We use cookies for analytics to understand how visitors use this site. We also use essential cookies for site functionality.
See our Privacy Policy for details.
Session Expired
Your session has expired. Please sign in again to continue where you left off.
A curated record of federal and state enforcement actions targeting AI systems — including FTC orders, EEOC guidance, local law enforcement, and state AG actions. Updated as new actions are filed.
Live Tracker
Federal & State Actions
Updated May 2026
47+
Actions Tracked
6
Active Agencies
18
States with Activity
$580M+
Total Penalties
AI enforcement is accelerating. Federal agencies — particularly the FTC — have shifted from guidance to active litigation, using existing statutory authority under the FTC Act, COPPA, and civil rights laws to pursue companies deploying AI in harmful or deceptive ways. State attorneys general and local regulators are following suit. This tracker documents the most significant actions to date.
Each entry includes the agency, target, legal theory, outcome, and compliance implications relevant to corporate legal and compliance teams.
Legal Disclaimer: This tracker is for informational purposes only and does not constitute legal advice. Consult qualified counsel before making compliance decisions based on this information. Enforcement postures change; verify current status independently.
Agency Enforcement Breakdown
Five federal agencies and a growing number of state AGs are actively pursuing AI enforcement using existing statutory authority, without waiting for Congress to pass comprehensive AI legislation.
FTCHigh Activity
Federal Trade Commission
The most active AI enforcement agency. Uses Section 5 of the FTC Act to target deceptive AI capability claims, algorithmic bias, and consumer harms. Issued the landmark "AI and Your Business" guidance in 2023 and has brought multiple orders targeting surveillance and biometric AI.
Notable Actions
Rite Aid — facial recognition ban (2023)
Amazon/Alexa — children's voice data ($25M, 2023)
Evolv Technology — AI performance misrepresentation (2024)
Ongoing: AI-generated fake reviews investigations
EEOCGuidance + Litigation
Equal Employment Opportunity Commission
Enforces Title VII, ADA, and ADEA against discriminatory AI hiring tools. Released its foundational technical assistance document on AI in employment in 2023, making clear employers cannot outsource civil rights compliance to vendors. Filing pattern: disparate impact discrimination under existing law.
Notable Actions
iTutorGroup — AI-driven age discrimination ($365K, 2023)
EEOC v. DHI Group — algorithmic screening investigation
Ongoing: AI resume screening audits
State AGsGrowing
State Attorneys General
State AGs in California, New York, Texas, Illinois, and others are bringing AI enforcement under state UDAP statutes, biometric privacy laws (BIPA in Illinois), and data protection frameworks. NY AG has focused on AI deepfakes and synthetic media fraud; CA AG targets discriminatory algorithmic pricing.
Notable Actions
NY AG — AI deepfake fraud settlement (2024)
IL AG — BIPA enforcement against facial recognition
TX AG — AI voice cloning investigation (2024)
HHS/OCRActive Guidance
HHS Office for Civil Rights
Enforces Section 1557 of the ACA prohibiting discriminatory AI in health programs receiving federal funding. Released a final rule in 2024 prohibiting the use of clinical algorithms that discriminate based on race, national origin, sex, age, or disability. Actively monitoring health AI for disparate outcomes.
Notable Actions
2024 Final Rule: Non-Discrimination in Health Programs
HIPAA AI guidance on de-identification risks
Investigations: AI clinical decision tools
CFPBCredit & Lending Focus
Consumer Financial Protection Bureau
Applies ECOA, FCRA, and UDAAP to AI-driven credit decisions and consumer financial products. Issued guidance in 2022 and 2023 requiring explainability for adverse actions by AI models. Investigating use of alternative data and algorithmic credit scoring for discriminatory effects.
Notable Actions
2023 Circular: Adverse action explainability for AI models
Enforces New York City Local Law 144 on automated employment decision tools (AEDTs). Requires annual independent bias audits, public disclosure, and candidate notification. Fines of $500–$1,500 per violation per day. Issued subpoenas to non-compliant employers in 2024 and expanded enforcement in 2025.
