[co-author: Stephanie Kozol]*
Introduction
The United States is navigating a new era of regulatory oversight and the balance of power between federal and state regulators following the 2024 election cycle. As federal agencies retreat from and/or realign their regulatory enforcement priorities, state attorneys general (AGs) are increasingly taking the lead in policing companies — especially those that are consumer-facing — bridging perceived gaps left by shifting federal priorities, and in some cases, emboldened to expand regulatory enforcement into relatively new arenas.
During the first half of 2025, state AGs actively adapted to the evolving regulatory landscape. Almost across the board, state AGs have increased their activity in areas such as environmental regulations, consumer protection, antitrust, health care, AI, and privacy. By engaging in these areas of law, state AGs are significantly impacting both businesses and consumers, ensuring that enforcement strategies are attuned to current challenges they are focused on in ways that have resulted in increased adaptability, agility, and rapid changes to the regulatory landscape.
Troutman Pepper Locke’s State AG team is pleased to present this mid-year review, which aims to provide a high-level overview of increasing state AG activity, including insights into regulatory priorities and theories by summarizing the activities in this regulatory space over the past six months. While we do not have a crystal ball, we can tell where regulators are headed by looking at their recent actions. Our insights aim to keep you informed of the latest developments and trends affecting the regulatory landscape to help position your business to avoid regulatory scrutiny.
Update on 2025 State AG Elections
While only two states are primed to experience a change in their top law enforcement officials in 2025, these changes will be amplified by a significant number of elections in 2026. The AGs who are sitting in office after the 2026 election may bring further changes to the office, catalyzing the powers of state AGs and their priorities for years to come.
In Virginia, the 2025 AG election features incumbent Jason Miyares representing the Republican Party, facing Democratic candidate Jerrauld “Jay” Jones. The general election is set for November 4, 2025.
In New Jersey, the AG will be appointed following the 2025 gubernatorial election. The state’s AG is appointed by the governor with Senate approval, and the winner of the gubernatorial race will make this appointment upon taking office in January 2026.
These developments highlight the potential for new leadership in key law enforcement positions, which could lead to shifts in regulatory priorities and a changing landscape for companies.
Antitrust
Antitrust enforcement continues to remain a focus for both state AGs and the Federal Trade Commission (FTC), who continue to collaborate on enforcement efforts despite the change in the federal administration. In the last few days of the Biden administration, the FTC released the “Antitrust Guidelines for Business Activities Affecting Workers,” which identified certain business activities that may violate antitrust laws and replaced the 2016 antitrust guidance. Of note, the guidelines remained consistent with the 2016 guidelines in several instances, such as wage-fixing and no-poach agreements. State AGs have also pursued their own state-level enforcement.
A coalition of 50 state AGs filed a memorandum requesting that a federal judge in Connecticut approve a $39.1 million settlement with Apotex Corp., the largest manufacturer of generic drugs in Canada. The state AGs alleged that Apotex Corp. was engaged in widespread, long-running conspiracy to artificially inflate and manipulate prices for numerous generic prescription drugs, reduce competition, and unreasonably restrain trade. If the court approves the settlement (anticipated to occur in the third or fourth quarter 2025), it will include injunctive components as well as payment to the states and individual consumers.
The FTC, Minnesota, and Illinois have filed a joint lawsuit against Deere & Company for allegedly engaging in anticompetitive business practices involving the ability of owners, independent repair shops, and other third parties, to modify and repair their farm equipment, including electronic components, in violation of federal and state antitrust laws. Michigan, Wisconsin, and Arizona have also joined the lawsuit.
The New York AG obtained a judgment against Intermountain Management Inc. for alleged antitrust violations when a court held that the company’s acquisition and subsequent closure of Toggenburg Mountain Ski Resort constituted a per se violation of state antitrust law because it stifled competition. In addition, the court found that the company’s use of a noncompete agreement, which prohibited employees from working for a competitor within 30 miles, also violated antitrust principles. The court has yet to determine the remedy.
