Tech Regulation (AI/Privacy/Antitrust)

The United States has no single comprehensive federal technology regulation law — unlike the EU's General Data Protection Regulation (GDPR) or AI Act. Instead, tech regulation in the U.S. operates through a patchwork: the FTC's Section 5 authority (15 U.S.C. § 45) over unfair and deceptive practices; DOJ and FTC antitrust enforcement under the Sherman and Clayton Acts against Big Tech platforms (Google, Apple, Meta, Amazon have all faced major cases); sector-specific privacy laws (HIPAA for health data, COPPA for children, GLBA for financial data); and increasingly, state privacy laws (California's CPRA, Virginia's VCDPA, and 15+ others as of 2026). Section 230 (47 U.S.C. § 230) remains the liability shield that allows platforms to host third-party content without publisher liability — the most-debated 26 words in tech law. On AI specifically: the Biden administration's Executive Order on AI (October 2023) was revoked by President Trump on day one of his second term (January 2025), returning AI governance to agency-level guidance rather than centralized White House direction. The FTC continues to investigate AI-related deception and competition harms. Congress has introduced dozens of AI bills but passed none as of early 2026. The EU AI Act, now fully effective, imposes compliance obligations on U.S. companies that offer AI services in Europe.

Current Law (2026)

Technology regulation spans AI governance, data privacy, antitrust enforcement, and content moderation across federal and state jurisdictions.

Area	Status
Federal privacy law	No comprehensive federal law (sector-specific: HIPAA, COPPA, GLBA)
State privacy laws	CA (CCPA/CPRA), CO, CT, VA, UT, TX, MT, OR, and others
AI regulation	Executive orders + agency guidance; no comprehensive federal legislation
Antitrust	DOJ/FTC enforcement actions against major tech companies
Section 230	Protects platforms from liability for user content (under political pressure)

Legal Authority

15 U.S.C. § 1 — Sherman Antitrust Act: agreements in restraint of trade are illegal; basis for DOJ antitrust cases against Google, Apple, and other tech companies; violations are felonies (up to $100M for corporations, $1M and 10 years for individuals)
15 U.S.C. § 2 — Monopolization: monopolizing or attempting to monopolize trade is a felony; same penalties as § 1
15 U.S.C. § 12-15 — Clayton Act: prohibits mergers that substantially lessen competition; basis for blocking tech acquisitions
15 U.S.C. § 41-46 — FTC Act: establishes Federal Trade Commission; § 45 prohibits unfair methods of competition and unfair/deceptive practices; § 46 grants investigative powers over business practices affecting commerce
15 U.S.C. § 57a — FTC rulemaking: authority to define unfair or deceptive practices through formal rulemaking proceedings
15 U.S.C. § 6801-6809 — Gramm-Leach-Bliley Act (financial privacy): requires financial institutions to protect customer nonpublic personal information (§ 6801), give opt-out rights before sharing with third parties (§ 6802), provide annual privacy notices (§ 6803)
15 U.S.C. § 7001-7004 — E-SIGN Act: electronic records and signatures have same legal validity as paper; establishes framework for digital commerce

How It Works

Tech regulation in 2026 is best understood as three separate fights happening simultaneously — antitrust, privacy, and AI governance — each with different legal foundations, different enforcers, and different timelines.

Antitrust is the most mature of the three. The Sherman Act (15 U.S.C. § 1-2) — passed in 1890 — remains the primary weapon, and its application to tech markets has accelerated dramatically since 2020. Under § 2, it's illegal to monopolize or attempt to monopolize any part of commerce — and courts have found that digital markets, including search advertising (Google) and app distribution (Apple), qualify. The Clayton Act (15 U.S.C. § 12-15) gives the DOJ and FTC authority to block mergers that "substantially lessen competition." Big Tech's acquisition strategy of the 2010s — buying nascent competitors before they could scale — is now the subject of retrospective scrutiny. The FTC's case against Meta (Instagram/WhatsApp acquisitions) and the DOJ's case finding Google an illegal search monopoly (August 2024 ruling) are the landmark actions defining what the law requires in digital markets. Remedies could include mandatory divestiture, interoperability requirements, or structural separation.

