OpenAI faces investigation from state attorneys general

OpenAI is now facing scrutiny from multiple state attorneys general, who have launched a coordinated investigation into the company's business practices. The probe covers a notably broad range of concerns, from how OpenAI handles advertising policies to the way it manages sensitive health data.

The Details

The investigation involves attorneys general from several states, though the specific jurisdictions have not been publicly disclosed. Regulators are casting a wide net, examining multiple areas of the company's operations simultaneously.

Key areas under investigation include:

• Advertising policies and how they are applied across OpenAI's products
• Health data handling, raising questions about what patient or user health information OpenAI collects and how it is used
• Other business conduct practices that have not yet been fully detailed publicly

This is not OpenAI's first brush with legal pressure. The company has faced a lawsuit from the state of Florida and ongoing questions about its governance structure as it moves toward an IPO. A multi-state AG investigation adds a new and potentially more consequential layer of regulatory risk.

Why This Matters for Service Providers

For MSPs and telecom resellers building service stacks on top of AI platforms, regulatory scrutiny of this scale is a signal worth paying attention to. If health data handling becomes a formal liability, any service provider deploying OpenAI-powered tools for healthcare clients could face downstream compliance exposure.

This is particularly relevant for those following a healthcare vertical playbook, where HIPAA obligations already require careful vetting of AI vendors and their data practices. A state-level investigation does not automatically mean wrongdoing, but it does mean added uncertainty for enterprise and regulated-industry deployments.

More broadly, vendors that cannot demonstrate clear, auditable data policies are becoming harder to recommend to clients who operate in regulated environments. Service providers should be asking their AI vendors pointed questions about data residency, health data treatment, and advertising-driven monetization models right now, not after a regulatory action lands.

Looking Ahead

Watch for which states formally identify themselves as participants and whether the investigation expands into specific OpenAI products or API services that MSPs and resellers may be actively reselling. If federal or state compliance requirements around AI and health data tighten as a result, service providers will need vendor documentation ready before clients start asking.

For the full story, read the original article on TechCrunch AI.