FTC Enforcement Policy on AI and Algorithmic Fairness
Effective date
Penalty
Initial Section 5 violations: consent order/injunction (no monetary penalty for first offense). Consent order violations: up to $53,088 per violation per day…
Obligations mapped
5 obligations
Legislative update
The FTC issued a Policy Statement on AI and Section 5 in March 2026 under the current administration. The December 2025 Executive Order directs the FTC to address when state AI laws are preempted by Section 5. Enforcement posture shifted under the Ferguson administration: fraud and misrepresentation enforcement continues, while speculative risk and means-and-instrumentalities liability have been narrowed.
Overview
The Federal Trade Commission watches for companies that lie about what their AI can do, use AI in ways that hurt consumers (especially children), or collect data improperly to train AI models. If a company claims its AI product does something it cannot actually do, the FTC can take action. In extreme cases, the FTC can order a company to delete the AI models it built using improperly collected data. The FTC does not regulate AI directly. It applies its existing authority over deceptive and unfair business practices to companies using AI.
This is federal enforcement guidance.
See if this regulation applies to your company with the free exposure scan.
Who this applies to
This regulation applies to the following roles:
- Developers of covered AI systems
- Deployers and users of covered AI systems
- United States federal law
This regulation applies to both companies that build AI products and companies that use AI tools from other vendors.
15 U.S.C. 45(a)(1); FTC Endorsement Guides · 15 U.S.C. 45(a)(1); Biometric Policy Statement; Operation AI Comply and related sections
AI categories covered
- Consumer-facing AI
- Financial services AI
- Algorithmic pricing
- Automated decision-making
Specific AI use cases:
- Dynamic and algorithmic pricing
- Credit scoring and risk assessment
- Customer profiling and segmentation
- Recommendation engines
What this requires you to do
5 obligations identified from statutory analysis.
15 U.S.C. 45(a)(1); Biometric Policy Statement; Operation AI Comply
15 U.S.C. 45(a)(1) (unfairness); FTC 6(b) AI Companion Resolution (Sep 2025)
15 U.S.C. 45(a)(1); Biometric Policy Statement
15 U.S.C. 45(a)(1); Biometric Policy Statement; March 2026 Policy Statement
15 U.S.C. 45(a)(1); FTC Endorsement Guides
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.
Enforcement and penalties
Initial Section 5 violations: consent order/injunction (no monetary penalty for first offense). Consent order violations: up to $53,088 per violation per day (2025, CPI-adjusted annually). Penalty Offense Authority: $53,088 per violation. Algorithmic disgorgement: deletion of AI models and data. No private right of action under Section 5.
Penalty amounts are based on statutory text and may be subject to adjustment, judicial interpretation, or enforcement discretion.
Related regulations
- In EffectFederal
TAKE IT DOWN Act (S. 146)
Requires covered online platforms to remove reported nonconsensual intimate imagery, including AI-generated deepfakes, within a short deadline after a valid notice. Dual effective dates: criminal provisions effective May 19, 2025 (date signed into law). Platform compliance deadline: May 19, 2026 (one year after signing). First federal law limiting the use of AI in ways harmful to individuals. Covers both authentic NCII and AI-generated deepfakes. Does not preempt state laws. FTC jurisdiction extended to nonprofit entities. First and only enacted federal AI-specific law signed by the Trump administration. Bipartisan 409-2 House vote, unanimous Senate passage.
Effective
- UpcomingAI-Specific
Colorado ADMT / AI Act (SB 26-189)
Colorado SB 26-189 repeals and reenacts SB 24-205 into an automated decision-making technology (ADMT) framework for consequential decisions. Starting January 1, 2027, covered developers may need to provide deployers with technical documentation and material-update notices. Covered deployers may need point-of-interaction notices, post-adverse-outcome disclosures, data-access and correction processes, human-review and reconsideration workflows, and three-year compliance records. SB 24-205 risk-management, impact-assessment, and reasonable-care artifacts remain useful governance evidence, but they are historical or reusable controls rather than standalone current-law duties under the new Colorado framework.
Effective
- UpcomingPrivacy ADM
CCPA/CPRA Automated Decision-Making Technology Regulations
California's ADMT regulations require businesses using automated decisionmaking technology for significant decisions (employment, finance, housing, education, healthcare) to provide pre-use notices, offer opt-out rights, respond to access requests, and conduct risk assessments with annual CPPA filing under penalty of perjury.
