What California’s AI regulations mean for your company
Among U.S. states, the Golden State continues to be a regulatory frontrunner, with California AI regulation setting precedents that influence national policy and corporate governance practices.
California's approach to AI regulation encompasses employment discrimination protections, transparency requirements, consumer privacy safeguards, and safety measures that collectively represent the most sophisticated AI regulatory environment in the United States.
These regulations create compliance obligations and strategic considerations for companies across different growth stages.
The evolution of California’s AI laws
California's AI regulatory framework has undergone significant transformation since the high-profile veto of SB 1047. It has evolved from broad legislation toward sector-specific regulations.
This shift reflects a more sophisticated understanding of AI's impact across industries.
California's SB 1047 and the path forward
While California Governor Gavin Newsom vetoed the landmark Safe and Secure Innovation for Frontier Artificial Intelligence Models Act (SB 1047) in late 2024, the legislative momentum around AI regulation has only accelerated in 2025. The governor's decision, while disappointing to AI safety advocates, reflected concerns that the proposed bill could stifle innovation and hinder the competitiveness of California's burgeoning AI industry.
"While well-intentioned, the bill does not take into account whether an AI system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data," Newsom stated in his veto message.
However, the regulatory void left by SB 1047's veto has been filled by a comprehensive suite of targeted legislation that addresses specific AI applications and industry sectors. This more nuanced approach reflects lessons learned from early AI governance implementations and recognizes that different organizational contexts require tailored regulatory frameworks.
What does the current California AI regulation impact?
The current California AI regulation encompasses compliance frameworks that vary significantly based on company size, industry sector, and AI application context.
1. Assembly Bill 2013 (AB 2013), known as the Generative Artificial Intelligence Training Data Transparency Act, was signed into law in September 2024, with documentation and disclosure requirements taking effect January 1, 2026. It mandates developers of generative AI systems to disclose detailed information about the datasets used to train their models. This legislation applies retroactively to systems released or substantially modified on or after January 1, 2022, creating immediate compliance obligations for most contemporary AI systems.
2. The California Privacy Protection Agency (CPPA) finalized comprehensive regulations in mid‑2025, with ADMT rules taking effect January 1, 2027, and related risk assessment and cybersecurity audit requirements phased in between 2027 and 2030. These regulations require businesses to provide pre-use notices, implement meaningful human oversight, and maintain detailed audit trails of automated decision-making processes.
3. Employment AI regulations under the Fair Employment and Housing Act (FEHA) are taking effect on October 1, 2025, establishing frameworks for AI-based tools used in hiring, performance evaluation, and workplace decision-making. These regulations impact third-party AI vendors and require employers to demonstrate proactive bias testing and risk mitigation efforts.
How do California’s AI laws impact companies across growth stages?
California's AI regulations create different compliance obligations depending on organizational size, resources, and growth trajectory. Understanding these variations will help you develop compliance and governance strategies that align with both current capabilities and future growth objectives.
1. SMB and private company considerations
Small and medium-sized businesses might find it challenging to navigate California’s AI regulations due to resource constraints and limited technical expertise. However, these regulations also create opportunities for SMBs to demonstrate sophisticated governance practices that can enhance stakeholder confidence and competitive positioning.
The transparency requirements under AB 2013 create documentation and disclosure obligations that can overwhelm smaller organizations lacking dedicated compliance resources. SMBs developing or substantially modifying generative AI systems must now maintain comprehensive records of training data sources, implement watermarking capabilities, and provide detection tools to users, all requiring additional development resources and ongoing maintenance.
For growth-stage companies preparing for funding rounds or strategic transactions, California AI regulation compliance demonstrates governance maturity that can make investors more confident. Organizations that proactively implement AI governance frameworks position themselves favorably for due diligence processes and build scalable compliance infrastructure.
For example, platforms like Diligent's Smart Risk Scanner can help growth-stage companies automatically identify compliance gaps and regulatory risks within their documentation, ensuring they meet California's transparency and disclosure requirements while preparing for investor scrutiny.
2. Mid-market and pre-IPO company requirements
Mid-market and pre-IPO companies face governance complexity as they scale operations and prepare for public market transition. California’s AI regulations create additional layers of compliance requirements that must be integrated with existing governance and IPO readiness initiatives.
