AI Governance in Retail and Consumer Products: Personalisation, Pricing, and the ACCC

Retail and consumer products — the AI sector under regulatory spotlight

Retail is the consumer-facing sector where AI is deployed most aggressively and where regulatory enforcement is moving fastest. The third annual NVIDIA State of AI in Retail and CPG survey found 9 in 10 retailers will increase AI budgets in 2026, focusing on open-source models, agentic AI, and physical AI. Personalisation has moved beyond targeted advertising into real-time dynamic pricing, AI-driven recommendation engines, AI chatbots handling customer service, AI-generated product descriptions and images, and computer vision-based loss prevention. This intensity of AI use has triggered specific regulatory and litigation responses through 2025-2026.

Algorithmic pricing — the fastest-moving regulatory area

Algorithmic and personalised pricing is now subject to specific legislation in multiple US states. New York's Algorithmic Pricing Disclosure Act took effect 10 November 2025 — the first state law in effect requiring any business that uses personal consumer data to set a price to provide a "clear and conspicuous" disclosure at the point of sale stating that the price was set using personal data. Over 100 price transparency bills were introduced across 33 US states and DC in 2025. California, New Mexico, Pennsylvania, and others have introduced or considered measures requiring retailers to disclose when prices are set using real-time data or AI. Pennsylvania HB 1779 specifically prohibits dynamic pricing based on protected class data (race, gender, religion). At the federal level, the FTC confirmed in April 2026 Congressional testimony that surveillance pricing work continues and the agency is assessing whether additional disclosures may be required when pricing is highly personalised. On 5 March 2026, House Oversight Committee Chairman James Comer launched an investigation into AI use in setting prices, sending letters to travel accommodation companies, rideshare services, and booking websites.

Practical examples: Delta Airlines is implementing dynamic AI pricing for 3% of its domestic tickets, with plans to expand to 20% by end of 2025 — with two passengers sitting adjacent potentially paying vastly different amounts based on price sensitivity. Amazon adjusts prices multiple times daily and has documented a 25% revenue boost. Walmart uses AI for store-level demand forecasting, cutting inventory costs by 10%. These models are legal in most jurisdictions, but transparency obligations are tightening rapidly.

EU and UK consumer protection — what applies to retail AI

In 2025, EU guidelines mandated transparency in personalised pricing; in 2026, these rules are expanding to cover dynamic marketplace pricing more broadly under the Digital Services Act and Consumer Protection Cooperation Regulation. The Unfair Commercial Practices Directive (UCPD) prohibits misleading omissions — failing to disclose that prices are personalised or algorithmically determined where this materially affects the consumer's purchasing decision may constitute a misleading omission.

In the UK, the Digital Markets, Competition and Consumers Act 2024 came into force in stages from 2024-2025, giving the CMA enhanced powers including direct enforcement of consumer protection law without going through the courts. AI-driven dark patterns, drip pricing, and misleading personalised offers are all within CMA enforcement scope. The CMA's 2025/26 priorities include AI-enabled consumer harm.

Australian Consumer Law — applies to all AI-driven retail conduct

Australia's regulatory position was confirmed by Treasury's October 2025 Review of AI and the Australian Consumer Law: the existing ACL framework is fit-for-purpose for AI, with targeted clarifications rather than separate AI legislation. The ACCC has demonstrated active enforcement: September 2025 proceedings against JustAnswer LLC over alleged misleading subscription pricing; October 2025 proceedings against Microsoft over alleged misleading Copilot AI integration in Microsoft 365 plans affecting 2.7 million Australians. Misleading pricing is a 2025-26 ACCC enforcement priority.

AI chatbots and customer service — the legal exposure

AI chatbots handling customer service create direct legal exposure for retailers. The business is liable for chatbot statements as if a staff member had made them. Common issues: chatbots that misrepresent return policies, refund eligibility, warranty terms, or product features; chatbots that fail to identify themselves as AI (likely a breach of EU AI Act Article 50 from 2 August 2026); chatbots that "hallucinate" specific offers, discounts, or commitments that the retailer cannot honour. Several high-profile cases in 2024-2025 (Air Canada chatbot bereavement fare case is the canonical example) have established that retailers cannot disclaim chatbot statements as separate from their corporate representations.

AI-generated product content — copyright and disclosure

Retailers using generative AI for product descriptions, images, and marketing content face two specific issues. First, US Copyright Office May 2025 guidance confirmed that fully AI-generated works are not copyrightable — retailers cannot claim copyright protection over purely AI-generated product imagery or descriptions, which has implications for marketplace listings and reseller relationships. Second, from EU AI Act Article 50 (effective 2 August 2026), AI-generated content depicting products or experiences that could falsely appear authentic must be disclosed. Retailers using AI-generated lifestyle images, virtual showrooms, or product photography need to consider whether disclosure obligations apply.

Loss prevention and surveillance AI — biometric and worker monitoring concerns

Computer vision-based loss prevention is widely deployed in retail. These systems create both consumer privacy concerns (where customers are not informed about facial recognition or biometric tracking) and worker monitoring concerns (where AI is also used to monitor employee behaviour). EU AI Act prohibits emotion recognition in workplaces (Article 5, in force from 2 February 2025) — a system that purports to detect employee emotions from facial expressions or behaviour is prohibited. Biometric categorisation systems used in retail spaces are high-risk under Annex III. Under GDPR and UK GDPR, biometric data is special category data requiring explicit consent or another Article 9 lawful basis. In Australia, the Privacy Act applies to biometric collection and the OAIC has been active in this area.

What retailers should do now

Audit your AI pricing systems against state and EU disclosure requirements. If you operate in New York, ensure point-of-sale disclosure for personalised pricing is in place. Map your chatbot interactions against EU AI Act Article 50 — chatbots must disclose they are AI by 2 August 2026, and disclosure should be at first contact, not buried in T&Cs. Review your AI-generated content disclosure approach — particularly lifestyle imagery, virtual showrooms, and product representations. Document your biometric and surveillance AI systems with lawful basis assessments, privacy notices, and (in the UK/EU) DPIAs. Update your customer-facing privacy policy to disclose AI uses including personalisation, recommendation engines, automated decision-making, and chatbot interaction. Train customer service teams on what AI chatbots can and cannot commit to on the business's behalf, and implement monitoring to identify hallucinations that create unintended commitments.