Artificial Intelligence
As generative artificial intelligence (AI) rapidly proliferates, state AGs continue to warn industry of potential legal violations that could arise if companies fail to deploy AI in a responsible manner. As of mid-2025, only Colorado, Utah, California, and Texas had passed AI-specific legislation. However, the relative absence of federal and state AI legislation and/or regulation has not prevented states from advising and taking AI-related enforcement action under existing law, a trend that began in early 2024. Indeed, state AGs have signaled that they will utilize existing laws such as privacy, consumer protection, and anti-discrimination, to regulate AI. These efforts will likely continue for the foreseeable future, particularly as the Trump administration continues to press Congress to pass the AI regulatory moratorium.
At the end of 2024, former Oregon AG Ellen Rosenblum issued AI guidance emphasizing that companies must continue to comply with existing consumer protection and anti-discrimination laws in the deployment of AI and any AI output that results in discriminatory action will still be prosecuted. Specifically, the guidance imposed on companies to: (1) deploy tools that provide accurate information; (2) guarantee consumers’ rights to control their data; (3) place safeguards on the possession of personal information; and (4) prohibit discrimination based on protected classes.
Similarly, in January, New Jersey AG Matthew Platkin announced a “Civil Rights and Technology Initiative,” which addresses the risks of discrimination and bias-based harassment resulting from the use of AI and other advanced technologies. The initiative focuses on preventing algorithmic bias under the New Jersey Law Against Discrimination. It also creates the “Civil Rights Innovation Lab,” which is intended to find and develop technology to bolster enforcement, outreach, and public education efforts with respect to AI.
Missouri AG Andrew Bailey also issued a regulation focusing on the novel AI issue of algorithmic choice in content moderation. It leverages the AG’s authority under the Missouri Merchandising Practices Act to “clarify that it is an unfair, deceptive, fraudulent, or otherwise unlawful practice” to “operate a social media platform unless the platform permits users the opportunity to select a third-party content moderator of their choice, rather than rely on the content moderation provided directly by the social media platform.”
Finally, earlier this year the Trump administration introduced its “Big Beautiful Bill” that, among other things, sought to impose a 10-year moratorium on state laws that limit, restrict, or regulate AI systems. In response, a bipartisan coalition of 40 state AGs sent a letter to Congress expressing strong opposition and arguing the provision violates state sovereignty. The Senate ultimately stripped the AI moratorium from the Big Beautiful Bill before its enactment, but the Trump administration continues to pressure congress to pass such legislation. Regardless, any new moratorium on the state-level regulation of AI will not preclude states from regulating AI through existing privacy, consumer protection, and anti-discrimination laws, as noted above. The state AGs have made clear that a company’s use of AI will not insulate the company from consumer protection laws.
Consumer Financial Services
With the Consumer Financial Protection Bureau (CFPB) significantly curtailing its examination and enforcement activities under the Trump administration, state AGs are increasing their enforcement efforts over the financial services industry. This rise in state AG activity is made possible in part by new state legislation, increased funding, recruiting of former federal regulators, and other related initiatives that will create broader enforcement capabilities to regulate the consumer financial services industry at the state level.
For example, in early May, New York Governor Kathy Hochul signed legislation aimed at enhancing consumer protections, including by simplifying the cancellation process for online subscriptions, requiring online retailers to clearly post return and refund policies, and establishing a regulatory framework for buy-now-pay-later loans. Also in early May, Virginia Governor Glenn Youngkin signed legislation creating new requirements and prohibitions under the state’s consumer protection act focusing on disclosure of mandatory fees and surcharges in consumer transactions. Pennsylvania also took steps to increase consumer protections by launching new consumer protection tools, including a hotline, website, and email address, to facilitate the reporting of scams and predatory practices.
In addition to general consumer protection laws, states are increasingly regulating earned wage access (EWA) services. Several states have passed legislation to regulate EWA products just this year, including Arkansas, Indiana, and Maryland, which are on top of numerous other state EWA laws that have been enacted over the past several years. While differing from state to state, most EWA laws generally aim to create new licensing and disclosure requirements for EWA providers while also imposing fee limitations and providing various exemptions.