Privacy regulation is a patchwork with no federal center. Congress has not passed a comprehensive federal privacy law despite multiple attempts. What exists instead is sector-specific: the Gramm-Leach-Bliley Act (15 U.S.C. § 6801-6809) covers financial institutions' handling of nonpublic personal information — requiring annual privacy notices and opt-out rights before sharing data with third parties. HIPAA covers healthcare. COPPA covers children under 13. For everything else — social media, e-commerce, data brokers — the primary law is state law. California's CPRA (which replaced the original CCPA) is the most comprehensive: it gives consumers rights to know, delete, correct, and opt out of the sale or sharing of personal data, and created an independent California Privacy Protection Agency to enforce it. About 15 other states have passed comprehensive privacy laws modeled loosely on California's framework, creating a compliance patchwork for any company operating nationally. The E-SIGN Act (15 U.S.C. § 7001-7004) provides the foundational legal framework for digital contracts and records — relevant every time a user clicks "I agree."

AI governance is the newest and least settled. There is no comprehensive federal AI law as of 2026. What exists is a combination of executive orders and agency guidance. The December 2025 Executive Order on national AI policy established a framework prioritizing U.S. leadership and deregulation of AI development. Separately, existing statutes — the Fair Housing Act, Equal Credit Opportunity Act, Title VII, and the FTC Act — already apply to AI systems that produce discriminatory outcomes. The FTC has taken enforcement actions against companies using algorithmic systems that violated § 45's "unfair or deceptive practices" standard. The CFPB has issued guidance applying fair lending laws to AI-driven credit decisions. The practical effect: companies can't use "it was the algorithm" as a defense when an AI system produces discriminatory outcomes that would be illegal if done manually. AI regulation at the state level is moving faster — Colorado's SB 205 (2024) was the first U.S. law requiring developers and deployers of high-risk AI systems to take reasonable care to protect consumers.

Section 230 (47 U.S.C. § 230, referenced in related pages) — the rule immunizing platforms from liability for user content — remains the most politically contested piece of internet law. It's technically telecom law, but it shapes the entire tech regulatory landscape. Neither a straight repeal nor comprehensive reform has passed Congress, leaving platforms with near-complete immunity for content hosting decisions.

How It Affects You

If you apply for a job, loan, or apartment: AI systems increasingly make or filter recommendations in all three contexts. Under existing fair lending and employment law, discriminatory AI outcomes are illegal even if no human consciously made the decision. If you're denied and the process felt automated, you have the right to an adverse action notice (for credit) or can file a complaint with the CFPB, DOL, or relevant state agency. The legal framework exists; enforcement is catching up.

If you're a California resident (or live in a state with a privacy law): You have the right to know what personal data a company holds about you, request deletion, and opt out of the sale of your data to third parties. Exercising these rights requires submitting a verifiable consumer request to the company — most major tech platforms have a dedicated privacy portal. The California Privacy Protection Agency investigates violations and can impose fines up to $7,500 per intentional violation.

If your company uses any AI in HR decisions: Title VII and state employment laws apply. If an AI hiring screen produces a disparate impact on a protected class — even unintentionally — that's a potential violation. The EEOC released guidance in 2023 clarifying that employers are liable for discriminatory algorithmic systems even if those systems were built by a third party.

If you're a small business using cloud platforms or marketplace services: Antitrust enforcement against major tech platforms could affect pricing, terms, and availability of the services you depend on — from app store fees to search ad costs to cloud pricing. App store reform is the most direct: if DOJ or FTC remedies require Apple and Google to allow third-party app stores or lower distribution fees (currently 15-30%), that reduces costs for small app developers.

State Variations

Significant variation — CA's CCPA/CPRA is the most comprehensive. ~15 states have enacted comprehensive privacy laws. No federal preemption.