Employment AI regulations create particular challenges for growing companies implementing AI-powered HR systems for the first time. Organizations must comply with FEHA requirements while building scalable human resources infrastructure, requiring careful coordination between legal, HR, and technology teams to implement appropriate governance controls.
Pre-IPO companies using AI for customer-facing applications must comply with the California Consumer Privacy Act (CCPA), including the new ADMT requirements. The regulatory framework's emphasis on meaningful human involvement in automated decision-making may require restructuring operational processes that were previously fully automated, creating implementation challenges during critical growth phases.
3. Enterprise and public company compliance
Large enterprises and public companies face the most comprehensive compliance obligations under California's AI regulatory framework, but they also possess the resources and infrastructure necessary to implement sophisticated governance solutions
The transparency requirements create fundamental changes in how technology giants approach AI development and commercialization. Companies like OpenAI, Google, Anthropic, and Meta must now provide detailed disclosures about their training data, implement watermarking and detection capabilities, and report safety incidents to regulatory authorities, potentially affecting competitive dynamics by reducing the proprietary nature of AI development methodologies.
Public companies must conduct comprehensive risk assessments, implement opt-out mechanisms for automated decision-making, and ensure meaningful human involvement in significant decisions affecting consumers. The cybersecurity audit requirements add additional compliance layers that require ongoing investment in security infrastructure and documentation practices.
Other AI regulations in California
While SB 1047 will not come to pass, there are a host of other AI regulations in California that emphasize transparency, fairness and safety, requiring businesses to disclose their use of AI, conduct impact assessments and meet stringent privacy and nondiscrimination standards.
California’s AI regulations to increase accountability
Among the goals of the proposed AI regulations is to ensure that businesses disclose the use of AI to consumers and take action to limit discrimination by AI tools.
Several bills were under legislative consideration, including:
1. AB 2930 (Algorithmic Discrimination): This bill aimed to prohibit algorithms that disadvantage people based on gender, race, or sexual orientation, requiring impact assessments and notification of consequential decisions.
Status: Inactive in the Senate as of August 2025. The bill was pulled before reaching the Governor's desk after amendments narrowed its scope to employment decisions.
2. AB 3204 (AI Registration Requirements): Requires businesses using personal information to train AI to register with the CPPA.
Status: Legislative progress unclear. While amendments indicate provisions operative from February 2025, there’s no confirmation of final passage as of August 2025.
3. SB 892 (State Agency AI Standards): Proposed AI risk management standards for state agency procurement, including NIST framework alignment and incident reporting.
Status: Vetoed by Governor Newsom in September 2024 due to concerns about IT modernization disruption and costs.
4. SB 896 (California AI Accountability Act): Requires state agencies using generative AI to disclose its use publicly and perform risk documentation. Private businesses contracting with these agencies must also comply.
Status: Signed into law September 29, 2024, effective January 1, 2025.
California’s AI regulations for specific industries
California's AI regulations now include several industry-specific requirements that have become law:
- The Physicians Make Decisions Act (SB 1120): Signed into law September 30, 2024, effective January 1, 2025. Requires health insurers and healthcare service plans to ensure that licensed physicians supervise AI decision-making tools when approving, modifying, or denying provider requests, maintaining human oversight in medical decisions.
- AB 2602 (AI-Generated Likeness Consent): Signed into law September 17, 2024, effective January 1, 2025. Enhances workers' control over AI-generated digital images and voices. Contracts involving AI-generated likenesses require informed consent and legal or union representation, strengthening performers' rights against unauthorized use.
- Education sector regulations include multiple new requirements: AB 801 (signed into law in late 2024) requires online services to delete student information upon request; AB 1824 (effective January 1, 2025) requires disclosure of AI-generated content in educational settings; and SB 970 (effective January 1, 2025) mandates warnings about generative AI technology risks for students.
Building compliance readiness for California AI regulations
California's AI regulatory framework creates the most sophisticated compliance environment in the U.S. The impact varies across company growth stages, which requires tailored approaches for startups, growth companies, and established enterprises.
Organizations operating in California markets need practical compliance strategies that address specific regulatory requirements while supporting business growth objectives. AI governance platforms provide practical pathways to address these compliance challenges while building scalable capabilities that support future regulatory evolution.
Download our 2025 global compliance outlook to discover how California's AI regulations connect to global regulatory trends and gain expert insights on preparing for AI governance requirements, cybersecurity regulations, and compliance complexities across multiple jurisdictions.