Notable Actions
2024: Subpoenas to employers using non-audited AEDTs
Ongoing: Compliance audits of major HR tech vendors
2025: Expanded rules under review
Notable Enforcement Actions
Filter:
Loading enforcement actions...
Enforcement by Category
AI enforcement actions cluster around five legal theories. Understanding which category applies to your AI use case is the first step in assessing regulatory exposure.
16
Deceptive AI Claims
Unsubstantiated performance claims for AI systems — accuracy rates, capability statements, and safety claims. FTC's primary enforcement theory under Section 5. Evolv and multiple AI SaaS companies targeted.
Key cases: FTC v. Evolv, FTC v. DoNotPay, FTC AI claims guidance
12
Algorithmic Discrimination
AI tools that produce disparate impact based on race, sex, age, disability, or national origin in employment, housing, or credit. EEOC and CFPB primary enforcers. Vendor defense does not shield employers.
Key cases: EEOC v. iTutorGroup, NYC Local Law 144 enforcement, CFPB credit circulars
11
Data Privacy Violations
AI systems collecting, retaining, or using personal data in violation of COPPA, HIPAA, BIPA, or state privacy laws. Amazon Alexa, Ring, and various health AI companies have faced these actions. Biometric data draws heightened scrutiny.
Key cases: FTC v. Amazon/Alexa, HIPAA health AI guidance, IL BIPA enforcement
9
AI in Employment
AI tools used in hiring, promotion, termination, or performance management that violate civil rights laws or local AI-specific regulations like NYC Local Law 144. Growing area with EEOC, DOL, and state AG involvement.
Key cases: EEOC v. iTutorGroup, NYC LL 144 enforcement, WA state AG guidance
9
Consumer Protection & Fraud
AI-generated deepfakes, synthetic media fraud, AI-powered scams, fake reviews, and other AI-enabled consumer deception. State AGs and the FTC most active. The FTC has explicitly stated that AI-generated content does not receive special treatment — all consumer protection law applies. Key cases: State AG deepfake actions, FTC AI fake reviews guidance, TX AG election deepfake enforcement
What This Means for Compliance
These enforcement actions, taken together, establish several clear principles that should inform any organization's AI governance program.
Existing Law Applies Fully
Regulators are not waiting for new AI legislation. The FTC, EEOC, CFPB, and state AGs are applying existing statutory authority aggressively. Organizations deploying AI cannot assume that the absence of an "AI law" means the absence of legal risk.
The Vendor Defense Is Gone
EEOC guidance and FTC enforcement have eliminated the "we bought it from a vendor" defense. Organizations are responsible for the discriminatory or deceptive outputs of AI tools they deploy, regardless of whether they built the system.
Documentation Is Your Defense
In every major enforcement action, the absence of pre-deployment testing, bias audits, and human review processes has been cited as an aggravating factor. Documenting your AI due diligence — even when imperfect — significantly reduces enforcement risk.
State AG Coordination Is Growing
State AGs are increasingly coordinating on AI enforcement, sharing investigation strategies and filing multi-state actions. An investigation in one state often signals scrutiny across others. National compliance programs are no longer optional for large employers.
Claims Must Be Substantiated
The Evolv and multiple other FTC actions send an unmistakable message: AI performance marketing claims must be substantiated by competent testing before publication. "Cutting-edge," "highly accurate," and similar superlatives require evidentiary support.
Consent Decrees Set Industry Norms
FTC consent orders requiring third-party audits, bias testing, and independent compliance monitors are effectively setting baseline industry standards. Even companies not directly subject to orders should treat these requirements as best practices.
Get alerted when the next enforcement action hits your industry — Upgrade to Pro
Get Enforcement Alerts by Email
New AI enforcement actions directly to your inbox — free for legal and compliance professionals.
