SiteProof AI Blog
FTC AI Disclosure Requirements: What Your Website Must Do
The Federal Trade Commission requires websites to clearly disclose AI use when it could affect consumer decisions or mislead users. Under Section 5 of the FTC Act — which prohibits unfair or deceptive acts or practices — the FTC has taken enforcement action against companies for deceptive AI chatbots, undisclosed AI-generated content, and false claims about AI capabilities. No dedicated federal AI law is required: existing consumer protection authority is sufficient.
The FTC's Legal Authority Over AI
The FTC's authority to regulate AI on websites comes from two main sources:
Section 5 of the FTC Act (15 U.S.C. § 45)
Prohibits 'unfair or deceptive acts or practices in or affecting commerce.' The FTC has consistently held that this applies to AI systems that deceive consumers — including chatbots that present themselves as human, AI-generated reviews presented as authentic, and misleading claims about AI capabilities.
FTC Endorsement Guides (16 CFR Part 255)
Updated in 2023 to explicitly address AI-generated endorsements. The guides require clear disclosure when AI generates testimonials, reviews, or endorsements that are presented as coming from real consumers.
FTC AI Policy Statement (2024)
The FTC issued a policy statement explicitly confirming that existing FTC Act authority applies to AI. The statement identified AI impersonation, deceptive AI claims, and undisclosed AI use as priority enforcement areas.
The FTC does not need Congress to pass an AI-specific law to act. It can — and does — bring enforcement actions under existing law when AI use is deceptive or harmful to consumers.
What Requires Disclosure Under FTC Rules
The FTC applies a materiality standard: disclosure is required when the use of AI would be material to a consumer's decision — meaning a reasonable consumer would want to know. The following scenarios consistently require disclosure:
| AI Use Case | Disclosure Required? | FTC Basis |
|---|---|---|
| Chatbot presenting itself as a human agent | Yes — always | Section 5 deception |
| AI-generated customer reviews or testimonials | Yes — always | Endorsement Guides 16 CFR 255 |
| AI-generated product descriptions in advertising | Yes — if material | Section 5 deception |
| AI-powered recommendations | Yes — if personalized without disclosure | Section 5 unfairness |
| AI used internally for backend processing only | No — not consumer-facing | Not in scope |
| AI writing tools used by staff to draft content | Depends — disclosure recommended if content claims human authorship | Section 5 deception risk |
The FTC's standard is technology-neutral — it doesn't matter whether you call it AI, machine learning, automation, or a bot. What matters is whether the consumer is misled about who or what they are interacting with.
FTC AI Enforcement Cases
The FTC has brought enforcement actions against companies for AI-related deception under existing authority:
| Company | Violation | Outcome | Year |
|---|---|---|---|
| DoNotPay | Claimed its AI was 'the world's first robot lawyer' capable of performing legal services it could not actually perform | $193,000 civil penalty + cease and desist order | 2025 |
| Rite Aid | Used AI facial recognition to flag shoppers as theft suspects without disclosure, resulting in false accusations against customers | Banned from using AI facial recognition for 5 years | 2023 |
| Amazon (Alexa/Ring) | Retained children's voice recordings and geolocation data without consent; Ring employees accessed customer videos | $25 million + $5.8 million in settlements | 2023 |
| Forbrukertilsynet (Norwegian CA) + FTC coordination | Grindr shared sensitive user data including HIV status with advertising partners including AI data brokers | $7 million fine (Norwegian authority); FTC coordination | 2021 |
The DoNotPay case is the most directly relevant for websites with AI features. The FTC's theory was straightforward: the company made claims about what its AI could do that were not true, and consumers relied on those claims. The same theory applies to any website that misrepresents what its AI does — or fails to disclose that AI is involved at all.
