New York Attorney General Enforcement and Policy Update

Client Alert  |  April 10, 2026

This update highlights notable actions and enforcement trends relevant to businesses operating in New York or subject to multistate enforcement risk.

Executive Summary

Throughout 2025, the New York Attorney General’s Office (OAG) pursued an expansive enforcement agenda across consumer protection, financial services, labor and gig‑economy regulation, data privacy, healthcare, environmental matters, antitrust, and technology. OAG frequently acted in coordination with federal agencies and multistate coalitions and increasingly paired monetary relief with non-monetary remedies, including compliance monitors, industry bans, operational reforms, and marketing restrictions.

Several cross-cutting themes defined OAG’s activity in 2025:

  • heightened scrutiny of financial products, fees, and disclosures, particularly where consumers or small businesses were vulnerable;
  • aggressive enforcement against subscription, auto-renewal, and dark-pattern practices;
  • increased focus on data security failures, youth protection, and algorithmic design risks;
  • continued emphasis on worker protections, including gig-economy pay practices and restrictive contracts; and
  • growing willingness to pursue structural remedies and industry-wide reform, rather than solely monetary penalties.

This update highlights notable actions and enforcement trends relevant to businesses operating in New York or subject to multistate enforcement risk.

Consumer Protection

Financial Services and Fintech

OAG devoted significant attention to financial services, emphasizing misleading disclosures, hidden fees, and products that allegedly disproportionately harmed low-income consumers and small businesses.  Notable actions include:

OAG also filed litigation against a major bank for allegedly misleading savings-account customers through a two-tier interest-rate strategy, underscoring continued scrutiny of rate marketing and alleged omissions.

Moving forward, financial products that allegedly have hidden costs–especially for low‑income consumers and small businesses–will continue to face scrutiny.  Similarly, financial products or models with allegedly concealed or usurious pricing, and product-line strategies that keep legacy customers in inferior rate tiers while steering new customers to higher-yield offerings, may be subject to further investigations.  Given past relief, expect that OAG remediation will include restitution plus injunctive relief focused on enhanced disclosures, proactive QA/compliance testing, and monitoring programs.

Subscriptions and Auto-Renewal Practices

Subscription enforcement remained a priority, with OAG targeting alleged “hard-to-cancel” memberships and auto-renewal programs that allegedly failed to comply with New York law. Actions in 2025 emphasized the need for:

  • clear and conspicuous disclosures;
  • affirmative consent for renewals;
  • post-purchase acknowledgments; and
  • easy, cost-effective cancellation mechanisms.

The OAG also entered into settlements with fitness and gym operators, which required refunds, penalties, and policy changes.

Companies in the subscription space should expect stepped-up attention to affirmative consent, clear renewal terms, and cancellation parity (as easy to cancel online as it is to enroll).

Pricing and “Junk Fees”

OAG continued to pursue pricing transparency, particularly in the automotive sector.  Multiple car dealerships resolved investigations into alleged end-of-lease buyout overcharges, including the alleged use of “administrative” or “junk” fees and inflated invoices.  Collectively, these matters resulted in millions of dollars in restitution and mandated reforms to invoicing and documentation practices.

Digital, Technology, and Youth-Related Risks

Digital platforms should prepare for continued pressure on alleged unlawful sweepstakes, more stringent ad-quality controls for fraud categories, and heightened transparency around algorithmic pricing disclosures.  Youth safety will also likely be a centerpiece: enforcement and rulemaking around age-assurance standards and closer review of influencer marketing directed at or likely to reach minors may continue to face OAG scrutiny.

Digital Platforms and Online Practices

OAG addressed a range of digital risks, including:

  • cease-and-desist letters that effectively shut down 26 alleged online “sweepstakes casino” operations in New York;
  • multistate pressure on social media companies to strengthen review of alleged fraudulent investment / alleged “pump-and-dump” scheme advertisements; and
  • consumer alerts regarding algorithmic or “surveillance” pricing ahead of New York’s new disclosure requirements under the Algorithmic Pricing Disclosure Act, which took effect in November 2025.

Youth Protections

OAG, like other state Attorneys General, remains focused on protecting minors’ privacy and mental health.  Significant actions in 2025 included:

  • settlement with a social-networking app for high school students over alleged failures in age verification, privacy safeguards, and influencer disclosures, resulting in monetary and injunctive relief;
  • filing litigation against vape manufacturers and distributors for alleged youth‑targeted marketing and illegal sales;
  • continued litigation in New York state court against a social media platform over allegedly addictive design features that are alleged to have caused harm to youth users; and
  • advanced rulemaking under the SAFE for Kids Act, which would restrict algorithmic feeds and nighttime notifications for minors absent verifiable parental consent and impose rigorous age‑assurance standards.

These actions reflect OAG’s view that age verification, design choices, and advertising practices are core consumer‑protection issues when minors are involved.

