Most companies send press releases without realizing one wrong sentence can trigger a federal enforcement action.
The rules aren't hidden. The FTC and SEC publish them clearly, but they're scattered across multiple acts, final rules, and disclosure requirements that most PR teams never actually sit down and read.
This guide pulls everything into one place. By the end, you'll know exactly what the federal securities laws, the Exchange Act, and the FTC require from your press releases and how to stay on the right side of each before you hit send.
Key Highlights
All press release claims must be backed by proof before you publish, not after
The FTC's 4Ps framework controls how disclosures must look and where they must sit
Public companies must file Form 8-K for material information; a press release alone doesn't cut it
The Securities Act and Exchange Act both apply to what public companies say in press releases
Material cybersecurity incidents must be disclosed within four business days under the SEC's 2023 final rule
Regulation FD bans selective disclosure to institutional investors before the public sees the information
The Sarbanes-Oxley Act adds personal liability for executives who approve false statements
What Is US Press Release Compliance?
Simply put, US press release compliance means every press release you send follows the rules set by the FTC, the SEC, and other federal agencies. Those rules cover what you can say, how you must say it, what you must disclose, and when certain forms must be filed alongside the release.
It's not just a box-ticking exercise either. These disclosure requirements exist because companies control what information gets out and when. Investors, consumers, and the public depend on that information being true. The intended audience changes things too. Rules differ depending on whether you're a startup talking to customers or a publicly traded company talking to institutional investors.
Why This Matters More Than Most Companies Think
Here's what most PR teams miss: a press release isn't just a media document. Under federal securities laws and the FTC Act, it's a public statement with real legal weight. Issuers, meaning companies that put information out to the public, are held responsible for what their press releases say. That accountability doesn't sit with legal alone, everyone from the PR team to the CFO carries a share of it.
The Exchange Act, the Securities Act, and the Sarbanes-Oxley Act all touch press releases in different ways. Getting this wrong isn't just embarrassing. It can mean enforcement action, fraud charges, or personal liability for the executives who signed off.
FTC Compliance Rules for Press Releases
The Federal Trade Commission enforces rules on advertising, endorsements, and consumer-facing statements. If your press release makes a claim about a product, a service, or a person's experience, the FTC has jurisdiction.
The legal foundation is Section 5 of the FTC Act, which bans unfair or deceptive acts in commerce. That's a broad net, and press releases land squarely inside it.
The Substantiation Requirement
Every factual claim in a press release must be supported by real evidence before the release goes out. Not after. This is the substantiation requirement, and it's one of the most commonly violated rules in corporate PR.
It's not enough to believe your claim is probably true. You need actual documentation: studies, test results, data that existed before the words were written down.
This rule applies to:
Performance claims ("cuts energy use by 35%")
Health or safety claims ("clinically proven to reduce inflammation")
Environmental claims ("carbon neutral by 2025")
Consumer outcome claims ("9 out of 10 users saw improvement")
The standard shifts depending on how serious the claim is. Health and safety claims need what the FTC calls "competent and reliable scientific evidence," which usually means peer-reviewed studies or randomized controlled trials. A speed claim about software might need less. But "we believe it works" has never been enough, and it never will be.
Practical rule: build an evidence file for every factual claim before you start drafting. That file is your defense if the FTC ever comes looking.
Endorsements, Testimonials, and Material Connection Disclosures
If your press release quotes a customer, influencer, expert, or brand ambassador, two things must be true before you publish.
First, the person quoted must have genuinely used the product or service. Second, any material connection between them and your company must be disclosed clearly, not hidden in fine print at the bottom of the page.
A material connection includes payment, free products, discounts, employment, or even a close personal relationship. The FTC updated its Endorsement Guides in 2023. The rules now cover micro-influencers, affiliate marketers, and anyone quoted in an official release who has any kind of relationship with the company.
Here's what a compliant disclosure looks like: "[Name] received this product at no charge in exchange for their review."
That sentence must sit near the testimonial, not three scrolls down the page. The FTC is very specific about this, and they check.
The 4Ps of FTC Disclosure
The FTC uses a four-part test to decide whether a disclosure is actually good enough. All four must be met simultaneously. Getting three out of four doesn't pass.
Prominence means the disclosure must be big and visible enough that a normal reader actually notices it. Not tiny gray text. Not a footnote.