FTC Rules vs. EU AI Act — Key Differences
If your website serves both US and EU users, you face obligations under both frameworks. They overlap significantly but differ in structure:
| Factor | FTC (US) | EU AI Act |
|---|---|---|
| Legal basis | Section 5 FTC Act — existing consumer protection law | Regulation (EU) 2024/1689 — dedicated AI regulation |
| Enforcement mechanism | Case-by-case investigation and consent orders | National supervisory authorities + EU AI Office |
| Maximum penalty | Varies — civil penalties up to $51,744 per violation per day | Up to €15M or 3% global turnover for transparency violations |
| Chatbot disclosure | Required — deception standard | Required — Article 50(1) explicit obligation |
| AI content labeling | Required when material to consumers | Required — Article 50(4) for synthetic content |
| Enforcement date | Already active — no phase-in | August 2, 2026 for Article 50 obligations |
| Applies to non-US companies | Yes — if serving US consumers | Yes — if accessible to EU users |
The practical implication: complying with EU AI Act Article 50 on chatbot disclosure also satisfies the FTC's deception standard in most cases. A single compliant disclosure serves both jurisdictions. For a full breakdown of the EU obligations, see our guide on chatbot disclosure requirements.
How to Comply With FTC AI Disclosure Rules
Disclose chatbot AI identity at the point of interaction
Add a clear, visible label before or at the start of every conversation: "You are chatting with an AI assistant." A human-sounding name like "Sarah" or "Alex" without any disclosure does not meet the FTC's clear and conspicuous standard.
Label AI-generated reviews and testimonials
Under the updated Endorsement Guides, any AI-generated review or testimonial must be labeled as such. "AI-generated" or "Created with AI" are acceptable labels. Publishing AI testimonials as real customer feedback is a deceptive practice.
Do not make false claims about AI capabilities
The DoNotPay case was primarily about capability misrepresentation. If your website claims your AI can do something it cannot — provide legal advice, medical diagnoses, guaranteed results — that is an FTC violation independent of disclosure.
Update your privacy policy to cover AI data processing
The FTC increasingly treats undisclosed data collection by AI systems as an unfair practice. Your privacy policy must explain what data your AI tools collect, how it is used, and whether it is shared with third parties.
Publish an AI usage policy
A public AI policy page documenting what AI systems your website uses, their purposes, and their limitations demonstrates good faith to regulators and reduces enforcement risk.
Run a free automated scan to check your website for FTC and EU AI Act disclosure gaps — results in 60 seconds, no account required.
For the CCPA-specific obligations that apply alongside FTC rules for California consumers, see our CCPA AI compliance guide.
Frequently Asked Questions
Does the FTC have the authority to regulate AI on websites?
Yes. The FTC derives authority to regulate AI from Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices in or affecting commerce. The FTC has applied this authority to AI chatbots, AI-generated endorsements, and deceptive claims about AI capabilities. In 2024, the FTC issued an AI policy statement explicitly asserting that existing consumer protection laws apply to AI systems.
What is the FTC's standard for 'clear and conspicuous' AI disclosure?
The FTC's clear and conspicuous standard requires that disclosures be noticeable, readable, and understandable to the average consumer. A disclosure buried in terms of service, in a footnote, or in small print does not meet this standard. For AI chatbots, this means a visible label in the chat interface itself — not a linked policy page.
Does the FTC require disclosure of AI-generated reviews?
Yes. Under the FTC's updated Endorsement Guides (16 CFR Part 255), effective 2023, AI-generated endorsements and reviews must be clearly disclosed. Publishing AI-generated testimonials as if they were real customer reviews is a deceptive practice under Section 5.
Can the FTC fine a non-US company for AI disclosure violations?
Yes. The FTC has jurisdiction over any company that engages in commerce affecting US consumers, regardless of where the company is based. Non-US websites that serve US consumers and use AI without adequate disclosure are within the FTC's enforcement scope.
How does FTC AI enforcement differ from EU AI Act enforcement?
The FTC enforces through case-by-case investigation under existing consumer protection law — no dedicated AI regulation exists at the federal level in the US. The EU AI Act is a dedicated regulation with specific articles, risk tiers, and mandatory compliance requirements. EU fines are codified (up to €15M for transparency violations); FTC penalties vary by case and are determined through consent orders or court judgments.
Check Your Website Now — It's Free
Run a free EU AI Act compliance scan. No signup required.
Start Free Scan →