Data Security

Data security in 2025 focused on alleged data breaches and cybersecurity failures that fell below industry standards, including lack of encryption, weak authentication, insufficient monitoring, and delayed breach notification.

Notable matters included:

  • settlements with technology/consumer productshealthcare, and professional services companies following cyber incidents that allegedly exposed sensitive personal information, resulting in millions of dollars in civil penalties, substantial injunctive relief, and mandatory credit monitor services for affected consumers;
  • large, coordinated settlements with multiple auto insurers over alleged data breaches; and
  • enforcement following a data breach of an educational technology company’s student data.

Across these cases, OAG consistently required targeted companies to provide comprehensive information-security programs, risk assessments, monitoring, encryption, and employee training—often subject to ongoing oversight.

Gig Economy Regulation & Worker Protections

OAG maintained an active focus on worker-related issues, particularly in the gig economy. Actions and resolutions in 2025 addressed:

  • resolution of alleged misrepresentations to household services workers regarding earnings potential;
  • a $16.75 million settlement with a food-delivery platform for alleged tipping practices; and
  • alleged systemic underpayment and off-the-clock work by a delivery company.

Beyond gig‑economy platforms, OAG pursued enforcement and obtained settlements relating to allegedly restrictive or exploitative employment contracts, unsafe staffing practices, deficiencies in sexual harassment and safety practices, and alleged unlawful impositions of fees on immigration visa applications. Several matters resulted in substantial restitution funds, injunctive relief, and mandated reforms to contracting and payroll practices.

Healthcare and Medicaid Enforcement

Healthcare enforcement remained robust, with emphasis on opioid lifecycle accountability, alleged Medicaid fraud, and wage parity.  This enforcement is likely to continue, with a blend of financial recovery with injunctive relief–including monitors, staffing and quality-metrics, and other forms of long-term oversight.

Key developments from 2025 included:

  • a multibillion-dollar opioid settlement following Supreme Court intervention, with New York slated to receive $250 million;
  • additional multistate opioid resolutions imposing marketing bans, dosage limits, and monitoring obligations, resulting in up to $38 million in payments to New York;
  • statewide enforcement actions against allegedly fraudulent medical transportation providers, already resulting in tens of millions in restitution and criminal charges against several individual participants;
  • settlements with nursing homes and home-care agencies involving alleged staffing failures, neglect, and wage parity violations; and
  • litigation brought by multiple state attorneys general seeking to protect Medicaid funding for reproductive healthcare providers, which has resulted in a preliminary injunction preventing the federal government from stripping providers of Medicaid funding.

These matters highlight OAG’s increasing reliance on structural remedies, compliance monitors, and long‑term oversight, particularly in healthcare settings.

Environmental and “Green Claims”

OAG continued to police and settle environmental compliance and advertising claims, particularly in light of a perceived federal gap in action. Actions included:

  • settlements over allegedly misleading “net zero” or environmentally friendly marketing;
  • enforcement to compel wetland restoration and environmental remediation following alleged illegal dumping;
  • multistate guidance supporting a wide range of environmental justice initiatives; and
  • a multistate, $150 million settlement over diesel emissions software, including consumer compensation and corrective measures.

Antitrust

Antitrust enforcement in 2025 spanned traditional cartels, labor-market restraints, and digital monopolization.  Notably, the OAG continued its focus on no-poach agreements and labor market competition, signaling sustained attention to employee mobility restrictions as an antitrust priority. OAG:

  • secured relief against companies that allegedly eliminated competition through acquisitions and no-poach agreements;
  • resolved purported anticompetitive conduct in New York City’s tour-bus market;
  • opposed a proposed settlement entered between the DOJ and two major technology companies as allegedly violating public interest under the Tunney Act;
  • continued to pursue remedies in digital advertising monopolization litigation alongside DOJ, where anticompetitive behavior allegedly reduced quality and increased prices; and
  • suffered a notable appellate defeat against a national pharmacy chain where a single‑brand market definition proved insufficient.

These matters underscore OAG’s sustained focus on labor competition, platform dominance, and exclusionary conduct, while also illustrating the litigation risks associated with narrow market theories.

Opposition to the Federal Government

In 2025, OAG led or joined multistate coalitions advocating policy agendas often opposed to the federal government, in addition to litigation challenging the Trump administration’s policies across several key areas.  For example, OAG was active in the consumer protection space, including co-filing a federal lawsuit seeking to prevent the administration from defunding the CFPB, and urging Congress to reject a resolution—ultimately signed into law in May 2025—overturning CFPB rules limiting bank overdraft fees.  On DEI initiatives, the coalition issued guidance to educational institutions navigating federal enforcement changes and filed an amicus brief in the Fourth Circuit supporting a preliminary injunction against executive orders targeting diversity, equity, inclusion, and accessibility programs, arguing the orders are impermissibly vague and risk chilling lawful activities. The OAG was also active on trade and environmental policy, supporting litigation opposing federal tariffs and executive action limiting funding to electric vehicles.

