Key Points
- The outcome of recent gubernatorial and attorney general elections has added momentum to the trend of increased enforcement by states in areas previously perceived as primarily federal territory.
- The elections are another reason for companies to evaluate whether their corporate compliance programs adequately reflect the shifting regulatory environment.
- Areas of potential exposure include consumer protection, data privacy, antitrust, anticorruption and securities enforcement.
__________
States are building on their enforcement momentum following the November 2025 gubernatorial and attorney general (AG) elections. Businesses may want to take into consideration how changes at the top of state governments often signal changes in state AG enforcement postures, as well as within the broader regulatory landscape in which companies operate.
Three enforcement themes have emerged, each carrying implications for companies.
1. Consumer Protection and Data Privacy Enforcement
Candidate campaigns have increasingly emphasized “holding bad actors accountable” for deceptive and unfair business practices, and misleading marketing or data privacy abuses that have an adverse impact on constituents — children in particular.
State AGs, traditionally considered the chief consumer protection advocates in their states, have ramped up investigations and enforcement actions. They have also collaborated on investigations and enforcement actions across state lines, as seen in the formation of the Consortium of Privacy Regulators, a bipartisan group comprised of the California Privacy Protection Agency and nine state AGs. (See our client alerts “State Attorneys General May Fill Enforcement Void Left by Shift in Federal Priorities” and “Eight-State Consortium of Privacy Regulators Marks Shift Toward Coordinated Enforcement.”)
State AGs have also been using existing consumer protection laws to address challenges associated with artificial intelligence (AI), though this approach could shift as federal standards take shape.
In December 2025, the Trump administration issued an executive order directing the U.S. attorney general to challenge state AI laws that conflict with federal policy, with the aim to ensure a national framework for regulating AI.
A bipartisan coalition of 36 state AGs had sent a letter to Congress in November 2025 opposing a proposed federal ban on state laws regulating AI and expressing interest in state-federal collaboration to develop regulations that promote innovation while protecting the public.
While the executive order could impact how state AI laws are enforced, companies may want to consider the following in their approach to their consumer protection and data privacy practices:
- Monitoring developments relating to the implementation of a new federal AI framework.
- Mapping what data they collect and process.
- Revamping their privacy policies.
- Assessing their practices against the evolving statutes in anticipation of aggressive enforcement of consumer law frameworks, especially as states continue to pass legislation and issue guidance strengthening consumer protection.
2. Antitrust Implications
Gubernatorial candidates put affordability at the forefront of their campaigns, and those elected have indicated that one way they intend to address this issue is by targeting anticompetitive practices. Some governors and state AGs are expanding their scrutiny of mergers, monopolistic conduct and platform power in response to perceived insufficiencies in, or to supplement, federal enforcement efforts.
New laws indicate that states are bolstering their enforcement capabilities. In 2025, there was new legislation in California and New York that increases criminal penalties for antitrust violations. Laws in Colorado and Washington now require companies to submit premerger notifications to state authorities.
Companies should consider monitoring new developments in this area, especially since legislation varies from state to state.
3. Anticorruption and Securities Enforcement
Companies may want to be alert to how state AGs have intensified their focus on violations of anticorruption and securities laws. State authorities have signaled their intent to bring actions for violations of such laws through available enforcement mechanisms.
Earlier in 2025, California’s attorney general “remind[ed] business[es] operating in California that it is illegal to make payments to foreign-government officials to obtain or retain business,” and informed them that such conduct is actionable under California’s Unfair Competition Law. (See our April 8, 2025, client alert “California Attorney General Warns That FCPA Violations Are Still Actionable Under State Law.”)
In October 2025, a coalition of 21 state AGs submitted a joint comment letter urging the SEC to provide clear, narrowly tailored definitions for the security status of digital assets under federal law. In it, the state AGs claimed that such definitions are critical to maintaining the balance of power between federal and state governments, protecting consumers from harm and allowing states to innovate in regulating emerging technologies.
Final Thoughts
Companies may want to view the recent state elections as opportunities to revisit, refresh and reinforce their state-level enforcement readiness. As new governors take office and state AGs recalibrate their enforcement priorities, companies that factor political shifts into their compliance programs will be best positioned to stay ahead of evolving risks.
Read more about AI, digital assets and SEC regulation:
See the full 2026 Insights publication
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.