State AGs continue to focus on fair lending issues. For example, in March, the New Jersey AG and New Jersey Division on Civil Rights announced the issuance of a finding of probable cause against a cash advance and consumer loan provider alleging that, among other things, it had discriminated against consumers by refusing to lend to certain individuals based on race, national origin, and nationality.
States are also increasing their oversight of the crypto industry — an industry that is likely to remain in the spotlight due to the federal government’s recent embrace of digital currency. For example, in March, the New York AG entered into an agreement with a crypto investment firm to resolve allegations that it had engaged in misrepresentations when promoting an algorithmic cryptocurrency that ultimately failed and caused significant losses. In April, the Iowa AG initiated enforcement actions against two of the state’s largest bitcoin automatic transaction machine (ATM) operators based on allegations that they engaged in unfair and deceptive practices by intentionally failing to implement fraud-prevention safeguards, allowing scam transactions that caused significant financial harm (especially to senior citizens), and failing to clearly disclose prices and transaction fees.
The above actions by both state AGs and state legislatures demonstrate that states are not only continuing to focus on the consumer financial services industry but are also increasing that focus and expanding means and methods by which they regulate the industry. We expect the states to be the vanguard when it comes to this industry for the foreseeable future and in the absence of an active CFPB.
Gaming
The first half of 2025 has brought a wave of notable state-level enforcement and regulatory activity in the gaming space, with AGs and gaming regulators taking action on issues ranging from unlicensed devices to sweepstakes casinos and online gaming operators and intermediaries.
In March, Indiana AG Todd Rokita, together with the Indiana Gaming Commission, issued a joint consumer alert warning residents about deceptive online advertisements for illegal gambling websites. The alert clarified that while online sports wagering is legal in Indiana, online casino-style gaming remains prohibited, and residents were urged to verify licensing status before engaging with online operators.
In April, the Texas Lottery Commission voted to prohibit third-party courier services from facilitating lottery ticket purchases in the state following investigations into two unusually high-value prize claims. Although the ban was initiated by the Commission, the move came amid broader scrutiny by state authorities — including the Texas AG’s office — into whether these services were operating in violation of Texas law. The action prompted swift legal challenges from affected courier companies resulting in a temporary restraining order and raises ongoing questions about the role of intermediaries in state lottery systems.
Shortly thereafter, in May, Pennsylvania’s AG announced a coordinated statewide enforcement action that led to the seizure of hundreds of unlicensed gaming machines from retail locations across a dozen counties in the state. The AG’s office filed felony charges against two companies alleged to be distributing skill-based devices that functioned as illegal slot machines, emphasizing the state’s commitment to preserving the integrity of its licensed gaming framework.
Most recently, in June, New York AG Letitia James sent cease-and-desist orders to more than two dozen online sweepstakes casinos offering casino-style games to New York consumers. While these platforms operate under dual-currency models that purport to comply with sweepstakes laws, New York regulators and lawmakers increasingly view them as unauthorized gambling enterprises.
These developments reflect a continued commitment by state regulators to supporting state-licensed operators as well as a growing willingness among AGs and regulatory bodies to test the boundaries of existing law, particularly as new gaming models and platforms continue to blur the lines between regulated and unregulated activity.
Marketing and Advertising
The first half of 2025 saw significant regulatory advancements related to junk fees and deceptive advertising practices.
With regard to junk fees, the FTC enacted a rule, effective May 12, 2025, that targets deceptive pricing in the hotel, short-term lodging, and live-event ticket industries, requiring full disclosure of mandatory fees in advertised prices, excluding taxes, government fees, optional fees, and shipping costs. California pioneered state-level “junk fee” legislation in 2024, setting a benchmark that inspired other states to enact similar measures.
States like Maryland, North Carolina, New York, and Tennessee implemented focused laws targeting specific sectors such as live-event ticket sales and hospitality, while others broaden their scope akin to California. Notably, legislation in Virginia, Colorado, Connecticut, Minnesota, and Oregon, and regulation in Massachusetts mandates the disclosure of all mandatory fees or surcharges in consumer goods and services advertising.