Presentation means it must be written in plain language. No legal jargon designed to obscure the meaning.
Placement means it must sit close to the claim it's qualifying. Not somewhere else on the page, not after a different section entirely.
Proximity means it cannot be separated from the triggering statement by images, unrelated text, or navigation elements.
Digital press releases add a complication worth knowing. Hyperlinking to a separate disclosure page does not satisfy proximity. The disclosure must be readable without clicking anything. On mobile specifically, it must be visible without extra scrolling or navigation steps.
Health Breach Notification Requirements
If your press release follows a data breach involving consumer health information, the FTC's Health Breach Notification Rule applies immediately. You must notify the FTC about the breach, notify every affected individual, and complete both notifications within 60 calendar days of discovering the breach.
This rule covers health apps, fitness trackers, and any digital service that handles personal health records, even services not covered by HIPAA. The FTC expanded the rule's scope in 2024, so more companies fall under it now than many realize.
SEC Compliance Rules for Public Companies
For publicly traded companies, the SEC's disclosure requirements go significantly beyond what the FTC requires. The Securities Act and the Exchange Act both govern what public companies must say, when they must say it, and what forms must be filed alongside any press release involving material information.
The core idea is simple: investors and the public have a right to material information at the same time. No favoritism. No delays. No selective disclosure to preferred parties.
What Is "Material Information"?
Material information is any fact that a reasonable shareholder would consider important when deciding whether to buy, sell, or hold a company's stock.
Courts and the SEC both rely on the "substantial likelihood" test when determining materiality. If there's a substantial likelihood that a reasonable shareholder would want to know a piece of information, it's material, and it must be publicly disclosed.
Examples of material information include: earnings results or guidance changes, mergers or major acquisitions, leadership changes at the executive or board level, significant legal judgments or regulatory decisions, and cybersecurity incidents that affect operations or finances.
Once information crosses into material territory, public companies must disclose it to everyone at once, through a press release and, in most situations, a Form 8-K filing with the SEC.
What Triggers a Form 8-K Filing?
Here's one of the most common mistakes in corporate communications: assuming a press release alone satisfies SEC disclosure requirements. It doesn't.
Public companies must file Form 8-K with the SEC within four business days of a material event. The press release and the Form 8-K must tell a consistent story. If they contradict each other, that inconsistency itself becomes a compliance problem that draws SEC staff attention.
Events that require a Form 8-K include mergers and major asset sales, changes in senior leadership including the CEO, CFO, or board members, bankruptcy or restructuring, material write-offs or impairments, unregistered sales of equity securities, changes to the company's charter or bylaws, and changes in the fiscal year. This list isn't exhaustive. The SEC's rules define triggering events in detail, and legal counsel should review all of them. Once the 8-K is filed, the accompanying press release needs to reach the public through recognized press release submission sites that meet the SEC's public accessibility standards.
Cybersecurity Incident Disclosure Requirements
The SEC's 2023 final rule changed the game for cybersecurity disclosures. It created two mandatory reporting tracks that public companies must now follow.
Track one covers incident disclosure. When a public company determines that a cybersecurity incident is material, Form 8-K Item 1.05 must be filed within four business days. The clock starts when materiality is determined, not when the investigation is finished.
Track two covers annual disclosure. Companies must include annual disclosures about cybersecurity risk management, board governance, and strategy under Form 10-K Item 1.06.
One point that companies consistently get wrong: an ongoing forensic investigation does not pause the four-business-day clock. The SEC made this explicit in its guidance. The only narrow exception exists when the Department of Justice determines that disclosure would impede an active criminal investigation, and that determination must come from the DOJ itself, not from the company.
National security considerations occasionally apply when disclosure could compromise sensitive government investigations, but those exemptions are narrow, formal, and not available on demand.
Regulation FD and Fair Disclosure
Regulation FD, which stands for Fair Disclosure, is probably the most important rule that investor relations teams deal with day to day. It bans public companies from sharing material nonpublic information with select parties like institutional investors or favored analysts before that same information goes public.
In practice this means: if an executive mentions undisclosed earnings guidance in a private call with an analyst, that's a Regulation FD violation. Press releases are the primary tool for simultaneous public disclosure. If a selective disclosure happens accidentally, the company must immediately correct it with a public press release or a Form 8-K filing.
