CalPrivacy’s Data Broker Enforcement Strike Force: updates and enforcement actions
- The number of consumer deletion requests they have received, as well as their average response time;
- Whether the data broker collects certain types of sensitive information or the personal information of minors; and,
- A link on their website informing customers of their rights under the CCPA.
- Basic identifiers, including name, phone number, or email.
- Behavioral data, including social media or browsing history, likes and dislikes.
- Financial-related data, including payment history or spending habits.
- Health-related data, including your usage of health-related apps, wearables, trackers or websites.
- Location data, including where you go and how often you visit certain places.
- Relationships, including your family and friends and how often you interact with them.
- Inferences, including those about your lifestyle, hobbies, incomes, or even religious or philosophical beliefs, which can include history of the videos you watch, articles you read, or topics you search for.
California: New AI laws in California – roundup of the 2025 legislative session
California introduces comprehensive AI laws focusing on transparency, children’s safety, healthcare, antitrust, and law enforcement.
California has taken an aggressive stance towards artificial intelligence (AI) legislation and will likely set the standard for other US states. Back in 2024, Governor Newsom vetoed comprehensive AI safety legislation under bill SB 1047 and advised caution on regulations for this nascent and important technology. This year, Governor Newsom pressed ahead with a full slate of new AI laws. The reasons for this change in approach are many, including but not limited to the lack of federal AI legislation, the growing concern over children’s interactions with AI, especially sexualized content, and harmonization with more stringent requirements in the EU and elsewhere.
This year’s legislative session set records for the number and scope of new AI laws. For the roundup this year, Lily Li, of Metaverse Law Corporation, breaks down the new AI laws by scope and sector, noting where this may add on to existing California legislation and rulemaking from 2024-2025.
General AI safety, transparency, and risk assessments
- SB 53: Transparency in Frontier Artificial Intelligence Act (Wiener) – Starting in January 2026, California will require large frontier AI developers to publish a framework detailing how they incorporate safety, security, and testing standards into their AI models. SB 53 also creates a mechanism for AI developers and the public to report critical safety incidents, and protects internal whistleblowers who report risks posed by frontier AI models. The law establishes significant penalties for companies that fail to comply, with fines of up to $1 million per violation.
- AB 316: Artificial Intelligence defenses (Krell) – This amends California’s Civil Code. If a party to a lawsuit develops, modifies, or uses AI, this law prohibits them from asserting as a defense that the AI autonomously caused the harm.
- AB 853: California AI Transparency Act (Wicks) – This bill expands the existing AI Transparency Act and modifies the effective date from January 1, 2026, to August 2, 2026. The California AI Transparency Act requires covered generative AI developers to provide an AI-detection tool to assess whether image, video, or audio content is created or altered by generative AI. This bill adds to the existing law by requiring large online platforms to embed provenance data into generated content. Starting January 1, 2028, users will also have the option to include latent disclosures on ‘capture devices’ such as cameras, video recorders, and other recorders.
This new California approach to AI transparency and safety legislation needs to be read in conjunction with the following existing laws.
- California Privacy Protection Agency’s (CPPA’s) recently approved Cyber, Risk, ADMT, and Insurance Regulations – The CPPA’s most recently updated 127-page regulation package contains requirements governing cybersecurity audits, risk assessments, and automated decision-making technology. AI developers and systems that process personal information and meet certain California privacy thresholds will now face new cybersecurity audit and risk assessment requirements. In addition, automated and significant decisions concerning the provision or denial of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services will trigger significant notice, opt-out, and risk assessment requirements.
- AB 2013: AI Training Data Transparency Act (Irwin-2024) – Passed last year, this law will require covered generative AI developers to publish online a high-level summary of the datasets used in the development of the generative AI system or service, including but not limited to whether personal information or copyrighted information is included in the training data. The law is scheduled to go into effect on January 1, 2026.
Children’s safety, age verifications, and companion chatbots
- SB243: Companion Chatbots (Padilla) – This law applies to chatbots that provide human-like interactions and are capable of sustaining relationships across multiple interactions. Beginning July 1, 2027, developers of these ‘companion chatbots’ will need to develop and report protocols addressing suicidal ideation and self-harm to regulators and the public. The law requires AI disclosures, referrals to suicide hotlines or crisis text lines, and break reminders. SB 243 further requires developers to institute reasonable measures to prevent the chatbot from producing visual material of sexually explicit conduct or directly stating that the minor should engage in sexually explicit conduct. The legislation includes a private right of action to individuals who suffer ‘an injury in fact’ with statutory damages of $1,000 per violation, or actual damages if greater.
