Caught in the Middle: Federal-State Regulatory Conflicts

Conflicts between federal and state regulations are nothing new. But a series of executive actions by the Trump administration and state authorities are exposing companies, hospitals, universities, and investors to circumstances in which complying with a federal directive risks triggering an enforcement action by state authorities — or vice versa. These conflicts are not theoretical; they have already arisen in areas of central concern to many employers, including civil rights and immigration laws. And tension looms in additional areas, including artificial intelligence governance.

These regulatory conflicts demand proactive risk management — especially from regulated entities, government contractors, and other entities that receive federal funds. We illustrate a few examples of how these rock-and-a-hard-place choices are emerging and offer a playbook to mitigate risk.

Regulatory Conflicts: Some Recent Examples

Diversity, Equity, and Inclusion (DEI). Several executive orders (EOs) signed in the second Trump administration address DEI programs. EO 14151 orders federal agencies to terminate DEI grants, contracts, and internal DEI infrastructure. Similarly, EO 14173 targets “equity-related” programs in contracting and other externally administered programs. This policy shift directly affects entities that receive funds from federal grants or contracts and has produced a series of well-publicized conflicts over funding for K-12 and higher education. More broadly, EO 14173 also calls for the private sector to “end illegal DEI discrimination and preferences” and asks the Attorney General to develop an enforcement plan to meet those goals. And it reversed certain longstanding requirements for how government contractors were required to staff their programs.

Regulatory DEI conflicts are already here. The EOs have generated substantial litigation, and an injunction blocking several aspects of them is stayed pending appeal. The administration has also taken action based on the priorities articulated in the orders: DOJ has issued memoranda, inquiry letters, and compliance reviews; EEOC is communicating about Title VII enforcement; and the federal government is terminating or reviewing DEI-related grants and contracts. And states have responded. New York, Illinois, and 16 other states have communicated opposition to the DEI EOs with an amicus brief arguing that the EOs interfere with state civil rights laws. Meanwhile, attorneys general in Iowa and other states have spoken in support of the EOs and taken enforcement steps consistent with those views. When it comes to DEI, then, the conflict is not just federal-state: companies that do business in multiple states may face divergent enforcement postures taken by attorneys general in different states.

Immigration and Enforcement. Given the administration’s focus on immigration enforcement, employers must proceed carefully to navigate potentially conflicting obligations under state law. In response to increased ICE activity, states (including California, Illinois, and New York) have implemented new rules regarding when employers may grant ICE access to non-public areas of their business, whether employers must provide notification to employees when records have been requested, and locations where immigration enforcement actions may occur. Moreover, additional pressure to use the federal government’s E-Verify system to check employment eligibility could also create conflict. Some states (including Texas, Florida, and Georgia) require most employers to use E-Verify, while others (including California and New York) have civil rights or privacy statutes that prohibit re-verification of immigration status and certain other uses of employee information.

AI Governance. Last week, the administration released a National Policy Framework for AI, as anticipated in its December 2025 EO on “Ensuring a National Policy Framework for Artificial Intelligence.” The EO contains processes to identify a “minimally burdensome national standard [for AI] — not 50 discordant State ones”; requires establishment of a DOJ task force to litigate challenges to state AI laws; calls for the establishment of a legislative framework on AI; and directs federal agencies to identify state and local AI regulations that may conflict with federal policy. Last week’s AI policy framework identifies seven goals for a national AI policy, one of which calls on Congress to “preempt state AI laws…to ensure a minimally burdensome national standard.” In particular, the framework notes that “states should not be permitted to regulate AI development.”

While implementation of the EO and policy framework is in the early phases, they create a meaningful possibility of regulatory conflict with several existing state and local AI governance regimes that impose affirmative obligations on developers and users of AI systems. California, Colorado, and New York City, for instance, require algorithms to comply with anti-bias restrictions and establish certain duties of care, notice, and disclosure. And shortly after the administration issued the EO, Illinois indicated that it would defend its state AI laws if litigation ensues.

A Playbook for Responding to Zero-Sum Regulatory Conflicts

Organizations and companies concerned about these or any other federal-state regulatory conflicts should think hard about how to mitigate risk. Of course, each circumstance demands an individualized analysis. But, at a general level, we suggest a framework for analysis using a three-step playbook — identify, protect, and prepare.

• Identify: Define the regulatory risk.
  • Map the conflict: Conduct a comprehensive risk assessment to identify potential regulatory conflicts. For each state where the organization does business or could be subject to federal court jurisdiction, it should track statutory and regulatory mandates, pertinent enforcement authorities and any actions they have taken, and related litigation. Stay current on these issues and communicate with relevant decision-makers about relevant updates.
  • Distinguish difficulty from impossibility: Distinguish between scenarios that make compliance with both state and federal mandates difficult and scenarios that make mutual compliance impossible.
  • Quantify risk profiles: Assess the impact of the risk and, if appropriate, identify a hierarchy of exposure. For each implicated business unit, quantify the financial and other impacts, both directly (via penalties, fines, damages, or injunctive action) and indirectly (via reputational risk, business dependencies, and other downstream effects). Consider the available remedies and enforcement resources available under federal and state regimes. Then, identify risk tolerance and thresholds for key business units. Use this information to think about how to prioritize monitoring and compliance resources.
• Protect: Act now to safeguard the organization.
  • Revise policies: Determine whether existing policies should be updated to withstand the strictest applicable standard, whether state or federal.
  • Prepare documentation: Ensure that books and records and other documentation practices conform with both federal and state requirements. Documentation should include contemporaneous decision memoranda explaining why particular choices were made.
  • Maintain contracting hygiene: Understand any new requirements for relationships with vendors or other third parties (including, for example, reporting requirements) and update contracts accordingly. Make sure that contracts include language that protects the organization if laws or regulations change (e.g., flexibility on payment or performance, acts of God, or other external influences). Include indemnity and carve-out provisions.
  • Update staff training: Retrain managers, human resource staff, compliance officers, and others on new obligations. Provide decision trees or one-pagers for frontline employees.
  • Consider segmenting operations: If feasible, it may be appropriate to reorganize or reclassify lines of reporting, corporate organizations, or other parts of the business to isolate regulatory exposure (e.g., state-specific entities that minimize the portion of your business and assets that are most exposed to enforcement risk).
• Prepare: Get ready for any potential enforcement action.
  • Assemble the team: Identify clear points of contact and lines of authority within business units and the general counsel’s office for monitoring and responding to regulatory risk. Consider forming a designated cross-functional committee for this purpose. Identify key in-house and outside counsel who will address litigation or enforcement action. Identify relevant technical expertise, and establish clear escalation plans.
  • Develop a litigation plan: For any areas of pronounced risk, it may be appropriate to lay litigation groundwork so that you can move decisively if conflict arises. Identify the most likely causes of action, the most viable defenses, and consider affirmative challenges (e.g., constitutional, Administrative Procedure Act, anti-commandeering, preemption, or Spending Clause theories). Consider seeking affirmative relief — and the best forum for it — rather than staying on defense.
  • Plan communications strategy: Have a plan for communicating with stakeholders in the event of enforcement action. Develop internal and external messaging that balances compliance, legal risk, and reputation.

For more information or to discuss how these issues may affect your organization, please contact the authors or other members of Arnold & Porter’s Administrative Law and Regulatory Litigation practice group. 

© Arnold & Porter Kaye Scholer LLP 2026 All Rights Reserved. This Blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.