Regulation FD applies to senior officers, directors, investor relations staff, and anyone acting on behalf of the company. The SEC has brought enforcement action in cases where IR teams shared guidance hints in private calls before official announcements. Compliance with Reg FD ultimately comes down to the mechanics of how press release distribution works in the United States getting material information to the public simultaneously through the right channels is what makes the rule workable in practice.
Regulation S-T and Electronic Filing Requirements
Regulation S-T governs how documents are filed electronically with the SEC. For press releases attached to Form 8-K filings, it sets the formatting standards for submissions through EDGAR.
Regulation S-T mostly affects how filings look technically, but it matters. If Form 8-K attachments don't meet the electronic filing standards, submissions get rejected or flagged, which delays the mandated public disclosure and creates its own compliance problem.
The Sarbanes-Oxley Act and Executive Responsibility
The Sarbanes-Oxley Act adds a layer of personal accountability that most PR departments never think about. Under SOX, executives who certify financial reports, including information disclosed in press releases tied to financial results, are personally responsible for the accuracy of those disclosures.
Section 302 requires the CEO and CFO to certify that periodic reports don't contain materially false statements. Section 906 makes false certifications a criminal offense.
What this means practically: if a press release about earnings contains misleading statements and an executive certified the related financial disclosures as accurate, that executive faces personal liability. Company culture that says "keep it positive" isn't a legal defense.
The JOBS Act and Business Startups
The Jumpstart Our Business Startups Act modified certain disclosure requirements for emerging growth companies and business startups. Key changes include reduced financial statements requirements for companies going public for the first time, confidential submission of S-1 registration statements before an IPO, and reduced executive compensation disclosure requirements during the emerging growth company period.
Here's the catch though: the JOBS Act doesn't reduce press release compliance obligations. Even emerging growth companies must meet FTC substantiation standards. Once public, they must comply with Regulation FD, Form 8-K requirements, and the Exchange Act's anti-fraud provisions. A solid press release strategy for US SaaS startups from seed through Series B has to account for these obligations from day one, not as an afterthought once the lawyers get involved.
Business startups that confuse reduced registration requirements with reduced ongoing compliance obligations tend to run into serious problems post-IPO. Getting featured in Yahoo Finance and AP News is a goal for most funded startups, but the press releases that land those placements still have to meet every substantiation and disclosure standard covered in this guide.
General Legal Requirements for All Press Releases
These rules apply whether you're a startup, a mid-size company, or a major issuer. There's no size exemption here.
Forward-Looking Statements and Safe Harbor Language
Press releases regularly include projections: revenue forecasts, growth targets, strategic goals. These are classified as "forward-looking statements" under the Private Securities Litigation Reform Act of 1995, usually called the PSLRA.
The PSLRA created a safe harbor that limits litigation exposure when projections turn out to be wrong, but only if the press release does three specific things. It must clearly identify which statements are forward-looking, use qualifying language like "expects," "anticipates," "projects," or "believes," and include meaningful cautionary language that lists specific risk factors.
Standard safe harbor boilerplate looks like this: "This press release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Actual results may differ materially from those anticipated due to [specific risk factors]."
Two words in that last line carry significant weight: "specific risk factors." Generic language like "various risks and uncertainties" has been challenged in securities litigation repeatedly. Courts have held that vague cautionary language doesn't earn full safe harbor protection. The risk factors you list must be real and relevant to your actual business, not copy-pasted from a legal template. Safe harbor language sits inside the press release boilerplate at the close of the release, and how that closing section is structured matters more than most communications teams realize.
Avoiding False or Misleading Information
Under FTC Act Section 5 and SEC Rule 10b-5, false or misleading statements in press releases expose companies to civil and criminal liability.
SEC Rule 10b-5 prohibits any scheme to defraud, any untrue statement of a material fact, any omission of material fact that makes other statements misleading, and any act that operates as a fraud on investors.
Rule 10b-5 covers private companies too, not just public ones. A private company that uses a press release to attract investors can face SEC enforcement if the release contains materially false information.
One more point that surprises many people: fraud doesn't always require intent to deceive. Reckless disregard for the truth, meaning publishing a claim you had reason to doubt, can meet the legal standard for fraud under Rule 10b-5. Willful ignorance isn't a defense. The legal and ethical guidelines that govern PR practice go hand in hand with these rules, the legal floor and the ethical standard often sit in the same place.
