Artificial intelligence is increasingly becoming part of everyday business, from customer service chatbots to AI-driven sales assistants. AI tools are also becoming more human-like, leading to a very practical legal question: Do businesses have to tell users they are interacting with AI? The answer is not a simple ‘yes’ or ‘no.’ It mainly depends on where your business operates, how the AI is applied, and whether the interaction could mislead a reasonable consumer. If your business is using chatbots or automated systems, read on to learn more about AI disclosure rules.
Several states have recently been passing laws that specifically address AI disclosure in consumer interactions, and the requirements vary by state.
For example, California’s bot disclosure law makes it unlawful to use a chatbot to communicate with someone online with the intent to mislead them about its artificial identity to influence a commercial transaction, unless the business clearly discloses that it is a bot. The New York Synthetic Performer Disclosure law requires commercial advertisers to disclose conspicuously when a synthetic performer is used in a visual or audiovisual advertisement.
Over in Colorado, the Colorado AI Act requires “high-risk” AI systems, such as those involved in consequential decisions about employment, housing, or healthcare, to be disclosed unless it’s obvious that AI is being used. Maine’s Chatbot Disclosure Act requires disclosure when a chatbot could reasonably mislead a consumer into thinking they are interacting with a human. In New Jersey, the law requires that where a bot is used in advertising or sales, disclosure should be made at the start of the interaction. Utah AI disclosure laws require disclosure in certain professional or consumer interactions, especially if a user asks or when the interaction concerns regulated services.
Even when state law doesn’t specifically require disclosure, businesses are not off the hook. Remember, there are general consumer protection laws, often referred to as unfair or deceptive acts or practices, that apply. The Federal Trade Commission (FTC) can take action against a business that uses AI in a way that misleads consumers. The risk may even increase in situations where users expect human interactions, such as customer support, dating platforms, or professional services. If your business benefits from such interactions without clarifying its AI use, it could face regulatory scrutiny.
Given the growing number of laws governing AI disclosure, the safest approach is transparency. Clear, upfront disclaimers, such as “You are chatting with an AI assistant,” can significantly reduce your legal risk. Additionally, you should also consider context. For instance, AI used in sensitive interactions, such as healthcare, finance, or legal services, should be disclosed upfront for clarity and accountability.
Finally, ensure you stay informed. AI regulation is evolving quickly, and more states may be introducing AI disclosure requirements that may influence how you run your business.
So, are businesses required to tell users they are chatting with AI? Increasing, yes, especially where there is a risk of confusion or deception.
Several states have enacted or are advancing laws that require businesses to disclose when users are interacting with an AI system rather than a human. California’s BOT Disclosure Law, Cal. Bus. & Prof. Code § 17940 et seq., effective since 2019, prohibits any person from using a bot to communicate with a California resident online with the intent to mislead the recipient into believing they are communicating with a human. The law applies to bots used to influence sales of goods or services and political campaigns. It exempts bots that clearly disclose upfront that they are a bot—requiring businesses to ensure AI chatbots identify themselves before or at the beginning of the interaction, not buried in terms of service or accessible only by asking directly.
Colorado’s HB24-1468, enacted in 2024, takes a broader approach: it creates consumer protection obligations for developers and deployers of “high-risk artificial intelligence systems” that make or substantially assist in making “consequential decisions” about consumers in employment, education, healthcare, housing, financial services, and similar domains. While it does not require disclosure for every chatbot, its scope covers AI-assisted interactions that affect significant consumer interests. Illinois, Texas, and other states have AI-related legislation under active consideration. As of 2025, the trend is toward more disclosure requirements, not fewer, and businesses that design customer-facing AI tools without considering disclosure obligations are building legal exposure into their products from the ground up.
Even absent a specific federal AI disclosure statute, the FTC Act Section 5, 15 U.S.C. § 45, prohibits unfair or deceptive acts or practices in commerce. The FTC has made clear through policy statements, workshops, and enforcement actions that using AI to deceive consumers—including misrepresenting that an AI is a human—falls within its Section 5 authority. The agency’s 2023 policy statement on AI and enforcement, its guides on endorsements (which now cover AI-generated content), and its prior enforcement actions involving deceptive chatbot personas all point toward a clear expectation: businesses using AI in customer-facing interactions must not deceive consumers about the nature of what they are interacting with.
In 2024, the FTC announced enforcement actions related to AI persona companies that created human-sounding AI chatbots designed to form emotional connections with users without disclosing their AI nature. The FTC’s theory was straightforward: representing an AI as a human in commercial interactions is a material misrepresentation that can affect consumer decision-making, which is precisely the type of deceptive practice Section 5 reaches. Civil penalties for knowing violations of FTC rules or orders can exceed $50,000 per violation. For businesses using AI in customer service, sales, or collections contexts, the safest approach is proactive disclosure that does not require consumers to ask.
