Published May 9, 2026. Maryland's Protection from Predatory Pricing Act (HB 895) was signed by Governor Wes Moore in April 2026. Effective October 1, 2026. This guide covers what is prohibited, who is covered, and what the exemptions are.
Maryland's Protection from Predatory Pricing Act is the first US state law to directly restrict surveillance pricing in food retail — charging individual consumers different prices based on their personal data profiles. It is not a general AI regulation law and does not address competitor price coordination or hub-and-spoke pricing schemes. The scope is specific: large grocery stores and food delivery platforms using consumer data to personalize food prices.
What the Law Bans
The core prohibition: food retailers cannot use consumer personal data to charge one consumer more than another for the same food item.
The law defines the prohibited practice as "dynamic pricing" — a term the legislature uses specifically to mean personalized pricing based on individual consumer data, not demand-based pricing that applies equally to all consumers.
| Practice | Legal status under Maryland law |
|---|---|
| Different prices to different consumers based on their browsing history | Prohibited |
| Different prices to different consumers based on income data | Prohibited |
| Different prices to different consumers based on location data used to infer willingness to pay | Prohibited |
| Different prices based on purchase behavior analytics showing individual price sensitivity | Prohibited |
| Surge pricing that applies equally to all consumers during high-demand periods | Permitted |
| Geographic price differences based on supply chain and shipping costs | Permitted |
| Loyalty program discounts based on membership status | Permitted |
| Promotional and sale pricing applied to all consumers | Permitted |
| Subscription pricing tiers | Permitted |
| Prices offered in exchange for the consumer's explicit consent to share data | Permitted |
The distinction the law draws: demand-based and geography-based pricing is permitted because it reflects objective market conditions that apply to everyone. Personalized pricing based on individual consumer data profiles is prohibited because it charges different people different amounts for identical products.
Who Is Covered
Covered:
- Food retailers operating grocery stores or retail food stores with 15,000 or more square feet of sales area in Maryland
- Third-party delivery service providers that connect grocery retailers to delivery services and consumers for food purchases
Not covered:
- Grocery stores or food retailers under 15,000 sq ft (small grocers, corner stores, specialty shops)
- Restaurants and food service establishments
- Non-food retail (the law applies specifically to food products)
- Non-food product categories sold by covered food retailers
- Online-only food retailers that do not operate a physical Maryland grocery store (this is less certain — check with counsel)
The 15,000 sq ft threshold captures major chains — Walmart, Kroger, Giant, Safeway, Whole Foods, Target — but not small independent grocers.
Personal Data Covered
The law covers personal data "linked or reasonably linked to an identified or identifiable consumer," excluding de-identified data and publicly available information. Data types specifically implicated:
- Browsing history — including product pages viewed, searches, and time spent on pages
- Location data — geographic location used to infer affluence or willingness to pay
- Purchase behavior — frequency, basket size, brand preferences, price sensitivity indicators
- Inferred income or demographics — data purchased or derived that estimates consumer income or economic status
- Protected class data — race, gender, ethnicity, and other legally protected characteristics (the law adds this as a separate concern)
What to Do Before October 1, 2026
If you are a covered food retailer or grocery delivery platform:
- Audit your pricing systems — identify any dynamic pricing component that uses consumer-level personal data (not just aggregate demand) to set prices
- Confirm what data inputs your pricing tools use — get written documentation from any third-party pricing software vendor about whether they use individual consumer data profiles
- Separate personalization from personalized pricing — product recommendations, marketing personalization, and loyalty discounts remain legal; personalized price-setting does not
- Review delivery platform contracts — if you use Instacart, DoorDash Grocery, or similar, confirm how their pricing layer operates and whether it uses consumer data to set prices
- Document your pricing methodology — written description of what your pricing tools do and do not do; this is your first line of defense in an AG inquiry
- Assess your loyalty program structure — confirm your loyalty discounts are based on membership status or actions, not on individual consumer data profiles used to charge non-members more
Federal Context
Maryland's law is narrower than the federal policy debate. The FTC has signaled interest in surveillance pricing more broadly — its 2024 study of surveillance pricing practices examined eight companies using personal data for personalized pricing across retail. Maryland's law turns state-level interest into enforceable rules, specifically for food.
Other states are watching. California, New York, and Illinois have had similar proposals. Maryland's approach — sector-specific (food), with clear exemptions for loyalty programs, and AG-only enforcement — may serve as a template.
Sources: Maryland HB 895 (Protection from Predatory Pricing Act), Maryland Attorney General, Morgan Lewis analysis, Consumer Reports statement on signing. Effective October 1, 2026. Consult counsel for advice specific to your situation.