Social Media and Digital Disclosure Rules
Digital press releases come with specific requirements. FTC guidance is clear: disclosures cannot live only at the bottom of a long page, they cannot be hidden behind "Learn More" links or collapsed sections, on mobile they must appear without extra taps or navigation, and video press releases must display disclosures long enough for viewers to actually read them.
The SEC addressed social media separately in 2013, confirming that official company social media channels can be used for material disclosures. But only if the company has previously told investors which specific channels it uses for that purpose. Posting material earnings information on LinkedIn without prior notice doesn't come close to satisfying Regulation FD. Compliant digital distribution also happens to be what Google rewards brands for a press release that reaches the right channels through legitimate distribution builds both regulatory credibility and organic visibility at the same time.
How to Verify Press Release Compliance Before Publishing?
Run through this process for every press release before it goes out.
Step 1: Claims audit. List every factual claim in the release. For each one, confirm you have a documented evidence file with materials that predate the draft itself.
Step 2: Disclosure check. Identify every disclosure trigger: endorsements, material connections, forward-looking statements, health data. Run each one against the 4Ps. Prominent, plain language, placed near the claim, and proximate to the triggering content.
Step 3: Form 8-K assessment (public companies). Ask directly: does this release describe material information? If yes, prepare the Form 8-K at the same time and confirm the filing deadline from the event date.
Step 4: Regulation FD review. Confirm that nothing in this release has been shared privately with institutional investors, analysts, or media contacts before this distribution goes out.
Step 5: Safe harbor review. If the release contains projections, confirm that forward-looking statement language is present with specific, genuine risk factors, not generic boilerplate recycled from a previous filing.
Step 6: Legal review. Route the final draft through legal counsel. For anything touching litigation, regulatory matters, health claims, financial results, or securities-relevant disclosures, this step isn't optional.
Step 7: Distribution channel check. Confirm that your wire service, website posting, and social media are consistent and meet SEC standards for simultaneous public disclosure. Not all wire services are equal in how they satisfy these standards, and choosing the wrong one creates a gap in your press release distribution that compliance reviews will eventually surface.
Consequences of Non-Compliance
Getting this wrong is expensive. Here's what actually happens.
FTC enforcement means civil penalties up to $51,744 per violation per day at the 2024 adjusted rate. The FTC can also require corrective advertising, issue cease-and-desist orders, and mandate ongoing monitoring of the company's communications practices.
SEC enforcement means civil monetary penalties, disgorgement of profits, officer and director bars, and in cases involving intentional fraud, criminal referral to the Department of Justice. SEC staff actively review press releases from public companies looking for inconsistencies between what was announced and what was filed.
Securities litigation is fast and aggressive. Plaintiffs' firms monitor press releases from public companies specifically searching for Rule 10b-5 violations. A materially false earnings release can generate a securities class action within days of publication.
Sarbanes-Oxley penalties hit executives directly. Certifying false financial disclosures carries up to $1 million in fines and 10 years in prison for violations, and up to $5 million and 20 years for willful violations under Section 906.
Reputational damage doesn't require any of the above. A press release found to contain false or misleading information destroys credibility with media, investors, customers, and regulators simultaneously. That kind of damage is hard to walk back.
Conclusion
US press release compliance isn't a single rule you follow once and forget. It's a layered system built from the FTC Act, the Securities Act, the Exchange Act, the Sarbanes-Oxley Act, the JOBS Act, Regulation FD, Regulation S-T, and the PSLRA. Each one adds requirements that apply to different company types and different kinds of disclosures.
The companies that end up in trouble usually aren't trying to deceive anyone. They just don't know which rules apply, or they assume that good PR instincts are enough to satisfy legal requirements. They aren't.
The framework is actually straightforward once you see the whole picture. Substantiate your claims. Disclose what needs to be disclosed the right way. File what the SEC requires. Treat every press release as a public legal statement, because under federal law that's exactly what it is.
Build the compliance review process into your workflow before any release goes out. Legal review isn't optional for anything touching financial results, endorsements, health claims, or material business events. Done right, compliance doesn't slow down your communications. It protects them. A compliant press release is still just the baseline, the 7 principles of good PR and knowing how to write a press release that actually goes viral are what separate releases that check boxes from ones that earn real coverage.
Frequently Asked Questions
What is the US press release compliance guide for FTC requirements?
