Iowa House File 406 (HF 406) introduces proposed requirements for device companies manufacturing smart devices sold in the state with pre-installed artificial intelligence [1]. The bill mandates a distinct agreement during device initialization, requiring explicit notice of AI installation and, if applicable, a statement of purpose for private data access [2]. It further stipulates options for users to uninstall AI or selectively refuse access to private data [3].

Who does HF 406 affect?

Device companies manufacturing smart devices (e.g., computers, smartphones, gaming consoles, tablets) with pre-installed artificial intelligence and a registered presence in Iowa are within scope. This includes entities whose AI systems access "private data" on such devices, necessitating new consent flows and adherence to stated data usage purposes. The bill's definitions of "smart device" apply to those sold on or after July 1, 2025.

What is the current status of HF 406?

As of the last published update, HF 406 is at the "introduced" stage, with bill status "introduced".

Where can I find the primary source for HF 406?

The primary source for the most recent update is at https://www.legis.iowa.gov/publications/search/document?fq=id:1522304&q=artificial+intelligence. AIGI publishes the full citation chain plus every approved brief on this bill.

IA, US · AI law tracker

HF 406 — IA, US

HF 406 is an AI governance legislation from IA, currently introduced. The introduced bill establishes specific consent mechanisms and data use restrictions for artificial intelligence embedded in smart devices sold in Iowa [2]. AIGI tracks 1 primary-source update on this bill; the most recent was published on 2025-02-13.

Status & timeline

Regulatory stage: introduced
Bill status: introduced
Authority / governing body: Iowa Legislature
Chamber: house
Document type: legislation

Next deadline: Proposed legislation; if enacted, applies to smart devices sold on or after July 1, 2025.

Subscriber only

Full obligation matrix

Actor	Obligation	Deadline	Source
device_company	Cause an agreement to appear when a user initializes a smart device with artificial intelligence installed.	2025-07-01	—
device_company	The agreement must notify the user that artificial intelligence is installed on the smart device.	2025-07-01	—
device_company	If the smart device's artificial intelligence is designed to access private data, the agreement must contain the smart device's statement of purpose.	2025-07-01	—
device_company	The agreement must include an option for the user to uninstall the artificial intelligence.	2025-07-01	—
device_company	If the user does not uninstall, the agreement must provide an interactive form allowing the user to refuse AI access to each type of private data before it is accessed.	2025-07-01	—
device_company	The required agreement must be separate from any other agreements or disclaimers for the smart device.	2025-07-01	—
device_company	Update the agreement if any information in the statement of purpose for a smart device changes.	2025-07-01	—
device_company	Cause the updated agreement to appear on each affected smart device that has not yet authorized or refused private data access based on the change.	2025-07-01	—
device_company	Not permit artificial intelligence installed on a smart device to access private data types not authorized in the agreement.	2025-07-01	—
device_company	Not use private data accessed by artificial intelligence in a manner inconsistent with the smart device's statement of purpose.	2025-07-01	—
device_company	If private data is transferred off the smart device, not maintain, disseminate, or delete it in a manner inconsistent with the smart device's statement of purpose.	2025-07-01	—
device_company	Not require a smart device user to install artificial intelligence as a condition to use the smart device.	2025-07-01	—
device_company	Include clearly identifiable means to allow a user to uninstall artificial intelligence from a smart device.	2025-07-01	—

Subscriber only

Enforcement risk score

/ 100

Announced regulation; enforcement footprint still forming.

Subscriber only

Role-based compliance checklist

product_manager Design user interface flows to present a separate AI-specific agreement during smart device initialization. (2025-07-01)
legal Draft or update user agreements to include mandatory AI disclosures, statement of purpose, and options for uninstall/data refusal. (2025-07-01)
engineering Implement technical mechanisms for users to uninstall AI and selectively refuse access to private data types. (2025-07-01)
data_scientist Document the types of private data AI systems access, how it is used, and how new content is generated, for the statement of purpose. (2025-07-01)
compliance_officer Establish processes for updating statements of purpose and ensuring updated agreements are presented to affected users. (2025-07-01)
cto Ensure that AI installation is not a mandatory condition for smart device functionality and that uninstall options are prominent. (2025-07-01)
legal Review data handling practices to ensure consistency with statements of purpose and user authorizations, especially for off-device data transfers. (2025-07-01)

