Home » The Evolving State of US Privacy: Navigating US Data Protection Legislation in 2025
Whitepapers 12 MIN READ

The Evolving State of US Privacy: Navigating US Data Protection Legislation in 2025

Jun 24, 2025 The Evolving State of US Privacy: Navigating US Data Protection Legislation in 2025

How to Comply with US Data Protection Legislation in 2025?

With the advancement of connected devices, smart products, and the development of artificial intelligence, the growing importance of data protection is undeniable.

As reported by the International Association of Privacy Professionals (IAPP), as of January 2025, data protection laws are in force in 144 countries, covering more than 80% of the world’s population by some form of national privacy protection law.

Although the future of a federal consumer privacy law in the US is still unclear, individual states are moving ahead with their own data protection legislation, highlighting the need for industries to remain up to date with the evolving regulatory landscape.

This whitepaper explores the state-level laws shaping personal data privacy across the United States and examines how they affect businesses operating both inside and outside the states where they are enacted. It provides comprehensive details on US data protection legislation, including applicability of the respective laws, their entry into force, enforcement, etc.

This Whitepaper Covers:

  • Thirteen state privacy laws that are already in effect
  • Three acts coming into force in 2025
  • Three acts taking effect in early 2026
  • Table with effective dates and ‘Notice and Cure’ provision details

*This whitepaper was originally published on 24th June, 2025. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.

Authors

Ani

Ani Nozadze, Senior Regulatory Compliance Specialist, Compliance & Risks

Ani is a Senior Regulatory Compliance Specialist and Team Lead with over 10 years of experience working in various legal positions.

Ani has a particular interest in personal data protection and has previously managed a department at the Georgian Data Protection Authority. She keeps clients up to date on global regulatory developments with a special focus on privacy. Ani obtained her Bachelor’s degree in Law from Tbilisi State University and also holds a Master of Laws degree in International Business Law from Central European University.

She is a qualified lawyer in Georgia, and with her native Georgian language, she is fluent in English and has intermediate knowledge of Russian.

Related Resources