The FTC requires press releases to meet three core standards: substantiate all claims before publication, clearly disclose material connections in testimonials and endorsements, and ensure all disclosures meet the 4Ps test: prominent, clearly presented, properly placed, and close to the claim they qualify.
What are federal securities laws and how do they apply to press releases?
Federal securities laws, primarily the Securities Act of 1933 and the Securities Exchange Act of 1934, govern how publicly traded companies disclose material information. Press releases are a primary vehicle for that disclosure. Materially false or misleading press releases violate SEC Rule 10b-5 and can result in civil and criminal penalties.
What does the Securities Act require for press releases from public companies?
The Securities Act requires that companies don't make materially false or misleading statements in any public communication, including press releases, that could influence investor decisions. Combined with the Exchange Act, it creates a full framework of disclosure requirements that public companies must follow.
What financial statements must accompany press releases about earnings?
Earnings press releases from public companies should include or reference audited or reviewed financial statements consistent with what will be filed in Form 10-Q or 10-K. The numbers in the press release must match what gets filed with the SEC. Inconsistencies between the two attract SEC staff review.
What is Regulation FD and why does it matter for institutional investors?
Regulation FD bans public companies from selectively disclosing material nonpublic information to institutional investors, analysts, or any other preferred parties before making that information public. Press releases are the primary mechanism for complying with Regulation FD by releasing material information to everyone simultaneously.
What is the Sarbanes-Oxley Act and how does it affect press release compliance?
The Sarbanes-Oxley Act holds executives personally responsible for the accuracy of financial disclosures. CEOs and CFOs who certify financial reports containing materially false information can face criminal charges. This applies to earnings press releases and any public communication tied to certified financial disclosures.
What are the 4Ps required by the FTC?
The 4Ps are Prominence, Presentation, Placement, and Proximity. Every required disclosure must be noticeable, written in plain language, located near the claim it qualifies, and not separated from that claim by unrelated content. All four must be satisfied at the same time.
What is material information under SEC rules?
Material information is any fact that a reasonable shareholder would consider important when deciding to buy, sell, or hold stock. The SEC and courts use the substantial likelihood test: if there's a substantial likelihood that a reasonable shareholder would want to know the information, it's material and must be disclosed publicly.
What is the final rule on cybersecurity disclosures for public companies?
The SEC's 2023 final rule requires public companies to file Form 8-K within four business days of determining that a cybersecurity incident is material. It also requires annual disclosures about cybersecurity risk management and board governance in Form 10-K. Ongoing investigations do not pause the four-business-day clock.
What is the JOBS Act and how does it affect press release compliance for business startups?
The JOBS Act reduced certain financial statements and registration disclosure requirements for emerging growth companies going public for the first time. However, it does not reduce press release compliance obligations. Once public, business startups under the JOBS Act must still comply with Regulation FD, Form 8-K requirements, and SEC anti-fraud rules.
What is Regulation S-T and how does it relate to press release filings?
Regulation S-T sets the formatting and submission standards for electronic filings with the SEC through EDGAR. For press releases filed as Form 8-K attachments, Regulation S-T determines how those documents must be formatted and submitted. Non-compliant submissions can be rejected, which delays the disclosure the rules require.
What are forward-looking statements and when is safe harbor language required?
Forward-looking statements are projections, forecasts, or future-oriented claims in a press release. Safe harbor language as defined under the PSLRA is required whenever a press release includes these statements. It must identify the statements as forward-looking and list specific, real risk factors. Generic cautionary language does not earn full safe harbor protection.
What is a policy statement and how does it affect disclosure requirements?
A policy statement from the SEC or FTC is general guidance that clarifies how existing rules apply to specific situations. Policy statements carry less legal weight than final rules, but they signal clearly how enforcement action will be pursued. Companies should review relevant policy statements alongside the underlying acts and final rules.
What enforcement actions can the SEC take for non-compliant press releases?
SEC enforcement action for non-compliant press releases can include civil monetary penalties, disgorgement of profits, officer and director bars, and referral to the Department of Justice for criminal prosecution. The SEC's enforcement division actively monitors press releases from public companies and has brought cases based on earnings releases, merger announcements, and cybersecurity disclosures.
This content reflects FTC and SEC guidelines as of early 2026. It is general guidance only and does not constitute legal advice. Consult qualified legal counsel for compliance review of specific press releases or disclosure decisions.