- AB 1043 – Digital Age Assurance Act (Wicks) – Starting January 1, 2027, operating systems and covered application stores will be required to obtain age data from users and pass on age bracket data to developers when users download and launch an application.
- AB 56: Social Media Warning Law (Bauer-Kahan) – Starting January 1, 2027, covered social media platforms will need to display a warning label to minors the first time a user accesses the platform each day, after three hours of active use, as well as once per hour of cumulative active use after that. The warning label must say ‘The Surgeon General has warned that while social media may have benefits for some young users, social media is associated with significant mental health harms and has not been proven safe for young users.’
- AB 621: Deepfake pornography (Bauer-Kahan) – This amends California’s Civil Code and expands protections against deepfake pornography. The law explicitly provides a cause of action against individuals who create or disclose deepfake pornography if they know, or reasonably should know, that the depicted individual was a minor and also provides a cause of action against individuals who knowingly facilitate or recklessly aid or abet the creation or disclosure of such nonconsensual deepfake pornography. The bill confirms that a minor cannot consent to the creation or distribution of deepfake pornography.
California’s approach to AI and children has a long and complicated history, and these new laws should be read in conjunction with the following laws on the books.
- California Age Appropriate Design Code (Wicks) – This law was signed on September 15, 2022, and was scheduled to go into effect on July 1, 2024. Modeled after the UK Age Appropriate Design Code, this law requires businesses to conduct impact assessments, provide Privacy by Default, estimate the age of all users, and restrict dark patterns. The law was enjoined in March 2025, but is being appealed by the California Attorney General.
- Protecting Our Kids from Social Media Addiction Act (Skinner-2024) – This law is scheduled to go into effect on January 1, 2027, and prohibits covered social media platforms from providing addictive feeds to minors without verifiable parental consent. The law has so far escaped a constitutional challenge, but may face other court challenges prior to the effective date.
Healthcare AI and chatbots
- AB 489: Health care professions: deceptive terms or letters: artificial intelligence (Bonta) – This law prohibits AI systems from falsely indicating or implying possession of a medical license or certificate through advertising, marketing, or other functionality. AB 489 also makes AI developers directly subject to the healthcare professional licensing board or enforcement agency if they develop such a system. Each use of a prohibited term, letter, or phrase shall constitute a separate violation.
California’s approach to AI in healthcare also needs to be read in conjunction with the following laws and guidance.
- Legal Advisory on the Application of Existing California Law to Artificial Intelligence in Healthcare – In January 2025, California Attorney General Rob Bonta issued this advisory, setting forth California’s existing consumer protection, civil rights, competition, and data privacy laws governing healthcare AI.
- SB 1120: Physicians Make Decisions Act (Becker-2024) – This law prohibits covered healthcare service plans from denying, delaying, or changing healthcare services based, in whole or in part, on medical necessity using AI, algorithms, or other software tools. Such determinations shall require a physician or licensed healthcare professional and review of individual circumstances. This law also requires written policies and procedures governing such determinations.
- AB 3030: Artificial Intelligence in Health Care Services (Calderon – 2024) – This law applies to health facilities, clinics, physicians’ offices, or other health group practices that use generative AI for communications about patient clinical information. Under this bill, generative AI, which pertains to clinical information, must include:
- a disclaimer that indicates the communication was generated by AI at the beginning of the interaction; and
- clear instructions on how the patient can contact the appropriate person.
Antitrust and pricing discrimination
- AB 325: Cartwright Act violations (Aguiar-Curry) – This amends California’s existing antitrust law, the Cartwright Act, to explicitly cover ‘common pricing algorithms.’ The law prohibits:
- the use or distribution of a ‘common pricing algorithm’ as part of a contract, combination in the form of a trust, or conspiracy to restrain trade or commerce; or
- coercion to set or adopt a recommended price or term, recommended by the common pricing algorithm for the same or similar products or services.
Complaints shall not be required to allege facts tending to exclude the possibility of independent action.
