State Flag of Virginia

Quick Hits

  • Virginia Governor Glenn Youngkin vetoed HB 2094, the High-Risk Artificial Intelligence Developer and Deployer Act, citing concerns that its stringent requirements would stifle innovation and economic growth, particularly for startups and small businesses.
  • The veto maintains the status quo for AI regulation in Virginia, but businesses contracting with state agencies still must comply with AI standards under Virginia’s Executive Order No. 30 (2024), and any standards relating to the deployment of AI systems that are issued pursuant to that order.
  • Private-sector AI bills are currently pending in twenty states. So, regardless of Governor Youngkin’s veto, companies may want to continue proactively refining their AI governance frameworks to stay prepared for future regulatory developments.

Veto of HB 2094: Stated Reasons and Context

Governor Youngkin announced his veto of HB 2094 on March 24, 2025, just ahead of the bill’s deadline for approval. In his veto message, the governor emphasized that while the goal of ethical AI is important, it was his view that HB 2094’s approach would ultimately do more harm than good to Virginia’s economy. In particular, he stated that the bill “would harm the creation of new jobs, the attraction of new business investment, and the availability of innovative technology in the Commonwealth of Virginia.”

A key concern was the compliance burden HB 2094 would have imposed. Industry analysts estimated the legislation would saddle AI developers with nearly $30 million in compliance costs, which could be especially challenging for startups and smaller tech firms. Governor Youngkin, echoing industry concerns that such costs and regulatory hurdles might deter new businesses from innovating or investing in Virginia, stated, “HB 2094’s rigid framework fails to account for the rapidly evolving and fast-moving nature of the AI industry and puts an especially onerous burden on smaller firms and startups that lack large legal compliance departments.”

Virginia Executive Order No. 30 and Ongoing AI Initiatives

Governor Youngkin’s veto of HB 2094 does not create an AI regulatory vacuum in Virginia. Last year, Governor Youngkin signed Executive Order No. 30 on AI, establishing baseline standards and guidelines for the use of AI in Virginia’s state government. This executive order directed the Virginia Information Technologies Agency (VITA) to publish AI policy standards and IT standards for all executive branch agencies. VITA published the policy standards in June 2024. Executive Order No. 30 also created the Artificial Intelligence Task Force, currently comprised of business and technology nonprofit executives, former public servants, and academics, to develop further “guardrails” for the responsible use of AI and to provide ongoing recommendations.

Executive Order No. 30 requires that any AI technologies used by state agencies—including those provided by outside vendors—comply with the new AI standards for procurement and use. In practice, this requires companies supplying AI software or services to Virginia agencies to meet certain requirements with regard to transparency, risk mitigation, and data protection defined by VITA’s standards. Those standards draw on widely accepted AI ethical principles (for instance, requiring guardrails against bias and privacy harms in agency-used AI systems). Executive Order No. 30 thus indirectly extends some AI governance expectations to private-sector businesses operating in Virginia via contracting. Companies serving public-sector clients in Virginia may want to monitor the state’s AI standards for anticipated updates in this quickly evolving field.

Looking Forward

Had HB 2094 become law, Virginia would have joined Colorado as one of the first states with a broad AI statute, potentially adding a patchwork compliance burden for firms operating across state lines. In the near term, however, Virginia law will not explicitly require the preparation of algorithmic impact assessments, preparation and implementation of new disclosure methods, or the formal adoption of the prescribed risk-management programs that HB 2094 would have required.

Nevertheless, companies in Virginia looking to embrace or expand their use of AI are not “off the hook,” as general laws and regulations still apply to AI-driven activities. For example, antidiscrimination laws, consumer protection statutes, and data privacy regulations (such as Virginia’s Consumer Data Protection Act) continue to govern the use of personal information (including through AI) and the outcomes of automated decisions. Accordingly, if an AI tool yields biased hiring decisions or unfair consumer outcomes, companies could face liability under existing legal theories regardless of Governor Youngkin’s veto.

Moreover, businesses operating in multiple jurisdictions should remember that Colorado’s AI law is already on the books and that similar bills have been introduced in many other states. There is also ongoing discussion at the federal level about AI accountability (through agency guidance, federal initiatives, and the National Institute of Standards and Technology AI Risk Management Framework). In short, the regulatory climate around AI remains in flux, and Virginia’s veto is just one part of a larger national picture that warrants careful consideration. Companies will want to remain agile and informed as the landscape evolves.

Ogletree Deakins will continue to monitor developments and will provide updates on the Cybersecurity and Privacy, Employment Law, Technology, and Virginia blogs as new information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts


Browse More Insights

Fingerprint Biometric Authentication Button. Digital Security Concept
Practice Group

Technology

Ogletree Deakins is uniquely situated to provide tech employers and users (the “TECHPLACE™”) with labor and employment advice, compliance counseling, and litigation services that embrace innovation and mitigate legal risk. Through our Technology Practice Group, we support clients in the exploration, invention, and/or implementation of new and evolving technologies to navigate the unique and emerging labor and employment issues present in the workplace.

Learn more
Modern dark data center, all objects in the scene are 3D
Practice Group

Cybersecurity and Privacy

The attorneys in the Cybersecurity and Privacy Practice Group at Ogletree Deakins understand that data now accumulates quickly and transmits easily. As the law adapts to technical advancements, we effectively advise our clients as they work to comply with new developments and best practices for protecting the privacy of the data that their businesses collect and retain.

Learn more
Fountain pen signing a document, close view with center focus
Practice Group

Employment Law

Ogletree Deakins’ employment lawyers are experienced in all aspects of employment law, from day-to-day advice to complex employment litigation.

Learn more

Sign up to receive emails about new developments and upcoming programs.

Sign Up Now