6 min read

Which Federal Agencies Actually Enforce US AI Rules

Federal building stone facade with official nameplate

Introduction

The United States has no single agency tasked with enforcing artificial intelligence regulation. Instead, a patchwork of federal bodies, each armed with its own statutory mandate, has claimed jurisdiction over different slices of the AI landscape. For founders, engineers, and compliance officers building or deploying AI systems, this fragmented approach to US AI regulation enforcement creates real confusion about where legal risk actually lives. The Federal Trade Commission, the Equal Employment Opportunity Commission, the Consumer Financial Protection Bureau, and the Food and Drug Administration all wield meaningful authority, but their jurisdictions overlap in some areas and leave blind spots in others. The gap between what these agencies can do and what they have actually done is where the most consequential compliance risk hides.

Federal building stone facade with official nameplate

The Primary Enforcers of AI Accountability

Several federal agencies have repurposed existing consumer protection, civil rights, and financial regulation statutes to regulate AI-no new legislation required. The result is a federal AI regulation framework built on old laws applied to new technology, which makes understanding each agency's specific lane essential for anyone navigating AI compliance requirements in the United States.

The FTC: Broadest Reach, Sharpest Teeth

The Federal Trade Commission is the closest thing the US has to a general-purpose AI regulator. Its authority derives from Section 5 of the FTC Act, which prohibits unfair or deceptive practices in commerce. The agency has applied this mandate aggressively to artificial intelligence systems, targeting companies that make misleading claims about what their AI can do or that deploy algorithms causing substantial consumer harm.

  • Deceptive AI claims: The FTC has pursued companies overstating AI capabilities, including chatbot operators and surveillance tool vendors who misrepresented accuracy rates

  • Algorithmic destruction orders: In several cases, the agency has required companies to delete not just improperly collected data but also the AI models trained on that data, a remedy with no parallel in other jurisdictions

  • Commercial surveillance rulemaking: The FTC has opened a proceeding exploring whether new rules are needed to govern how companies collect and use data to train AI systems

  • Generative AI enforcement: The agency has signaled that generative AI tools used for scams, impersonation, or deceptive content fall squarely within its enforcement scope

The EEOC: Algorithmic Hiring Under the Microscope

The Equal Employment Opportunity Commission has carved out a focused mandate around AI in employment decisions. Its initiative on AI and algorithmic fairness, launched in 2021, directly targets hiring tools, promotion algorithms, and automated screening systems that produce discriminatory outcomes. Title VII of the Civil Rights Act and the Americans with Disabilities Act give the EEOC standing to challenge AI-driven employment decisions that result in disparate impact, even when the employer outsourced the algorithm to a third-party vendor.

The agency has made clear that employers cannot deflect responsibility by pointing to the software provider. If an AI resume screener systematically filters out candidates with disabilities or disproportionately rejects applicants from protected classes, the employer faces liability. This position has pushed HR tech vendors to invest heavily in bias auditing, though there remain relatively few compared to the pace of AI adoption in hiring pipelines.

Minimalist desk with compliance documents and closed laptop

Sector-Specific Regulators and the Gaps Between Them

Beyond the FTC and EEOC, several agencies exercise narrow but potent authority over AI within their regulated industries. These sector-specific enforcers often have clearer rules but limited reach, meaning a company operating across multiple domains may answer to several regulators simultaneously while finding that some of its AI applications fall under nobody's direct oversight.

CFPB, FDA, and SEC: Where the Rules Get Granular

The Consumer Financial Protection Bureau has been among the most vocal agencies on algorithmic accountability enforcement in lending. The CFPB has issued explicit guidance stating that creditors using AI or machine learning models must still provide specific, accurate reasons when denying credit applications. "Black box" models that cannot produce these explanations violate the Equal Credit Opportunity Act, regardless of how sophisticated the underlying technology may be. The agency has also acted to protect the public from opaque credit models that use alternative data sources like social media activity or browsing history.

The FDA operates a different model entirely. It has authorized over 900 AI-enabled medical devices through its premarket review process, applying a lifecycle-based regulatory approach that requires manufacturers to demonstrate safety and effectiveness before and after deployment. Unlike other agencies reacting to AI harms after the fact, the FDA exercises gatekeeping authority. No AI diagnostic tool, imaging assistant, or clinical decision support system reaches the US market without FDA clearance or approval. The Securities and Exchange Commission has also entered the conversation, proposing rules around AI use by broker-dealers and investment advisers, particularly where algorithmic recommendations could create conflicts of interest harmful to investors.

The Executive Order and Its Uncertain Future

The Biden administration's October 2023 Executive Order on AI represented the most comprehensive attempt to coordinate federal oversight. It directed agencies to develop AI safety standards, required disclosure of red-team test results for powerful foundation models, and tasked the National Institute of Standards and Technology with creating risk management frameworks. Risk management frameworks help organizations evaluate AI system impacts consistently. However, executive orders carry inherent fragility. They can be rescinded by any subsequent administration, and the Trump administration moved swiftly in early 2025 to revoke key provisions, replacing them with a policy framework emphasizing innovation over precautionary regulation.

This shift has practical consequences. Without the EO's reporting requirements, there is less visibility into how companies developing the most capable AI systems are managing risk. The individual agencies retain their statutory enforcement powers, but the interagency coordination mechanism that the EO established has largely dissolved. For companies, this means that US government AI policy is now defined almost entirely by what each agency independently chooses to prioritize.

Regulatory agency documents arranged in overhead grid

Conclusion

The reality of AI regulatory compliance enforcement in the United States is that no single agency owns the problem. The FTC holds the broadest consumer-facing authority, the EEOC covers employment algorithms, the CFPB guards financial fairness, and the FDA regulates medical AI. State AI regulations add another layer, with jurisdictions like Colorado and California passing their own algorithmic accountability laws that operate independently of federal action. For startups and scaling companies, the practical takeaway is to map every AI application to the specific agency (or agencies) whose mandate it touches, rather than waiting for a unified federal framework that may never arrive. TechBriefed tracks these regulatory developments daily, helping decision-makers stay ahead of the shifting enforcement landscape. The companies that build compliance into their AI development process now, agency by agency, will carry far less risk than those banking on regulatory clarity that keeps getting delayed.

Stay informed on the latest AI regulation developments by subscribing to TechBriefed's daily briefing.

Frequently Asked Questions (FAQs)

Who enforces AI regulations in America?

Multiple federal agencies enforce AI rules within their existing statutory mandates, including the FTC for consumer protection, the EEOC for employment discrimination, the CFPB for financial services, and the FDA for medical devices.

How does the FTC enforce AI regulations?

The FTC uses its Section 5 authority against unfair and deceptive practices to pursue companies making false AI claims, deploying harmful algorithms, or collecting data improperly for model training, and can order the deletion of both data and the models built from it.

What are the penalties for AI regulation violations?

Penalties vary by agency but can include multimillion-dollar fines, consent orders requiring operational changes, mandatory deletion of AI models trained on improperly obtained data, and ongoing compliance monitoring.

How does US AI regulation compare to the EU AI Act?

The US relies on existing sector-specific laws enforced by multiple agencies rather than a single comprehensive statute, while the EU AI Act establishes a unified risk-based classification system with dedicated enforcement mechanisms across all member states.

How will generative AI be regulated in 2025?

Federal agencies are expected to apply existing enforcement authorities to generative AI, with the FTC targeting deceptive outputs and impersonation, while Congress continues to debate whether new legislation specifically addressing foundation models and synthetic content is necessary.

Liked this? You will love the briefing.

One email. Every morning. The tech that matters.