These laws exhibit certain nuances; some jurisdictions require the prominent display of total prices inclusive of mandatory fees, while shipping charges might be excluded unless deemed calculable upfront. Several areas allow separate listing of mandatory fees and automatic gratuities with clear pre-purchase disclosure, particularly for service-based fees or restaurant industry charges. Industry-specific requirements sometimes align with federal standards. Exemptions apply to companies already adhering to similar federal or state disclosure requirements, such as financial entities and broadband providers compliant with specific labeling standards.
As it relates to regulating advertising practices, state AGs have been particularly focused on the veracity of claims companies are making to consumers. When companies are unable to substantiate information they are conveying to consumers, AGs promptly take action.
For example, Arizona AG Kris Mayes brought a lawsuit alleging that one of the nation’s largest cord blood banking companies promoted misleading health claims. According to the complaint, the company made unsupported claims regarding the efficacy of stem cells and failed to adequately disclose experimental uses. Nevada AG Aaron D. Ford has also taken action against companies who have allegedly made unsubstantiated claims. In May, AG Ford announced that Nevada and the FTC filed suit against a multilevel marketing (MLM) company for allegedly making false earnings claims.
Companies have had to pay substantial amounts of money to resolve allegations that their advertisements were deceptive. For example, Puppyland, known for selling purebred puppies, settled with Washington for $3.75 million. The consent decree mandated that Puppyland stop making false statements regarding breeding standards and health guarantees. Similarly, Alaska’s Department of Law’s Consumer Protection Unit obtained a six-figure civil penalty against B. Merry Studio which sold products with false labels stating such products were “made in Alaska” when the products were assembled in the Philippines.
Privacy
State AGs took action in the first six months of 2025, which illustrated increasing specialization, expertise, and sophistication in the area of data privacy. Many states that have enacted comprehensive data privacy laws in previous years are now putting the legislation into practice, relying on increasingly experienced and resourced regulators. States are focusing on topics such as the use of specific data, including but not limited to geolocation data, the data of minors, health care data, biometric data, financial data, and how all this data may be used to train AI in a way that regulators are concerned will have a detrimental impact when it comes to consumer privacy.
Almost a year ago, Texas committed to developing its own bench of subject matter experts in the area of data privacy. The Texas Data Privacy and Security Act (TDPSA) came into effect on July 1, 2024, making Texas the second state, after California, to establish a specialized regulatory unit primarily aimed at enforcing state privacy law. Texas AG Ken Paxton marked the new year by filing a groundbreaking lawsuit against an insurance company, alleging that it violated Texas state law by collecting, using, and selling the precise geolocation data of Texans through covert tracking software in mobile apps. This case is notable as the first to be brought under a comprehensive state privacy statute.
California, a perennial leader in state privacy regulation, also took steps demonstrating its subject matter expertise by focusing on the privacy of consumers’ geolocation data. In March, California AG Rob Bonta announced his investigation into the location data industry for potential violations of the California Consumer Privacy Act (CCPA). Similarly to the Texas action, California is investigating whether mobile application providers that collect location data to sell or share the information with third parties are respecting consumer rights requests under the CCPA.
State AGs are increasingly working together to share information and resources to regulate how companies use consumer data. The partnerships allow states to increase their proficiency in this space more rapidly through collaboration. One such partnership came about in April when eight state AGs announced the formation of a collaborative privacy enforcement group. The “Consortium of Privacy Regulators” is meant to encourage collaboration and information between state AGs from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon. The consortium’s members took this step, at least in part, due to existing and anticipated gaps in federal privacy enforcement.