Implementing Regulations

Technology regulation spans multiple agencies. Key implementing regulations include 47 CFR (FCC — telecommunications, spectrum, broadband), 16 CFR (FTC — consumer protection, privacy, unfair practices), and 15 CFR (Commerce — export controls, NIST standards).

Pending Legislation

S 3680 — Eliminating Bias in Algorithmic Systems Act of 2026: requires federal agencies to create civil-rights offices and reports to detect and mitigate bias in AI/ML systems affecting program access and economic opportunities. Status: Introduced.
HR 7110 — Eliminating Bias in Algorithmic Systems Act (House companion): mandates accountability for federal algorithm use with civil-rights experts and interagency bias review group. Status: Introduced.
S 3193 — Algorithm Accountability Act: makes social platforms legally responsible for harms from recommendation algorithms, allows lawsuits for injury/death, sets design and testing duties. Status: Introduced.
HR 6266 — Algorithm Accountability Act (House companion): imposes duty of care on recommendation algorithms, allows victims to sue, removes arbitration. Status: Introduced.
S 3494 — Auto Data Privacy and Autonomy Act: gives vehicle owners control of car data, bans manufacturer sales without consent, requires free real-time access and open API. Status: Introduced.
S 3495 — Artificial Intelligence Scam Prevention Act: bans AI impersonation, requires upfront AI disclosures in calls/texts, expands senior protections. Status: Introduced.
HR 7151 — AI Public Awareness and Education Campaign Act: Commerce-led national campaign to explain AI use, teach detection of AI-generated media, with targeted outreach to seniors/small businesses. Status: Introduced.
S 3410 — Federal AI talent teams: creates framework to recruit and hire technology/AI talent for federal agencies. Status: Introduced.
HR 6290 — Safe Social Media Act: directs FTC and HHS to study social media's effects on children under 17 with 3-year report to Congress. Status: In Committee.
HR 7433 / HR 7399 — Would prohibit social media access for users under age 13 and restrict algorithmic targeting of minors. Status: Introduced.

Recent Developments

Trump AI executive orders: deregulate and compete with China (2025-2026): The Trump administration issued a series of AI-focused executive orders reversing Biden's cautious AI governance approach. The January 2025 revocation of Biden's AI safety EO (13960) removed requirements for pre-deployment safety testing and agency AI governance protocols. Subsequent orders directed federal agencies to procure American AI aggressively, promote export of the "U.S. AI Technology Stack," and prohibit agencies from using AI systems with perceived ideological bias ("Woke AI"). A December 2025 national AI policy framework emphasized U.S. competitiveness against China, deregulation of AI development, and streamlined federal AI adoption. The practical effect is a lighter-touch federal approach to AI safety — with AI governance left primarily to the market and industry self-regulation.
Cybersecurity national emergency continued; anti-fraud EO issued (2025-2026): Trump continued the national cybersecurity emergency declaration (targeting malicious cyber activities from state and non-state actors) and signed a March 2026 executive order targeting cybercrime, fraud, and financial predatory schemes — creating an interagency task force coordinating DOJ, FTC, CISA, and Secret Service enforcement against cyber-enabled fraud. The cybersecurity EO also sustained certain Biden-era zero-trust architecture requirements for federal agencies, one of the few cybersecurity policy areas where Trump continued Biden's approach.
Google monopoly remedy in progress; Big Tech antitrust advancing: Following the August 2024 ruling in United States v. Google that Google holds an illegal monopoly in search, the DOJ remedy phase is pending — proposals under consideration include requiring Google to divest Chrome or Android, share search index data with competitors, or implement behavioral restrictions. The Trump DOJ has signaled it will pursue the remedy aggressively. Meta is facing antitrust trial on its Instagram/WhatsApp acquisitions; Apple faces DOJ lawsuit over the iPhone ecosystem. The Big Tech antitrust era — bipartisan in origin — continues under both parties' enforcement priorities.