Subscriber only

Vendor impact assessment

Vendor risk class: high
Procurement categories: customer_service_ai, content_moderation, fraud_detection, productivity_assistants, other

Device companies must ensure that any third-party AI embedded in their smart devices complies with Iowa HF 406's transparency, user consent, and data handling requirements, necessitating rigorous vendor assessment and contractual agreements.

Sample vendor questions

Does your AI system access 'private data' as defined by HF 406?
Can your AI be uninstalled or its access to specific data types refused by the end-user?
Do you provide a clear 'statement of purpose' outlining data access, usage, and retention policies consistent with HF 406 requirements?
What mechanisms are in place to ensure your AI's data handling practices align with user authorizations and stated purposes, especially for data transferred off-device?
How do you support 'device companies' in fulfilling their transparency and user control obligations under this potential law?

Intelligence briefs (1)

legislation introduced 2/13/2025

Iowa Bill Proposes Smart Device AI Data Access Consent and Restrictions

The introduced bill establishes specific consent mechanisms and data use restrictions for artificial intelligence embedded in smart devices sold in Iowa [2].

This development bears on the scope of consumer data protection, potentially establishing new obligations for AI deployers within the connected device ecosystem.

Deadline: Proposed legislation; if enacted, applies to smart devices sold on or after July 1, 2025.

Primary source →

Frequently asked questions

What is HF 406?: Iowa House File 406 (HF 406) introduces proposed requirements for device companies manufacturing smart devices sold in the state with pre-installed artificial intelligence [1]. The bill mandates a distinct agreement during device initialization, requiring explicit notice of AI installation and, if applicable, a statement of purpose for private data access [2]. It further stipulates options for users to uninstall AI or selectively refuse access to private data [3]. Primary source →
Why does HF 406 matter?: This development bears on the scope of consumer data protection, potentially establishing new obligations for AI deployers within the connected device ecosystem. Primary source →
Who does HF 406 affect?: Device companies manufacturing smart devices (e.g., computers, smartphones, gaming consoles, tablets) with pre-installed artificial intelligence and a registered presence in Iowa are within scope. This includes entities whose AI systems access "private data" on such devices, necessitating new consent flows and adherence to stated data usage purposes. The bill's definitions of "smart device" apply to those sold on or after July 1, 2025. Primary source →
What are the key dates for HF 406?: Proposed legislation; if enacted, applies to smart devices sold on or after July 1, 2025. Primary source →
What is the current status of HF 406?: As of the last published update, HF 406 is at the "introduced" stage, with bill status "introduced". Primary source →
Where can I find the primary source for HF 406?: The primary source for the most recent update is at https://www.legis.iowa.gov/publications/search/document?fq=id:1522304&q=artificial+intelligence. AIGI publishes the full citation chain plus every approved brief on this bill. Primary source →

Stay informed

Get briefs on every AI law, every morning.

Start 14-day trial →

Important — about this brief

This brief is published by AIGI as a regulatory intelligence service. It contains general information about AI laws, regulations, enforcement actions, and policy signals across jurisdictions. It is not legal, compliance, audit, or risk-management advice; it does not establish an attorney-client, advisory, or fiduciary relationship; and it should not be relied upon as a substitute for professional counsel applied to specific facts and circumstances. Where the brief identifies “Issues for Review,” those are observations of questions a reader in a particular role might raise with their own legal, compliance, or risk function — not recommendations to act. AIGI expressly disclaims liability for actions taken or not taken in reliance on this brief. Subscribers in regulated industries should consult licensed professionals authorized to practice in their jurisdiction.

Full disclosures →

Status & timeline

Intelligence briefs (1)

Iowa Bill Proposes Smart Device AI Data Access Consent and Restrictions

Frequently asked questions

Related

Get briefs on every AI law, every morning.