Law enforcement use of AI
- SB 524 Law Enforcement Agencies (Arreguín) – SB 524 requires law enforcement to disclose if an official report was written either fully or in part using AI, as well as retain the first draft created by AI and an associated audit trail that, at minimum, identifies both the officer who used AI to create a report and the video and audio footage used to create a report, if any. SB 524 also prohibits AI vendors from sharing, selling, or otherwise using information, except as provided in the bill (e.g., troubleshooting, bias mitigation, quality control, legal purposes, etc.).
Employment and bias
While Governor Newsom vetoed SB 7, the No Robo Bosses Act, the Governor’s veto letter pointed to the CPPA’s ADMT regulations as addressing some of the bill’s requirements. Per Governor Newsom, SB 7 is ‘partially covered’ by these regulations, as they ‘allow employees and independent contractors to better understand how their personal data is used by automated decision technology.’ In addition, the California Civil Rights Council’s recently promulgated regulations state that California’s antidiscrimination laws apply to AI workplace tools. These regulations address another concern raised in SB 7, which sought to prohibit ADS systems from inferring a worker’s protected status.
Overview: The EU General-Purpose AI Code of Practice
Why Do We Need a Code of Practice?
On August 2, 2025, the general-purpose AI (GPAI) provisions of the EU AI Act went into effect. GPAI models (including models that support most generative AI, like ChatGPT), now face certain obligations in the EU, including requirements around transparency, copyright and systemic risk. However, the EU AI Act is a framework: it defines obligations but leaves technical details to harmonized standards and codes of practice. While this approach sets certain expectations and allows the EU AI Act to remain technology-neutral, it also leaves questions about how businesses substantially comply with the EU AI Act. To bridge this gap, a multi-stakeholder group drafted the General-Purpose AI Code of Practice (GPAI Code). On August 1, 2025, the European Commission issued a formal opinion confirming the GPAI Code is an “adequate tool” to help demonstrate compliance with the EU AI Act. Why is the Code significant? This opinion signals that organizations who adopt the GPAI Code may be able to demonstrate good-faith efforts to comply with the relevant provisions of the EU AI Act – according to the Commission’s website: “The Code of Practice helps industry comply with the AI Act legal obligations…of general-purpose AI models.” In its opinion, the Commission notes that the Code provides actionable commitments and reporting mechanisms, especially for high-risk models. Additionally, the Commission emphasized that the Code provides a practical framework to demonstrate regulatory compliance. Following this endorsement, providers of GPAI models can voluntarily sign the Code, which “will reduce their administrative burden and give them more legal certainty than if they proved compliance through other methods.” Still, signatories should be aware that the Code explicitly states that adherence to the Code does not necessarily constitute evidence of compliance with the EU AI Act.What is a General-Purpose AI Model?
A GPAI model is a component of an AI system with a wide range of possible uses, whether intentional or unintentional. It is important to note that these models are not systems in themselves but are part of AI systems. Additional elements, like user interfaces, are necessary to make these models fully operational systems. Under Article 3(63) of the EU AI Act, a GPAI model includes those trained on a “large amount of data using self-supervision at scale.” They can be applied across sectors or tasks, usually without substantial modification, meaning GPAI models “can be integrated into a variety of downstream systems or applications.” Recital 98 of the EU AI Act states that the generality of the model can also be determined by the number of parameters, and “models with at least a billion parameters…should be considered to display significant generality and to competently perform a wide range of distinctive tasks.” GPAI models are sometimes called “foundation” or “frontier” models, and while they may include large language models (LLMs), they can also process audio, physical, textual or visual data, powering systems like DALL-E, GPT-4, Gemini, LaMDA, SEER, ALIGN, and more.How are general-purpose AI models regulated?
Under the EU AI Act, the chapter on GPAI both addresses generative AI and outlines some of the most stringent requirements under the Act. However, all requirements for GPAI under the EU AI Act are directed to providers as opposed to deployers. Providers of GPAI models have a range of obligations under the EU AI act, both directly to supervising authorities and onward to AI providers who integrate the GPAI models into their systems. Obligations of Providers of GPAI Models If a provider places a GPAI model on the EU market, or integrates such a model into its own AI system on the EU market, it must:- Prepare and maintain technical documentation for regulators. This should include at least a general description of the GPAI model, including the tasks it’s designed to perform and the types of systems in which it can be integrated; acceptable use policies; and information on training process.
