Maryland Governor Wes Moore signed House Bill 895 on April 28, 2026, making Maryland home to the nation’s most aggressive law against surveillance pricing. Every lender using behavioral data to set loan rates should be paying attention.
The Protection From Predatory Pricing Act targets food retailers with spaces of at least 15,000 square feet and third-party delivery apps. It bans dynamic pricing based on personal data, including pricing driven by AI models that retrain in near real time. Exceptions exist for loyalty programs, promotional discounts, geography-based pricing, and supply-and-demand shifts that don’t use individualized consumer data. Effective October 1, 2026.
Financial institutions are carved out — for now. The law expressly excludes GLBA-covered entities from one section. Carve-outs aren’t constitutional guarantees.
The pattern should look familiar to anyone who watched state privacy law spread east from California. Maryland’s definition of surveillance pricing maps directly onto what fintechs and lenders call risk-based pricing: geolocation, browsing behavior, device information, purchase history, inferred behavioral traits. The law also bans use of “protected class data” where it produces discriminatory effects, language that maps cleanly onto ECOA and Fair Housing Act disparate-impact theories.
If other states follow Maryland’s template, loan pricing, credit card APRs, and overdraft fees become targets. Start the model audit now. Pull the feature list on your pricing engine and flag every input that resembles what Maryland just banned.
October 1 is when grocers have to comply. The question is when lenders get their own deadline.
Nathan Zakhary