The primary federal agencies enforcing AI-related laws are the Federal Trade Commission (FTC) under Section 5 of the FTC Act for deceptive practices and algorithmic harm, the Equal Employment Opportunity Commission (EEOC) for AI-driven hiring discrimination under Title VII and the ADA, the Consumer Financial Protection Bureau (CFPB) for algorithmic credit decisions under ECOA and FCRA, and the Department of Health and Human Services Office for Civil Rights (HHS/OCR) for AI in healthcare programs receiving federal funding.
State Attorneys General are also increasingly active, particularly following the enactment of state-level AI laws in Colorado, Texas, Illinois, and New York City. The NYC Department of Consumer and Worker Protection is the most active local enforcement body, pursuing employers under Local Law 144 on automated hiring tools.
In December 2023, the FTC took action against Rite Aid over its use of AI-powered facial recognition technology deployed in over 200 store locations. The FTC found the system generated false-positive matches at a disproportionately high rate for women and people of color, resulting in wrongful accusations and public humiliations of innocent customers.
Rite Aid was banned from using facial recognition technology in retail settings for five years and required to delete all biometric data and model training data collected through the program. Critically, the FTC found Rite Aid had failed to implement adequate testing, accuracy thresholds, or human review processes before deployment — failures that aggravated the outcome. This case established a clear precedent: companies deploying AI surveillance systems must conduct pre-deployment testing and implement ongoing accuracy monitoring.
New York City Local Law 144, effective July 5, 2023, requires employers using automated employment decision tools (AEDTs) in hiring or promotion decisions to: (1) commission annual independent bias audits by a qualified third party, (2) publicly post the audit results on their website, and (3) notify candidates or employees that such tools are being used at least 10 business days before use.
Enforcement is handled by the NYC Department of Consumer and Worker Protection (DCWP). Penalties range from $500 to $1,500 per violation per day. As of 2024, the DCWP issued subpoenas to non-compliant employers and reached at least two public settlements requiring retroactive audits and corrective disclosures. Large employers in financial services and technology are under particular scrutiny. Expanded rules covering a broader range of tools are under regulatory review in 2025.
Yes. Both the EEOC and the FTC have made clear that purchasing an AI tool from a vendor does not transfer legal liability to that vendor. The EEOC's 2023 technical assistance document explicitly states that employers are responsible under Title VII, the ADA, and the ADEA for discriminatory outcomes from third-party AI tools they deploy in employment decisions.
This means organizations must conduct due diligence on AI tools before deployment, including reviewing bias audit results, testing on their own applicant populations where feasible, and establishing contractual obligations for vendors to provide ongoing audit data. Relying solely on vendor representations about AI accuracy or fairness is not a defense in enforcement proceedings. Consult qualified employment counsel before deploying AI tools in any employment context.
The FTC treats inflated or unsubstantiated AI capability claims as deceptive acts under Section 5 of the FTC Act, applying the same standard as any other product performance claim: claims must be truthful, not misleading, and supported by competent and reliable evidence before they are made.
This includes claims about AI accuracy rates, detection capabilities, error rates, fairness, or safety that cannot be independently verified through competent testing. The FTC's 2024 action against Evolv Technology — whose AI weapons detection system was marketed with accuracy claims the company could not substantiate — is the clearest illustration. Importantly, the FTC has also signaled it will target "AI-washing": marketing AI-based products that are not actually powered by meaningful AI, or that perform substantially below marketed specifications. Any company making AI capability claims should maintain a substantiation file with the testing evidence supporting those claims before publication.
Disclaimer: This tracker is for informational purposes only and does not constitute legal advice. Enforcement information is curated from public sources including FTC press releases, court filings, agency guidance documents, and news reports. Action outcomes, penalty amounts, and agency positions may change. Verify all information independently and consult qualified legal counsel before making compliance decisions. AI Laws by State LLC is not affiliated with any enforcement agency.
Struggling with AI compliance?
Describe your situation and we'll connect you with a specialist who understands your state's AI laws.