The October 1, 2026 deadline is now less than four months away. For retailers operating in California, Maryland, Connecticut, or New York, that is not a comfortable runway. Here is where to focus.
1. Map your pricing data inputs
The first question regulators ask is what data is being used to set prices. If your pricing tool ingests consumer-level personal data including browsing behaviour, location, and device type, you need to know that explicitly, document it, and understand whether your current consumer-facing disclosures are adequate across every state where you operate. This is not a legal team task alone. It requires product and data ownership.
2. Audit your explainability posture
Can your pricing system produce a human-readable explanation of why a specific product received a specific price recommendation on a specific date? If the answer is no, or “sort of,” that is the gap that creates the most legal exposure. An inquiry letter from a state AG will expect a clearer answer than that.
3. Review your vendor contracts
Not all pricing tools carry the same compliance risk. If your vendor uses pooled competitor data as an input to pricing recommendations, that creates exposure for your organisation, not just the vendor. Understand what data your pricing tool relies on, and make sure your contracts reflect where liability sits.
4. Establish documented governance controls
Regulators are not just asking what your pricing tool does. They are asking how your organisation oversees it. Documented approval workflows, override capabilities, and escalation paths demonstrate that humans are accountable for pricing decisions. That matters both as a compliance posture and as evidence of good faith if an inquiry does come.























