FTC Enforcement Priorities: What the Agency’s Actions Reveal About 2026 Risk

Key Takeaways

• FTC enforcement in 2026 is concentrated on subscription practices, telemarketing, earnings claims, and auto-renewal models, with ROSCA, TSR, and the Business Opportunity Rule driving significant civil penalty exposure.
• Privacy, data security, and impersonation violations remain priority targets, particularly where companies misrepresent data practices or falsely claim government or business affiliation.
• As the FTC appears to be prioritizing statutes that carry civil penalties — currently $53,088 per violation, per day — proactive compliance review is essential for consumer-facing businesses.

---

It has been one year since the current presidential administration took control of the Federal Trade Commission (“FTC”). With this milestone, it is an appropriate time to evaluate what the FTC’s enforcement actions say about its current priorities and what that means for businesses in 2026.

In a September 2025 address to the National Advertising Division, Commissioner Mark Meador stressed the importance of “kitchen table issues,” meaning the “economic issues that confront ordinary American families . . . every day.” So, what are “kitchen table issues”? For regulated businesses, the most reliable way to interpret that phrase is not rhetoric, but enforcement activity.

Looking at FTC enforcement actions over the past year would be a sound approach to understanding “kitchen table issues” and where the agency is directing resources. The following categories represent the most frequent areas of enforcement cases in 2025 and offer practical insight into compliance risk moving forward.

1. Restore Online Shoppers’ Confidence Act (“ROSCA”) and Negative Option Marketing

ROSCA violations represent the FTC’s most active enforcement category. In practice, it targets subscription and auto-renewal models that fail to provide clear disclosure and easy cancellation. This is the big hammer when it comes to the sale of goods or services with a negative option (e.g., prenotification plans, continuity plans, automatic renewals, and free trial conversion offers) marketed through the internet.

ROSCA requires sellers to:

• clearly and conspicuously disclose all material terms of the transaction before obtaining the consumer’s billing information;
• obtain the consumer’s express informed consent before making a charge; and
• provide simple mechanisms to stop recurring charges.

FTC enforcement actions commonly allege failures in disclosure clarity and cancellation processes. Notably, the FTC interprets “material terms” broadly, increasing risk for subscription-based and continuity-driven business models.

2. Business Opportunity Fraud and the Business Opportunity Rule

The FTC continues to pursue individuals who violate the Business Opportunity Rule, which requires covered sellers to make certain disclosures in a one-page document at least seven days before a buyer must sign a contract or make payment. If the seller makes claims about the buyer’s potential earnings, the seller must:

• Provide substantiation supporting those claims; and
• Allow prospective buyers to review the supporting documentation.

Finally, the rule prohibits certain practices such as misrepresenting the nature of the investment. In addition, under the Federal Trade Commission Act, the seller must have a reasonable basis for all earning claims.

3. Telemarketing Sales Rule (“TSR”) Compliance

With important exceptions, the TSR applies to “a plan, program, or campaign . . . to induce the purchase of goods or services or a charitable contribution” involving more than one interstate telephone call.

The TSR:

• requires disclosures of certain information;
• prohibits misrepresentations;
• limits when telemarketers may call consumers;
• requires transmission of caller ID information;
• prohibits abandoned outbound calls (subject to a safe harbor);
• prohibits unauthorized billing; and
• sets payment restrictions for the sale of certain goods or services.

Importantly, the rule is not limited to cold calls. It applies to upsells even if the initial telephone conversation is exempt from the rule.

4. Privacy and Data Security Enforcement

Privacy and data security remain a priority at the FTC. Companies collecting personal information from their customers must clearly disclose what information they collect, as well as honor representations made regarding how they use and protect consumer data. Finally, companies must take reasonable steps to protect the personal information they have collected from consumers.

Some recent FTC cases illustrate this focus. In one case, the FTC alleged that the company collected, used, and sold consumers’ precise geolocation and driving behavior data without notifying consumers and obtaining their affirmative consent. In another case, the FTC alleged that the company misrepresented that reasonable measures would be implemented to protect personal information from unauthorized access and then failed to employ reasonable and appropriate measures to protect personal information.

5. Impersonation Rule Enforcement

This 2024 rule prohibits sellers from materially and falsely posing as a government or business entity or an officer thereof. The rule is straight forward: you can’t claim to be or to be affiliated with an entity when you are not.

6. Debt Collection and Fair Debt Collection Practices

These cases involved attempts to collect debts that were not owed or debts that the firm had no legal right to collect. These efforts were, in some instances, accompanied by corrosive conduct. In one instance, the FTC also alleged that the firm did not properly identify itself as a debt collector.

7. Gramm-Leach-Bliley Act (“GLBA”) Enforcement

This act prohibits any person from obtaining or attempting to obtain — or causing to be disclosed or attempting to cause to be disclosed to any person — bank account, credit card, or debit card numbers of a financial institution relating to another person . . . by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution. For example, in one case, the FTC alleged that the firm misrepresented that consumers could rent housing units for the advertised price in violation of the GLBA. This statute has potential for broad application.

Additional Warning Letters: Made in USA and Consumer Review Rule

Although not among the top categories, it should be noted that the FTC sent multiple warning letters concerning Made in USA Claims in July 2025. Additionally, in December of 2025, the FTC issued 10 warning letters about possible violations of the FTC’s consumer review rule. These warning letters indicate a strong enforcement interest in these areas.

Why This Matters: Civil Penalty Exposure and Risk Assessment

The FTC appears to be focusing its law enforcement resources on violations of statutes and rules that allow them to impose civil penalties. At the current time, the civil penalty is $53,088. Every day that a violation continues is considered to be a separate violation. The amount will be adjusted upward in 2026.

The potential exposure of a particular company will depend on its line of business. Nevertheless, given the potential penalty, it’s essential to be aware of the FTC’s enforcement focus and factor it into your risk assessment.

For more information on FTC enforcement priorities, please contact AGG Intellectual Property of counsel Rich Cleland or another member of the Intellectual Property practice.

For more information on privacy-related issues, please contact a member of the Privacy & Cybersecurity practice.

For more information on matters related to payments and fintech, please contact a member of the Payment Systems & Fintech industry team.