Could US Businesses Face Federal Deception Penalties For Using Biased AI Tools?

The US Federal Trade Commission is investigating whether major AI vendors are shaping system outputs to serve undisclosed ideological or political objectives – and whether doing so, without disclosing it to business customers, constitutes a deceptive practice under Section 5 of the FTC Act. The investigation is early-stage and no enforcement actions have been announced. The regulatory signal is nonetheless important – because the liability risks it highlights is anything but hypothetical.

The scenario the FTC appears to be examining is one that most businesses using AI tools for operational decisions haven’t considered: what if the outputs you’re relying on for hiring recommendations, marketing copy, compliance screening or customer service are being subtly shaped by vendor-side parameters you were never told about? The AI tool claims to be neutral – and the vendor’s terms of service mention no filtering or weighting beyond standard safety features. Yet the outputs consistently skew in a direction that reflects an undisclosed objective – and businesses have been acting on them.

 

Cracking The Code On Section 5 – What It Means For AI

 

Section 5 of the FTC Act prohibits unfair or deceptive acts and practices in commerce. The FTC has historically applied it to situations where a business makes a material misrepresentation or omission that harms consumers. The extension of this regulatory approach to AI vendor outputs is a relatively new application, but it follows a logic the FTC has already articulated: if a vendor represents its tool as neutral or objective when it isn’t, that representation is potentially deceptive.

The business-to-business aspect adds a layer of complexity. If a company implements an AI hiring tool that produces biased candidate rankings, the direct harm lands on the candidates who were unfairly screened out. The FTC’s concern appears to extend to the business using the tool as well, on the basis that it was sold a product that didn’t perform as described. Whether a business that relied in good faith on a vendor’s representations about its AI would be treated as a victim or a co-responsible party in any enforcement action is something the legal frame hasn’t yet settled.

Other legal risks for businesses are more immediate. Employment discrimination law doesn’t care whether a biased hiring decision was made by a person or an algorithm – the outcome is what’s assessed. The Equal Employment Opportunity Commission has made it clear that AI screening tools must undergo the same disparate impact analysis as any other selection process. If your AI hiring tool systematically produces outcomes that disadvantage a protected group, that’s a discrimination risk regardless of what the FTC does with the vendor.

 

Is Anyone Doing Due Diligence On Their AI Tools?

 

The candid answer, for the majority of businesses outside regulated industries, is no. AI tools have been adopted fast, integrated into workflows quickly and evaluated almost entirely on performance rather than on how they produce their outputs. The typical procurement process for an AI productivity or HR tool involves assessing user experience, checking integration compatibility, negotiating pricing and reviewing data protection terms. Audit rights over the model’s decision logic, disclosure requirements about training data or filtering and contractual commitments about output neutrality are rarely part of the conversation.

That’s partly because the tools are marketed as capabilities rather than as systems with internal logic that can be audited. When you buy a word processor, you don’t audit the spell-checker’s decision-making. The analogy breaks down when the tool is making recommendations that affect who gets hired, what customers see or which risks get flagged in a compliance process. Those decisions carry consequences that a spell-check error doesn’t.

The businesses most exposed are the ones using AI for consequential decisions without having asked the basic questions: what data was this model trained on, what filtering or weighting is applied to outputs, how would I know if the outputs were systematically biased, and what recourse do I have against the vendor if they are? Most AI vendor agreements don’t provide clear answers to any of those questions, and most businesses haven’t pushed for them.

 

The Due Diligence Checklist For AI Adoption

 

The FTC investigation remains a useful prompt – irrespective of its outcome. The starting point for any business using AI for operational decisions is a basic inventory: which tools, which processes, what outputs, what decisions. That’s the minimum needed to even frame the risk.

On vendor due diligence, the questions worth asking are less about the AI’s technical architecture and more about accountability: does the vendor offer any form of output audit or explainability? Is there a contractual representation about neutrality or absence of undisclosed filtering? What are the indemnification terms if the tool’s outputs create legal liability for your business? What happens if a regulatory investigation finds the vendor’s model was operating in a way that wasn’t disclosed?

Regarding regulation, the path ahead is clearer than it was two years ago. The EU AI Act has established risk categories for AI used in hiring and other high-stakes decisions. US state legislatures are moving on algorithmic accountability. The FTC is testing the boundaries of its deception mandate in this space. Businesses that treat AI vendor accountability as a future problem are likely to find it becoming a present one faster than they expect.

The lesson is simple: subject your mission-critical AI tools to the same level of scrutiny as any other vendor whose products could generate legal liability. The fact that most AI vendors haven’t been asked those questions yet isn’t a reason not to ask them.