The European Union’s AI Act, which entered into force in August 2024 with phased implementation through 2027, creates explicit disclosure requirements for AI systems that interact with humans. Article 52 requires that AI systems intended to interact directly with natural persons must be designed and deployed in such a way that users are informed they are interacting with an AI, unless this is obvious from the context. This applies to chatbots and virtual assistants regardless of the risk level of the underlying system. The requirement applies when the AI system is made available to EU users, meaning U.S. businesses serving European customers must comply.
Beyond chatbots, the EU AI Act requires that deepfake content—AI-generated images, audio, or video of real people—be disclosed as artificially generated or manipulated. This has direct implications for U.S. businesses that use AI-generated video content featuring virtual spokespersons, AI-generated customer testimonials, or AI-synthesized audio in marketing materials directed at EU consumers. The AI Act’s enforcement structure assigns supervisory authority to member state market surveillance authorities, with the European AI Office handling systemic violations. Fines can reach €35 million or 7% of global annual revenue for violations of prohibited practices, and €15 million or 3% of global annual revenue for other violations—numbers that make the EU AI Act a material compliance consideration for any mid-sized U.S. business with European customers.
Several federal agencies have issued sector-specific guidance on AI disclosure that goes beyond the FTC’s general framework. The Consumer Financial Protection Bureau (CFPB) has stated that financial institutions using AI in consumer-facing services—including AI-driven collections, loan decisioning, and customer service—must provide clear explanations for AI decisions that affect consumers, consistent with obligations under the Fair Credit Reporting Act (FCRA), Equal Credit Opportunity Act (ECOA), and consumer protection statutes. The CFPB has specifically warned that opaque AI systems that consumers cannot meaningfully question or challenge may violate the adverse action notice requirements of these statutes.
In healthcare, the Food and Drug Administration (FDA) has developed a regulatory framework for AI-enabled medical devices that includes transparency requirements for how AI systems were trained and validated. The Department of Health and Human Services Office for Civil Rights (OCR) has issued guidance on how HIPAA applies when AI systems process protected health information. For educational technology companies subject to FERPA, the Department of Education has flagged concerns about AI systems that make or substantially contribute to decisions about student records or disciplinary matters without adequate transparency to students and parents.
The most defensible approach to AI disclosure is designing it into your product from the beginning rather than retrofitting it after regulatory scrutiny arrives. For customer-facing chatbots: disclose the AI nature of the agent at the beginning of each conversation, in clear language, before the user provides any information. For AI-generated content in marketing: label AI-generated images, videos, and text when their AI origin is not obvious and could affect how consumers perceive them. For AI-assisted decision-making that affects consumers: provide a meaningful explanation of the factors that drove the decision and a genuine opportunity for consumers to challenge it.
Document your AI disclosure practices with the same rigor you apply to privacy policy compliance—because regulators will ask for documentation when they investigate. Maintain records of the disclosure text presented at each touchpoint, version-controlled with deployment dates. Conduct periodic testing of your AI-facing interfaces to verify that disclosures are displaying correctly, that “easy out” options for consumers who want to speak with a human are functioning, and that the AI is not being programmed to deny its AI nature when directly asked by users. A user who asks “Am I talking to a bot?” and receives a human-identifying response is a red flag in any regulatory investigation.
If your business uses AI chatbots, virtual agents, or AI-generated content in customer-facing contexts and you want to assess your disclosure obligations, contact the internet law attorneys at Revision Legal through the form on this page or call (855) 473-8474. Our internet law practice advises businesses on AI compliance, FTC response, and privacy law across all U.S. markets.
Artificial intelligence has become part of nearly every business operation. Businesses now use AI tools to write marketing copy, generate product images, compose emails, draft social media posts, and produce video and audio content at a scale that was not possible a few years ago. The efficiency gains are real. But so are the legal […]
Read more about The Risks of Using AI-Generated Content in Your Business
Receiving a cease and desist letter can feel alarming. One minute you are running your business as usual, and the next you are staring at a legal demand accusing you of trademark infringement, copyright violation, breach of contract, or some other wrong. The situation can escalate quickly if not handled properly. But receiving a cease […]
Read more about How to Respond to a Cease and Desist Letter
Learn what counts as deceptive pricing in e-commerce, including false discounts, hidden fees, drip pricing, and fake urgency. Revision Legal’s internet law attorneys help online retailers stay compliant with FTC rules.
Read more about What Counts as Deceptive Pricing in E-Commerce?