- Prepare and maintain documentation for downstream providers. This should include information that allows the downstream AI system providers to comply with their own obligations under Article 53(1)(b). Similar to the technical documentation, this includes but is not limited to a general description of the model, and a description of its elements and development process.
- Prepare an EU copyright policy. This policy should establish a means to comply with EU regulations on copyright and related rights.
- Prepare and publish a summary of training content. Using the template provided by the AI Office, providers of GPAI must share a comprehensive summary of AI training information. This should allow stakeholders to exercise their rights by informing them of the information used to train the GPAI model.
- Cooperate with relevant authorities and appoint an authorized representative. Providers must also cooperate with relevant authorities, and if they are established outside the EU, appoint an authorized representative located in the EU.
- It has high impact capabilities, or
- It is designated by the Commission to have high impact capabilities based on the criteria in Annex XIII (i.e., the number of parameters in the model, the size of the data set, the amount of computation used to train the model, etc.).
- Model evaluation, assessment, and mitigation of systemic risks;
- Incident management and reporting; and
- Cybersecurity protections and technical documentation.
What is the General-Purpose AI Code of Practice?
While not legally binding, providers of GPAI models can use the Code of Practice to demonstrate compliance with their obligations under the EU AI Act. The Code consists of three chapters on 1) transparency, 2) copyright, and 3) safety and security. The first two chapters apply to all providers of general-purpose AI models, providing a way to demonstrate compliance with obligations under Article 53 of the AI Act. The final chapter applies only to general-purpose AI models with systemic risk under Article 55 of the AI Act. Chapter 1: Transparency Among other things, this chapter requires signatories to create and maintain documentation for all GPAI models distributed within the EU for up to ten years. There are exceptions for models that are free, open-source, and do not pose systemic risk. When completing this documentation, signatories must use a standard Model Documentation Form, which includes information on licensing, technical specifications, training data, and other parameters of the GPAI model. The Code encourages publication of this information to promote transparency. Chapter 2: Copyright This chapter requires signatories to create and maintain a copyright policy that complies with the EU’s legal standards. This includes, but is not limited to, ensuring that data collected by web crawling is lawfully accessible, and certain websites flagged for copyright infringement are avoided. Importantly, signatories must designate a contact for copyright holders to submit complaints, along with a process for handling those complaints. Chapter 3: Safety & Security (GPAI with systemic risk only) One of the main elements of this chapter is the requirement for signatories to develop a state-of-the-art Safety and Security Framework before releasing any GPAI model categorized as posing a systemic risk. Additionally, systemic risks should be identified and inventoried, and before progressing with development or deployment, the signatories should weigh the relative risks and determine if they are acceptable, among other requirements.What’s next?
The Code will be monitored and reviewed at regular intervals by the AI Office, and may be updated in response to emerging risks, technological developments, or incidents involving general-purpose AI models.CCPA Draft Regulations Sent for Final Approval
- References to “Artificial Intelligence” have been removed, significantly tightening the scope of ADMT systems.
- First-party advertising removed from ADMT definition, narrowing the requirements needed for this type of processing.
- Risk assessments are streamlined, and the scope of the types of data processing activities that trigger risk assessments has been narrowed.
- Cybersecurity audits are clarified, and the CPPA included a “cybersecurity audit report” which should be produced during the audit process.
ADMT: Narrower Definition, Clearer Application
The Draft Regulations significantly narrow the scope of ADMT systems. Previously, ADMT systems included any technology that “substantially facilitated” human decisionmaking. Now, the Draft Regulations limits ADMT to systems which “substantially replace” human decisions. In practical terms, this may mean that only technologies which operate without human review or override fall under the ADMT rules. Importantly, the CPPA also removed first-party behavioral advertising from the definition of ADMT. Previously, businesses raised strong concerns that including this category within the ADMT definition would impose unnecessary burdens on common advertising practices. Businesses also voiced that including first-party behavioral advertising in the definition of ADMT went beyond Proposition 24, which provides the basis for amending the CCPA.Risk Assessments: Who, What, and When?
While risk assessments remain a key part of the Draft Regulations, the CPPA has refined when they apply and what they must include. Who Needs to Conduct a Risk Assessment? Under the Draft Regulations, covered businesses that fall under the California Consumer Privacy Act (CCPA) “whose processing…presents significant risk to consumers’ privacy” must conduct a risk assessment. However, the newest version of the Regulations narrows what processing activities present “significant risk.” These activities include but are not limited to:- Selling or sharing personal information, which may require specific contractual obligations per the CCPA and current CCPA Regulations.