Effective
- In EffectFederal
EEOC Guidance on AI in Employment Selection
EEOC technical assistance documents explain how existing Title VII and ADA obligations apply to AI and algorithmic employment tools. Not binding regulation, but signals enforcement priorities. Employers are liable for adverse impact from AI tools even when tools are designed by third-party vendors. Requires adverse impact analysis per UGESP four-fifths rule. ADA prohibits AI tools that screen out individuals with disabilities or make pre-offer disability inquiries.
Effective
- In EffectFederal
Executive Order 14110 on AI (Revoked)
Established federal policy priorities for AI safety, security, and rights protections across agencies. Directed agencies to issue additional standards, procurement rules, and risk controls. Revoked by Executive Order 14148 on January 20, 2025. Listed for historical reference. Key provisions revoked include NIST AI safety testing requirements, reporting requirements for dual-use foundation models, and watermarking mandates. However, NIST work products developed under EO 14110 (AI RMF, GenAI Profile) persist as voluntary frameworks.
Effective
- In EffectFederal
Executive Order 14281: Restoring Equality of Opportunity and Meritocracy
Directs federal agencies to deprioritize disparate-impact enforcement across civil rights statutes (Title VII, Title VI, ECOA, Fair Housing Act). Affects AI-driven hiring, lending, housing, insurance decisions. AG directed to assess and potentially preempt state laws imposing disparate-impact liability (Section 7(a)). Companies remain exposed to private Title VII litigation and state AI laws (CO AI Act, IL HRA AI, NYC LL 144) that codify disparate-impact standards.
Effective
- In EffectFederal
DOJ AI Litigation Task Force
Coordinates federal civil litigation strategy on AI-related matters across the Department of Justice. Executive orders cannot preempt state law. Only Congress or courts can do that. Task Force is authorized to file lawsuits challenging state laws but as of April 2026 has NOT filed any. Congress rejected federal preemption twice: Senate vote 99-1 in July 2025, preemption language also dropped from NDAA in December 2025.
Effective
- In EffectFederal Guidance
SEC AI Guidance in Financial Services
SEC enforces existing fiduciary duties and disclosure requirements as applied to AI. Pursuing AI washing enforcement against companies overstating AI capabilities in securities filings. Proposed rule on predictive data analytics (2023-17958) unlikely to be finalized under current administration.
Effective
- In EffectFederal Guidance
FDA AI/ML Medical Device Framework
FDA requires pre-market review (510(k), De Novo, PMA) for AI/ML-based software that meets the definition of a medical device. Over 1,000 AI/ML-enabled devices authorized as of 2025. Includes predetermined change control plan for adaptive AI/ML devices. Most mature federal AI regulatory framework. Sector-specific. Has been operating for years.
Effective
- In EffectFederal Guidance
HUD AI Guidance in Housing
Fair Housing Act disparate impact standard applies to AI-driven tenant screening, lending algorithms, and property valuations. HUD 2023 disparate impact rule (reinstated) allows challenges to facially neutral AI practices with discriminatory effects. Meta 2022 settlement over AI ad targeting in housing is a key precedent. Disparate impact rule status under Trump administration should be monitored.
Effective
- In EffectFederal Guidance
DOL AI in Workplace Guidance
Non-binding principles for AI in the workplace covering transparency, human oversight, informed consent, data protection, non-discrimination, worker voice, and compliance with existing labor law. Issued under Biden DOL. Status under Trump administration uncertain. However, underlying labor law obligations persist.
Effective
- In EffectFramework
NIST AI Risk Management Framework (AI RMF 1.0)
NIST AI RMF is a voluntary framework used as a practical benchmark by regulators and lawmakers. NIST released AI RMF 2.0 in February 2024, building on early adoption experiences and adapting to generative AI paradigms. Companion documents include the AI RMF Playbook and Generative AI Profile (NIST AI 600-1), developed under EO 14110, which persists as a voluntary framework even though EO 14110 was revoked. State laws that reference NIST as a safe harbor or affirmative defense include Texas TRAIGA (HB 149), Tennessee TIPA, and Montana Right to Compute Act (SB 212). Colorado SB24-205 NIST-aligned controls remain useful historical and reusable governance evidence after SB26-189, but they should not be described as the current Colorado ADMT minimum-law safe harbor without legal review. Alignment with NIST AI RMF increasingly affects legal exposure under these state laws.
Effective
This rule references NIST AI RMF practices. See the federal NIST AI RMF entry for context and source links.
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.