Privacy & Information Security Law Blog

New York recently passed a bill that amends the New York General Business Law (the “Bill”) to impose new requirements on (1) the use of artificial intelligence (“AI”) for algorithmic pricing and (2) the operation of AI systems that simulate social human interactions (i.e., AI companions). 

The requirements related to algorithmic pricing went into effect on July 8, 2025; those related to the operation of AI companions will go into effect on November 5, 2025.

Algorithmic Pricing Requirements

The Bill requires entities engaging in personalized algorithmic pricing using a consumer’s personal data to include a clear and conspicuous disclosure alongside the price that states “THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA”.  “Entity” is broadly defined as “any natural person, firm, organization, partnership, association, corporation, or any other entity domiciled  or  doing business in New York state.” “Personal data” also is broadly defined as “any data that identifies or could reasonably be linked, directly or indirectly, with a specific consumer or device.”  It does not include location data that is used by for-hire vehicles to calculate fares based on mileage and trip duration.

The disclosure requirement does not apply to prices offered to consumers who have an existing subscription-based contract for goods or services with an entity and where the price offered is less than the price for the same good or service set forth in the subscription-based contract. The Bill also does not apply to entities that are subject to New York’s insurance law or regulations, financial institutions or their affiliates subject to the Gramm Leach Bliley Act, or financial institutions as defined in New York’s financial services law.

The New York Attorney General may issue a cease and desist letter for violations of the disclosure requirement. If an entity fails to cure the violation, the Attorney General may seek a court injunction and civil penalties of up to $1,000 per violation.  The Bill does not provide a private right of action.

AI Companion Requirements

The Bill imposes specific requirements on operators of AI companions.  The Bill defines an “AI companion” as a system using AI, generative AI and/or emotional recognition algorithms designed to simulate a sustained human or human-like relationship with a user.  The Bill prohibits AI companion operators from providing an AI companion unless the AI companion contains a protocol to take reasonable efforts to detect and address suicidal ideation or expressions of self-harm expressed by a user to the AI companion. Such protocols include detection of user expressions of suicidal ideation or self-harm and a notification to the user that refers them to crisis service providers.

In addition, AI companion operators must provide notification to users at the beginning of any AI companion interaction that the user is not communicating with a human, as well as at every three-hour interval during continued AI companion interactions.

With respect to enforcement, where the New York Attorney General believes the operator has violated these requirements, it may bring an action to enjoin an AI companion operator from engaging in the unlawful act and may seek civil penalties of up to $15,000 per day.  The Bill does not provide a private right of action.