Legislative Developments: FAIR Business Practices Act

In 2025, New York enacted the FAIR Business Practices Act, modernizing GBL § 349 for the first time in decades. The law expands prohibited conduct beyond deception to include “unfair” and “abusive” practices, modeled in part on federal consumer-protection standards. It authorizes enhanced civil penalties and private rights of action, while preserving existing “consumer‑oriented” jurisprudence.

The Act’s practical contours will develop through enforcement and litigation over the coming years, but it materially expands OAG’s toolkit and increases exposure for businesses operating in New York.  There are several key provisions:

  • The law incorporates existing case law concerning the “consumer-oriented standard.”
  • Modeled on federal consumer law, the law expands the scope of prohibited conduct from “deceptive” practices to “unfair” or “abusive” business practices.
  • As defined, an act or practice is “unfair” “when it causes or is likely to cause a person substantial injury which is not reasonably avoidable by such person, and is not outweighed by countervailing benefits to consumers or to competition.”
  • As defined, an act or practice is “abusive” “when (i) it materially interferes with the ability of a person to understand a term or condition of a product or service; or (ii) it takes unreasonable advantage of: (A) a lack of understanding on the part of a person of the material risks, costs, or conditions of a product or service; (B) the inability of a person to protect their interests in selecting or using a product or service; or (C) the reasonable reliance by a person on a person covered by this section to act in the relying person’s interests.”
  • The law removes the current requirement under New York law that consumers show fraud or misconduct with broad public impact prior to recovery.
  • The law grants the OAG with the authority to seek civil penalties up to $5,000 per violation and up to $10,000 per violation if the consumer is a senior citizen.
  • The law also grants consumers a private right of action to seek restitution for their losses.

Gibson Dunn’s State AG Task Force assists clients in matters involving the New York Attorney General’s Office, responding to subpoenas and civil investigative demands, interfacing with state or local grand juries, representing clients in civil and criminal proceedings, and taking cases to trial.

We will continue to monitor developments and actions by the OAG and keep you informed of future developments.

The following Gibson Dunn lawyers prepared this update: Natalie J. Hausknecht, Poonam G. Kumar, James L. Zelenay Jr., Zoey G. Clark, Andrew M. Kasabian, Kate M. Googins, Michael DJ Landell, Caelin Moriarity Miltko, Kiernan Panish, Zachary Montgomery, and Lucy Musson.

Gibson Dunn lawyers are closely monitoring developments and are available to discuss these issues as applied to your particular business. If you have questions, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of Gibson Dunn’s State Attorneys General (AG) Task Force, who are here to assist with any AG matters:

Artificial Intelligence:
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Antitrust & Competition:
Eric J. Stock – New York (+1 212.351.2301, estock@gibsondunn.com)

Climate Change & Environmental:
Rachel Levick – Washington, D.C. (+1 202.887.3574, rlevick@gibsondunn.com)

Consumer Litigation & Products Liability:
Christopher Chorba – Los Angeles (+1 213.229.7396, cchorba@gibsondunn.com)

Consumer Protection:
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)

DEI & ESG:
Stuart F. Delery  – Washington, D.C. (+1 202.955.8515,sdelery@gibsondunn.com)
Mylan L. Denerstein – New York (+1 212.351.3850, mdenerstein@gibsondunn.com)

False Claims Act & Government Fraud:
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Jonathan M. Phillips – Washington, D.C. (+1 202.887.3546, jphillips@gibsondunn.com)
Jake M. Shields – Washington, D.C. (+1 202.955.8201, jmshields@gibsondunn.com)
James L. Zelenay Jr. – Los Angeles (+1 213.229.7449, jzelenay@gibsondunn.com)

Labor & Employment:
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Privacy & Cybersecurity:
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)

Securities Enforcement:
Osman Nawaz – New York (+1 212.351.3940, onawaz@gibsondunn.com)
Tina Samanta – New York (+1 212.351.2469, tsamanta@gibsondunn.com)
David Woodcock – Dallas (+1 214.698.3211, dwoodcock@gibsondunn.com)
Lauren Cook Jackson – Washington, D.C. (+1 202.955.8293, ljackson@gibsondunn.com)

Tech & Innovation:
Ashlie Beringer – Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)

White Collar & Litigation:
Collin Cox – Houston (+1 346.718.6604,ccox@gibsondunn.com)
Trey Cox – Dallas (+1 214.698.3256,tcox@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214.698.3233,aho@gibsondunn.com)
Poonam G. Kumar – Los Angeles (+1 213.229.7554, pkumar@gibsondunn.com)
Prerak Shah – Houston (+1 346.718.6677, pshah@gibsondunn.com)

© 2026 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.