From Smart Homes to Smart Laws: AI in Connected Products in the EU & US

Whitepaper Overview:

The integration of Artificial Intelligence (AI) into connected products is rapidly transforming industries across the European Union (EU) and the US, offering enhanced functionalities and unprecedented levels of automation. From smart home devices and industrial machinery to connected vehicles and medical equipment, AI is increasingly embedded to improve performance, personalize user experiences, and drive innovation.  

This surge in AI-powered connected products has coincided with the development of a comprehensive and evolving regulatory framework within the EU, designed to address the unique challenges and risks presented by these technologies. This framework encompasses not only sector-specific regulations but also horizontal legislation such as the EU Artificial Intelligence Act (AI Act), the Data Act, the General Data Protection Regulation (GDPR), and the Cybersecurity Act, creating a complex web of compliance obligations for businesses operating in this space.  

In the US, regulation in this area is dynamic, with ongoing discussions and potential for new legislation. Like its EU counterpart, there is a growing emphasis on “security by design,” meaning that security should be built into connected products from the initial development stage, with various states introducing their own laws focusing on key areas such as personal data protection, IoT, cybersecurity, and AI.  

This whitepaper provides a comprehensive overview of the legal and regulatory landscape governing AI in connected products within the EU and the US. It draws upon legal expertise and AI-driven analysis to offer an up-to-date perspective on the key definitions, principles, and requirements outlined in relevant legislation. The objective is to equip companies with a clear understanding of their legal responsibilities and the strategic considerations necessary to navigate this evolving environment.  

The integration of AI into connected devices necessitates a proactive and informed approach to legal compliance, as the regulatory landscape is still maturing. Companies must understand that compliance is not a singular effort but an ongoing process requiring continuous monitoring and adaptation to new guidance and enforcement priorities.

This Whitepaper Covers:

• EU Artificial Intelligence Act (AI Act) and its risk-based approach
• Data Act and its focus on data access and portability
• General Data Protection Regulation (GDPR) and its implications for personal data processing
• Cybersecurity Act and Cyber Resilience Act, and their emphasis on security by design
• General Product Safety Regulation (GPSR) and the revised Product Liability Directive, and their impact on consumer protection and liability
• Internet of Things Cybersecurity Improvement Act of 2020
• NIST SP 800-213
• NISTIR 8259
• Colorado’s AI Act  
• California IoT Security Law (SB-327)  
• California Al Transparency Act (SB 942)  
• Oregon IoT Security Law (HB 2395)  
• Virginia High-Risk AI Developer and Deployer Act (HB 2094)

*This whitepaper was originally published on 26th March, 2025. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.

Authors

Dila Şen, Global Regulatory and Requirements Compliance Specialist, Compliance & Risks

Dila Şen is a Turkish-qualified lawyer and sworn translator for 15 years with extensive experience in AI policy. She has been working as a Global Regulatory & Requirements Compliance Specialist at Compliance & Risks for five years.

Prior to joining Compliance & Risks, Dila worked for global companies like Lehman Brothers Holdings Inc., ADP, and several different law firms in Turkey as a legal counsel for several years.

Dila holds a triple LL.M. in European Master in Law & Economics from the Universities of Bologna, Ghent, and Haifa, and an LL.B. from Yeditepe University, where she was awarded a full merit-based scholarship by the Turkish government. She also holds a B.A. in Communication. She further developed her expertise in AI through an Advanced Certification from the Center for Artificial Intelligence & Digital Policy (CAIDP) in Washington, D.C., subsequently becoming a Team Leader. Currently, she is an AI Policy Group Member at CAIDP’s AI Policy Clinic and an active member of the Istanbul Bar Association’s AI Working Group.

Chelsea Cunningham, Senior Regulatory Compliance Specialist, Compliance & Risks

Chelsea is a highly experienced Senior Regulatory Compliance Specialist at Compliance & Risks, specialising in the electronics sector. Her expertise spans global environmental, social and product safety regulations, and she leads the firm’s Knowledge Partner Network, facilitating expert insights on product compliance. With a strong academic background, including a MSc International Public Policy & Diplomacy, BCL and advanced AI certification, Chelsea brings a unique blend of regulatory, technological, and business acumen.