1 December 2025

The State AG Dispatch

Welcome to The State AG Dispatch, DLA Piper’s State Attorneys General (AG) quarterly update. Our aim is to highlight regulatory trends and enforcement actions from state AGs across the United States.

Focusing on the most significant developments, we provide key updates in:

Antitrust and competition
Artificial intelligence (AI)
Data privacy and cybersecurity
Consumer protection and product liability
Environment and energy

For more information or a tailored briefing on any of these topics, please contact the authors.

Antitrust and competition

Big tech and ticketing under fire. State AGs, often in coalition with the Department of Justice (DOJ), continue to target major technology and entertainment companies for alleged anticompetitive conduct. On September 19, Illinois AG Kwame Raoul, in partnership with the Federal Trade Commission (FTC) and a bipartisan group of state AGs, filed a lawsuit against Live Nation Entertainment Inc. and its subsidiary, Ticketmaster LLC, alleging unlawful coordination with ticket brokers that increases prices in resale markets. Previously, on July 17, a Texas federal judge delayed the upcoming jury trial in antitrust litigation brought by a Texas-led coalition of state AGs against Google’s advertising technology business, pending the outcome of a related DOJ case in Virginia.

These actions may suggest that state AGs are not only following, but actively shaping the national antitrust agenda, particularly in sectors where federal enforcement may be limited. For more information on these developments, read DLA Piper’s Inside Competition newsletter.

More assertive, creative, and coordinated enforcement may be expected. Companies are encouraged to review competitive practices, merger strategies, and public disclosures for compliance with both federal and state antitrust laws. The risk of parallel investigations and litigation is rising, increasing the complexity and potential cost of resolving antitrust disputes.

Key takeaways:

Continued and expanding state AG scrutiny of both traditional and emerging antitrust issues may be expected
Multi-state investigations may lead to large settlements and complex compliance obligations
Businesses may wish to review practices, disclosures, and competitive conduct for antitrust risk, especially if operating in multiple jurisdictions

ESG and climate disclosure initiatives face antitrust scrutiny. On July 28, Florida AG James Uthmeier announced subpoenas to investigate whether the CDP (formerly the Climate Disclosure Project) and the Science Based Targets Initiative (SBTi) violated state antitrust or consumer protection laws. Referring to CDP and SBTi as a “climate cartel,” AG Uthmeier stated that the investigation aims to determine whether the organizations “violated state consumer protection or antitrust laws by coercing companies into disclosing proprietary data and paying for access under the guise of environmental transparency.” The investigation focuses on whether these greenhouse gas emission reduction groups, through their climate-related disclosures and environmental, social, and governance (ESG) practices, have coerced companies into disclosing proprietary information.

The DOJ has also recently warned that ESG collaborations and industry standards may face increased antitrust scrutiny under its “product-fixing” doctrine. In June 2025, Deputy Assistant AG Dina Kallay warned that such non-price restraints – including those arising from ESG initiatives or industry standards – are now a key enforcement focus.

These trends indicate that ESG and climate-related initiatives are no longer immune from antitrust scrutiny. Companies with sustainability programs or climate disclosures should be aware that these efforts may be challenged as anticompetitive or misleading, especially if they involve industry-wide coordination or information sharing.

Key takeaways:

ESG and climate-related disclosures may become key antitrust issues
Consider reviewing sustainability and climate initiatives for antitrust and consumer protection risk
Review industry standards and joint initiatives for potential “product-fixing” risk

State AG influences in healthcare and pharmaceuticals. State AGs remain active in generic drug price-fixing litigation. California and other state AGs moved to intervene in a USD275 million settlement resolving generic-drug price-fixing claims against Sandoz. However, on July 18, a special master in the Eastern District of Pennsylvania recommended denying California and other AGs’ bid to intervene in the settlement, calling the states' intervention bid an attempt to gain a "strategic advantage" via the right to appeal.