Genetic data has been another area of increased regulatory focus. In March, state AGs intervened in the high-profile class action lawsuit against Clearview AI (Clearview), a company offering facial recognition software to private entities and governments. AGs from 22 states and the District of Columbia filed amici briefs in the Northern District of Illinois to oppose a proposed settlement. Clearview negotiated a settlement in which the class members received a future equity stake in the company worth $51.75 million at the time of settlement. The state AGs objected to the fact that the payout to consumers is not guaranteed. Further, the settlement places state AGs in a challenging position. Suppose the state AGs were to obtain an injunction against Clearview, which would cripple the company. In that case, the class members’ compensation may dramatically decrease if the state AGs bring regulatory enforcement actions in their own right. In contrast, the class members’ compensation depends on Clearview’s ability to continue the same allegedly illegal conduct under which class members initially sued. State AGs also expressed concern over whether Clearview’s business model is compatible with constitutional privacy rights.
In 2025, state-level privacy frameworks have evolved significantly, enhancing the tools available to state AGs for consumer data protection. New enforcement actions and regulatory configurations have reshaped how data privacy is approached by consumers, corporations, and regulators. With businesses holding vast amounts of personal information, AGs are actively regulating privacy. As privacy regulations grow more complex, investing in robust data privacy compliance measures and monitoring the rapidly changing landscape can mitigate risks and prevent exposure to enforcement actions.
Pharmaceuticals and Health Sciences
Updates on Public Nuisance Theory of Liability
Over the last decade, state AGs and localities have increasingly brought public nuisance law claims — which traditionally required a property-based tort — to lawsuits asserting violations of consumer protection laws. In no small part, state and local governments have leveraged these novel public nuisance law claims to reach nationwide settlements with certain companies involved in the sale and distribution of opioids to the tune of more than $50 billion.
As many settlements have been finalized, the viability of a public nuisance theory of liability in actions brought by state AG and municipalities continues to receive attention in state courts and state legislatures.
For instance, late last year, the Ohio Supreme Court ruled that Ohio law does not provide for a public nuisance theory of liability for the sale of opioids. The Fourth Circuit Court of Appeals is now set to decide whether West Virginia allows for public nuisance claims against distributors of prescription opioids after the West Virginia Supreme Court declined to answer the question (despite the Fourth Circuit’s request that it do so).
More recently, the city of Baltimore’s 2024 verdict against two distributors was substantially curtailed at the abatement phase of trial, demonstrating that even if a public nuisance violation exists and is shown, governmental regulators still must prove damages. There, the court denied Baltimore’s request for $5.6 billion in abatement, awarding only $226 million (3% of Baltimore’s request, plus costs/fees), concluding that that Baltimore did not present any evidence of any unreasonable conduct by either defendant after about 2019 and the city did not seek any forward-looking injunctive relief. Thereafter, following post-judgment briefing, the court issued an order granting the distributors’ motion for a new trial and presenting Baltimore a remittitur alternative of accepting $52 million (another 80% reduction) to resolve the litigation with both distributors. Baltimore now has until August 8, to decide whether it will accept the reduced amount or proceed with a new trial.
With the goal of constraining state public nuisance law claims, Montana codified what constitutes a public nuisance and expressly excluded product-based claims. Specifically, the state law, which had broadly defined “nuisance,” now requires (1) “a condition arising out of the use of real property that unlawfully interferes with a public right by endangering communal safety, being indecent to the community, or being offensive to the community” or (2) “a condition that unlawfully interferes with the public right to free passage or use . . . of a navigable [waterway] or a public park, square, street, road, or highway.” The Montana law takes a step further and includes a nonexclusive list of situations that do not constitute a public nuisance, such as “an action or condition that is lawful” or “that is authorized, approved, licensed, or mandated” by law or “approved by a government entity.” The law also instructs that “the design, manufacturing, distributing, selling, labeling, or marketing of a product” may “not be considered a public nuisance,” and “the aggregation of individual injuries or private rights” does not transform them into a public nuisance.
Most Favored Nations Clauses Under the Microscope
State AGs are increasingly using most favored nations clauses to guarantee that a settling state or states (State A) will receive a favorable adjustment of its settlement terms if it later turns out that the company subsequently settles with another state (State X) on more favorable terms.
