodies to be open to the public with notice, agendas, and accessible minutes.

Open meetings & sunshine laws
Utah Procurement Code (Utah Code §§ 63G-6a-101–63G-6a-2406)
Comprehensive rewrite in 2012. Small purchase threshold $50,000; formal competitive solicitation above that. Strong Utah business preferences. JAGGAER procurement platform (UtahInterchange). NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Vermont

Vermont Open Meeting Law (1 V.S.A. §§ 310 to 314)
Requires meetings of public bodies to be open to the public; enforced through the Attorney General and private right of action.

Open meetings & sunshine laws
Vermont Public Records Act (1 VSA §§ 315–320)
Vermont's Public Records Act begins with a strong policy statement in favor of access and applies to records of state and municipal agencies.

Government contracting, Open records & FOIA
Vermont Purchasing Law (Vt. Stat. tit. 29, §§ 901–922)
Streamlined system. Formal competitive bidding above $25,000. Strong VT-based business preferences. Actively leverages cooperative purchasing given limited procurement staff.

Government contracting, Procurement & government contracting

Virginia

Virginia Breach of Personal Information Notification (Va. Code § 18.2-186.6)
Virginia's data breach notification statute requires individuals and entities to notify the Attorney General and affected Virginia residents when unencrypted personal information is accessed without authorization in a way that causes or is likely to cause identity theft or fraud. The law defines personal information, sets notification procedures including substitute notice for large breaches, and authorizes civil penalties up to $150,000 per breach.

Data security & breach response, Privacy & data protection, Cybersecurity
Virginia Consumer Data Protection Act (VCDPA — Va. Code §§ 59.1-575–59.1-585)
Virginia's comprehensive privacy law — the first to follow the CCPA in 2023. Became the template for many subsequent state privacy laws including CO, CT, UT, and others.

Collecting & handling user data, Website & platform compliance, Privacy & data protection
Virginia Freedom of Information Act (VA FOIA — Va. Code §§ 2.2-3700–2.2-3714)
Virginia's FOIA provides broad access to public records and meetings of state and local government bodies, with required response timelines.

Government contracting, Open records & FOIA
Virginia Freedom of Information Act — Open Meetings Provisions (Va. Code §§ 2.2-3707 to 2.2-3714)
In Virginia, a single statute (the Virginia FOIA, Va. Code §§ 2.2-3700 to 2.2-3715) governs both public records and open meetings. The open-meetings provisions are at §§ 2.2-3707 to 2.2-3714. The records provisions are at §§ 2.2-3704 to 2.2-3706 — see the Open Records section above for the records framework.

Open meetings & sunshine laws
Virginia Public Procurement Act (Va. Code §§ 2.2-4300–2.2-4384)
One of the more detailed frameworks. Formal competitive sealed bidding above $100,000. Strong small, women-owned, and minority business programs. eVA electronic procurement system for state and many local agencies.

Government contracting, Procurement & government contracting

Washington

Washington My Health My Data Act (MHMDA — Wash. Rev. Code ch. 19.373)
Provides expansive protection for consumer health data not already covered by HIPAA. Requires consent for collection and sharing, creates a consumer right to delete, and includes a private right of action.

Collecting & handling user data, Privacy & data protection
Washington Open Public Meetings Act (Wash. Rev. Code ch. 42.30 (§§ 42.30.010 to 42.30.920))
Requires meetings of governing bodies to be open to the public with notice; private right of action available.

Open meetings & sunshine laws
Washington Public Records Act (PRA — Wash. Rev. Code ch. 42.56)
Washington's Public Records Act creates a strong right of access and has been construed by courts to favor disclosure in close cases.

Government contracting, Open records & FOIA
Washington State Procurement Law (RCW §§ 39.26.005–39.26.901)
Separate frameworks for state (RCW 39.26) and local (RCW 39.04) agencies. Formal competitive solicitation above $150,000. Strong small and minority business programs. WA Procurement Portal for registration.

Government contracting, Procurement & government contracting

West Virginia

West Virginia Freedom of Information Act (WV Code §§ 29B-1-1–29B-1-7)
West Virginia's FOIA provides broad public access to records of state and local government bodies under Chapter 29B of the state code.

Government contracting, Open records & FOIA
West Virginia Open Governmental Proceedings Act (W. Va. Code §§ 6-9A-1 to 6-9A-12)
Requires meetings of governing bodies to be open to the public with notice and limited closed-session exceptions.

Open meetings & sunshine laws
West Virginia Purchasing Law (WV Code §§ 5A-3-1–5A-3-62)
Small purchase threshold $25,000; formal competitive sealed bidding above $50,000. In-state preference policies. WV Vendor Self Service portal. NASPO ValuePoint participant.

Government contracting, Procurement & government contracting

Wisconsin

Wisconsin Open Meetings Law (Wis. Stat. §§ 19.81 to 19.98)
Requires meetings of governmental bodies to be open to the public; enforced by the Attorney General and district attorneys.

Open meetings & sunshine laws
Wisconsin Open Records Law (Wis. Stat. §§ 19.31–19.39)
Wisconsin's Open Records Law creates a strong presumption of complete public access to records of governmental bodies in the state.

Government contracting, Open records & FOIA
Wisconsin Purchasing Law (Wis. Stat. §§ 16.70–16.82)
Statewide contracts available to agencies and municipalities. Formal competitive bidding above $50,000. Active WI-based and historically underutilized business programs. VendorNet system for registration. NASPO ValuePoint and Midwestern Higher Ed Compact participant.

Government contracting, Procurement & government contracting

Wyoming

Wyoming Public Meetings Act (Wyo. Stat. §§ 16-4-401 to 16-4-408)
Requires meetings of public agencies to be open to the public with notice and accessible minutes.

Open meetings & sunshine laws
Wyoming Public Records Act (WS §§ 16-4-201–16-4-205)
Wyoming's Public Records Act gives every person the right to inspect public records during business hours, subject to enumerated exemptions.

Government contracting, Open records & FOIA
Wyoming State Procurement Law (Wyo. Stat. §§ 9-2-1016–9-2-1038)
Lean system. Formal competitive sealed bidding above $75,000. Actively leverages NASPO ValuePoint — valuable given small procurement staff. In-state preference policies.

Government contracting, Procurement & government contracting

This page has an interactive globe and search interface when JavaScript is enabled. You can also use the public JSON API for programmatic access.