Despite this, state AGs are increasingly using their authority to influence the outcome of major settlements and shape the competitive landscape in regulated industries. This means that, even after reaching a federal settlement, state-level intervention could add new requirements or delay resolution. Companies in highly regulated sectors are encouraged to monitor state AG positions on competition policy, as these can affect deal certainty, compliance obligations, and access to financial services.

Key takeaways:

Monitor state AG interventions in mergers, settlements, and industry-specific competition issues
Regulatory delays and additional scrutiny in high-impact sectors may surface

Cannabis banking reform advocacy. Amid ongoing uncertainty in the cannabis industry’s access to financial services, state AGs are increasing advocacy for federal reform. On July 24, a bipartisan coalition of 32 state AGs urged Congress to pass the Secure And Fair Enforcement Regulation Banking Act (SAFER Banking Act), which would provide legal clarity for financial institutions serving state-regulated cannabis businesses and address a persistent competitive disadvantage for the industry.

This advocacy signals a potential shift toward greater access to banking services and highlights the ongoing patchwork of state and federal rules. Nimble compliance programs are key to adapting to rapid changes in both state and federal policy.

Key takeaways:

Cannabis businesses are encouraged to track both state and federal developments on banking access
Proactive engagement with state AGs and compliance planning may mitigate enforcement risk

AI

California enacts landmark AI safety law over big tech objections. As AI technologies rapidly evolve, state lawmakers are establishing new guardrails and transparency requirements for the industry’s biggest players. On September 30, California Governor Gavin Newsom signed SB 53, the nation’s first law requiring major AI companies to publicly disclose their safety and security protocols. The law, authored by Senator Scott Wiener, was passed after extensive debate and lobbying from major technology companies. It requires certain AI developers to make public their safety plans and report major safety incidents, and it includes whistleblower protections for AI workers. The law also lays the groundwork for a state-run cloud computing cluster, CalCompute. Additionally, on October 13, Governor Newsom signed AB 56: social media: warning labels, establishing warning-label requirements for social media platforms.

This law positions California as a national – and potentially global – leader in AI regulation, setting a precedent for transparency and accountability in AI development. AI companies operating in California will face new public disclosure requirements and should be prepared to report safety incidents and comply with whistleblower protections. Congress and other states are watching the law as a model, which could influence future federal and state AI regulation.

Companies may expect increased scrutiny of their AI safety practices and should be prepared for evolving compliance obligations. Read more information about SB 53 here.

Key takeaways:

AI developers are encouraged to prepare to publicly disclose safety and security protocols and report major incidents
Companies should consider reviewing and updating internal safety plans, incident response procedures, and whistleblower policies
SB 53 may set a precedent for other state and federal regulations
Engagement with legal and technical teams to ensure readiness for new transparency and reporting requirements may be key

Combatting AI scams and deepfakes. As AI becomes more integrated into daily life, state AGs are intensifying efforts to protect consumers from emerging digital threats, such as AI-driven scams and deepfakes.

On August 25, Pennsylvania AG Dave Sunday announced that his office has joined a bipartisan coalition of 44 AGs calling on big tech companies to provide stronger protections for children using their platforms and being exposed to AI chatbots. The coalition emphasized the harm caused by such content and underscored the growing intersection of AI, privacy, and consumer protection.

Since then, bipartisan multi-state coalitions have issued multiple public letters to major technology platforms and AI providers pressing for age assurance, limits on data use for minors, stronger default content filters, and clearer disclosures when users are interacting with AI – signaling an active and coordinated enforcement posture.

In parallel with AG activity, states are actively revisiting youth protections around AI features. For example, on October 13, California Governor Newsom vetoed legislation that would have restricted minors’ access to AI chatbots, reflecting rapid policy movement and ongoing debate over regulatory approaches.

AI-driven fraud and misuse are top enforcement priorities for regulators. Companies offering AI tools or platforms should consider robust safeguards against misuse, and they are encouraged to remain vigilant about the reputational and legal risks posed by deepfakes and AI-generated content.