While this trend began in Florida over a decade ago, there is a growing trend of states that are part of multistate investigations or litigation to agree to reach a separate resolution on what other state AGs perceive as a “lowball” settlement. Reaching an expedited settlement that includes a most favored nations clause allows a state to ensure parity with states that continue to litigate without having to continue to expend the resources necessary to prosecute a complicated litigation.
New Pre-Merger Regulations With Significant Scrutiny of Private Equity Investments
The year began with heightened regulatory oversight for private equity investments in health care.
New legislation in Massachusetts provided AG Andrea Campbell with expanded authority to scrutinize health care investments with civil investigative demands (CIDs) to private equity funds, other significant investors, health care real estate investment trusts, and management services organizations. Providers are also required to submit information about their relationships with private equity funds and other investors. This legislation introduces new layers of scrutiny and risk, emphasizing the importance of compliance across both operational and financial activities. For private equity firms, the heightened reporting obligations and expanded False Claims Act (FCA) liability underscore the need for rigorous due diligence and strategic planning to navigate these regulatory changes effectively.
Several other states have put forward legislative proposals aimed at significantly broadening the scope of existing health care transaction review laws. For instance, Illinois lawmakers introduced Senate Bill 1998 in February 2025. If enacted, this bill would amend the Illinois Antitrust Act by introducing additional scrutiny for transactions involving financing from private equity firms or hedge funds, necessitating prior written approval from the Illinois AG. California also passed new regulations affecting private equity. AB 1415, passed by the Assembly and under Senate review, mandates a 90-day notice to the Office of Health Care Affordability before private equity groups and other entities engage in transactions with health care entities.
In Rhode Island, the AG announced a proposed rule that would require Rhode Island-based medical practice groups to notify the Rhode Island AG’s office of any merger, consolidation, or acquisition that would result in (1) ownership or control by a private equity investor; (2) a group of eight or more physicians, physician assistants, and/or nurse practitioners; or (3) the establishment of a management services organization or similar contracting entity responsible for administering a medical group’s contracts with health insurance carriers or third-party administrators. A public hearing for this regulation was held on July 8. Additionally, all parties are invited to submit written or oral comments concerning the proposed adoption until July 23.
Settlements and Judgments
Significant settlements were announced in the first half of the year.
The West Virginia AG reached a $17 million settlement with Pfizer and Ranbaxy of an antitrust and consumer protection lawsuit alleging “pay-for-delay” antitrust violations related to the cholesterol drug, Lipitor. Two years after private actions were filed against Pfizer and Ranbaxy, West Virginia’s AG asserted claims like those asserted in the private actions. The settlement of West Virginia AG’s suit was finalized after Pfizer announced a global $93 million settlement of the private actions. The AG’s suit and settlement highlight state AGs’ strategy of monitoring private litigation and filing their own actions in favorable forums.
The Connecticut AG announced a nearly $500,000 settlement with a dental provider and its owners. The settlement resolved allegations that the dentists violated state and federal FCA statutes by receiving reimbursements from the government for services provided to participants in the Connecticut Medical Assistance Program and received kickbacks from a third-party patient recruiting company. The settlement serves as a cautionary tale for businesses participating in government reimbursement programs, and a reminder that owners may incur individual liability for FCA violations.
The U.S. Department of Justice (DOJ) and 18 state AGs reached a $47 million settlement with QOL Medical, LLC and its CEO that resolved allegations that QOL provided unlawful kickbacks to health care providers for prescribing a drug called Sucraid. The regulators claimed QOL asked providers to administer tests to their patients to rule out a rare genetic disorder, Congenital Sucrase-Isomaltase Deficiency (CSID), and then marketed the drug to providers with patients that tested positive for CSID and generated sales of Sucraid. The DOJ and AGs asserted providers submitted false claims government health care programs for reimbursement on the Sucraid sales, and that those false claims were caused by QOL. This case is a reminder to companies that even companies that do not directly submit claims to the government face potential FCA liability. Companies marketing to health care providers must exercise caution, as creative marketing techniques may be viewed as unlawful conduct by regulators.
*Senior Government Relations Manager