Key takeaways:

Consider steps to prepare for rapid regulatory changes and potential enforcement actions related to AI-driven scams and deepfakes
Consider safeguards and monitoring for AI-generated content and user activity

Data privacy and cybersecurity

California CPPA issues record enforcement against Tractor Supply Company. With data privacy enforcement reaching new heights, state regulators are taking action against companies that fail to safeguard consumer information or comply with evolving privacy laws. On September 26, the California Privacy Protection Agency (CPPA) issued its largest enforcement action to date, requiring Tractor Supply Company – the largest rural lifestyle retailer in the US – to pay USD1.35 million and overhaul its business practices to resolve multiple violations of the CCPA.

This is the first CPPA decision to address CCPA privacy notices and the privacy rights of job applicants. It also highlights critical compliance failures related to consumer opt-out rights, third-party data sharing, failure to honor browser preference signals, and inadequate privacy disclosures.

CPPA continues to focus on ensuring businesses properly implement consumer privacy choices and maintain transparent data practices. Companies may wish to review and update opt-out mechanisms, honor browser-based preference signals, audit third-party contracts, and ensure privacy notices are comprehensive and timely. The case also demonstrates that privacy compliance failures may result in significant financial penalties and reputational risk, even for large, established retailers.

This enforcement action follows California AG Rob Bonta’s announcement in early 2025 of a record USD1.55 million settlement with Healthline Media for alleged CCPA violations, including improper sharing of health-related data. Read more about the updated CPPA regulations that will go into effect on January 1, 2026 here.

Key takeaways:

Consider regular scanning of digital properties to maintain a current inventory of tracking technologies
Review and test opt-out mechanisms to ensure effectiveness
Ensure browser-based opt-out preference signals (e.g., Global Privacy Control) are honored
Ensure California employees and job applicants are notified of their privacy rights
Ensure all required contractual terms are in place with external recipients (e.g., service providers or third parties) of personal information
Consider annual updates to privacy policies and include all required disclosures, including for job applicants
Ensure all personnel handling CCPA requests receive adequate training

Cybersecurity and data breach notification requirements. State AGs continue to enforce cybersecurity and breach notification requirements for businesses of all sizes. On August 19, Massachusetts AG Andrea Campbell announced a USD795,000 settlement with a property management company for failing to adequately protect the personal information of thousands of Massachusetts residents and for unlawfully delaying required data breach notifications to the AG’s office and affected customers.

Key takeaways:

Evaluate the organization’s cybersecurity posture and protocols and confirm they align with applicable state requirements, such as the Massachusetts requirement to maintain a Written Information Security Program (WISP)
Ensure timely and accurate information is provided to individuals affected by a data breach, in line with applicable state requirements

Consumer protection and product liability

California AG issues consumer alert on ARL. On September 4, California AG Rob Bonta issued a consumer alert highlighting major amendments to the state’s Automatic Renewal Law (ARL), which took effect July 1. The new rules require clearer disclosures, enhanced consent (including possible dual consents for auto-renewal terms), advance and annual renewal notices, and a frictionless cancellation process. AG Bonta’s alert also warns against “dark patterns” and deceptive enrollment flows. Recent enforcement actions have resulted in multimillion-dollar settlements with companies like HelloFresh for ARL violations.

The ARL’s expansion and AG Bonta’s alert may signal a significant increase in compliance expectations for businesses offering subscriptions or auto-renewing services in California. Companies may wish to review subscription flows, consent mechanisms, and cancellation processes to ensure compliance, particularly as regulators focus on “mission creep” and broadening the scope of what constitutes a violation.

Key takeaways:

Sweeping ARL amendments demand clearer disclosures, enhanced consent, advance and annual notices, and frictionless cancellation for auto-renewing services
AG Bonta’s focus on “dark patterns” and enforcement may warrant careful review of subscription and cancellation flows
Non-compliance may result in significant penalties and restitution

Opioid litigation and settlement implementation. In July, Illinois AG Kwame Raoul announced national settlements worth approximately USD720 million with eight pharmaceutical manufacturers whose opioids allegedly contributed to the opioid crisis. States are now focused on distributing funds and monitoring compliance, with increased scrutiny of healthcare providers, distributors, and manufacturers.

The finality of these opioid settlements marks a turning point in healthcare litigation, but the compliance burden for healthcare entities is increasing.

Key takeaways:

Healthcare providers, distributors, and manufacturers may experience increased state oversight and reporting requirements
Organizations are encouraged to participate in abatement programs and ensure robust compliance with new state-level opioid regulations

Meta’s MDL discovery blocked. The US Court of Appeals for the Ninth Circuit blocked Meta’s attempt to compel California AG Rob Bonta and other state agencies to respond to discovery demands in multi-district litigation over social media’s alleged harms to children. In its August 22 opinion, the court ruled that the AG’s office does not possess or control the records of third-party state agencies, setting a precedent for the limits of discovery against state entities in nationwide litigation.

This ruling is relevant for companies facing multi-jurisdictional litigation, as it clarifies the boundaries of party discovery when state agencies are involved. It may limit the ability of litigants to obtain broad discoveries from state governments, but it also signals that AGs may defend their autonomy in high-profile cases.

Key takeaways:

Companies are encouraged to monitor litigation developments that may affect discovery obligations and privacy enforcement
Limits on discovery from state agencies in nationwide litigation may be expected

Environment and energy

Climate litigation and emissions standards. State AGs are taking legal actions to defend state authority and advance climate initiatives. On June 12, California, joined by ten other states, sued the Trump Administration over the revocation of California’s authority to set stricter vehicle emissions standards. The Environmental Protection Agency (EPA) joined truck manufacturers in seeking to block California’s heavy-duty truck emissions rules, highlighting ongoing federal-state tensions over environmental regulation.

Environmental enforcement remains a top priority for state AGs, with a focus on both legacy pollution and emerging climate issues. Compliance with state environmental standards is key, even as federal policies shift. Companies in manufacturing, energy, and transportation may expect ongoing litigation and regulatory changes affecting emissions, chemical use, and environmental disclosures.

Key takeaways:

Monitor state and federal litigation affecting environmental standards and emissions
Review compliance programs for per- and polyfluoroalkyl substances (PFAS) and other hazardous substances

PFAS and environmental settlements. State AGs are securing settlements to address PFAS contamination. On June 25, Michigan AG Dana Nessel secured a settlement with Domtar Industries LLC and E.B. Eddy Paper, Inc. (together, Domtar) to address releases of PFAS at the Techni-Comp Environmental composting site near Port Huron, Michigan. Additionally, on August 4, New Jersey AG Matthew J. Plaktin announced an environmental settlement valued at USD2 billion with DuPont for “forever chemical” cleanup, the largest environmental settlement by a single state.

These settlements highlight the financial and reputational risks of environmental enforcement actions. Companies are encouraged to proactively assess environmental risks and engage with regulators to resolve legacy issues.

Key takeaways:

Ongoing regulatory changes and enforcement in the climate and energy sectors are expected
Proactive engagement with state regulators on environmental compliance and disclosures may be key

State AG activity table (June–August 2025)

Topic category	CA	NY	TX	FL	IL	MA	AZ	CO	CT	MN	NC	OR	SC	VA	Others*
Antitrust	XXX	XX	XX	X	X	X	X	X	X	X	X	X	X	X	X
Competition policy	XX	XX	X	X	X	X	X	X	X	X	X	X	X	X	X
AI	XX	X	X				X	X			X	X
Federal issues	XXX	XX	XX	X	X	X	X	X	X	X	X	X	X	X	X
Consumer protection and product liability	XXXX	XXX	XX	XX	XX	XX	XX	XX	XX	XX	XX	XX	XX	XX	XX
Environment and energy	XXX	X	X	X	X	X	X	XX	X	X	X	XX	X	X	X