- Processing sensitive personal information, as defined in the CCPA, including financial information, precise geolocation, health information and children’s personal information.
- Using automated decisionmaking technology for a “significant decision” concerning a consumer, including those that impact availability of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services.
- Using automated processing to profile a consumer through systematic observation when the individual is acting as an educational program application, job applicant, student, employee, or independent contractor for the covered business.
- Using automated processing to profile a consumer based on their presence in a sensitive location, including healthcare facilities, domestic violence shelters, food pantries, housing/emergency shelters, educational institutions, political party offices, legal services offices, union offices, and places of worship.
- Using personal information to train AI that could be used to make significant decisions concerning consumers, train facial- or emotional-recognition or other technology to verify a consumer’s identify or conducts physical or biological identification or profiling of a consumer.
- The purpose of processing, the types of data involved, and any sensitive categories of personal information.
- How the business plans to use the data, or otherwise collect, disclose or process the information, along with the retention period for the information.
- How the business interacts with consumers, and whose data they process, along with the number of consumers whose information will be processed.
- The disclosures made to consumers, and any other disclosures that the covered business plans to make, along with the names of service provides, contractors, or third parties to whom the information will be disclosed and the purpose for that disclosure.
- The benefits, negative impacts, and safeguards of the planned processing.
- Whether or not the business will initiate the processing subject to the risk assessment.
- The individuals who provided information, as well as who the document was reviewed and approved by.
- The logic of the ADMT, including any assumptions or limitations of the logic; and
- The output of the ADMT and how the covered business will use that output to make a significant decision.
- The business’s contact information, the information of the person submitting the assessment, and the date of certification.
- The time period covered by the submission, and the number of risk assessments conducted or updated during that time.
- Whether the risk assessments involved the processing of each of the categories of personal information identified in the CCPA.
- A specific attestation, which certifies the business conducted a risk assessment for the processing activities involving significant decisions, subject to the penalty or perjury.
Cybersecurity Audits: Who, What, and When?
Among the added definitions is the “cybersecurity audit report” – the document that covered businesses must create as part of the cybersecurity audit. Similar to changes regarding risk assessments, this inclusion was part of the streamlining and clarification efforts of the CPPA. The scope and requirements of the cybersecurity audit – and the resulting audit report – have also been modified. Who Needs to Complete a Cybersecurity Audit? According to the Draft Regulations, every covered business whose processing of information presents a “significant risk” to consumers’ security must complete a security audit. While this language is similar to the requirements of the risk assessment, “significant risk” is defined slightly differently in the context of a cybersecurity audit. According to the Draft Regulations, a “significant risk” that warrants a cybersecurity audit includes but is not limited to covered businesses which:- Derive 50% of more of its annual revenue from selling or sharing consumer’s personal information; or
- Had a gross annual revenue of $25M in the preceding calendar year (adjusted for inflation), and
- Processed the information of 250,000 or more consumers or households in the last year; or
- Processed the sensitive information of 50,000 or more consumers in the last year.
- Authentication and encryption;
- Access control and account management;
- Software and hardware inventories;
- Patch and configuration management;
- Network security, antivirus, and antimalware;
- Incident response and business continuity;
- Vendor oversight;
- Data retention and disposal; and
- Employee and contractor training.
- What was assessed and why. The report should describe the processes, activities, and components of the business’s cybersecurity program, the criteria used for the audit, along with the specific evidence examined to make decisions and assessments.
- Evidence reviewed. The report must also include why these elements were appropriate for the audit, and how the evidence examined supports the findings.
- Gaps or weaknesses found. The report should describe, in detail, the status of any gaps or weaknesses and any additional components that the auditor deemed to increase the risk of unauthorized activity. The report should also document the business’s plan to address these gaps and/or weaknesses.
- Auditor information and certification. The report should also include the auditor’s information, as well as a statement by the highest-ranking auditor that certifies that they completed an independent review of the business’s cybersecurity program and information system, exercised objective and impartial judgement on all issues within the scope of the audit and did not rely primarily on assertations or attestations by business management to create the audit.
- April 1, 2028, for covered businesses with over $100 million in gross annual revenue;
- April 1, 2029, for covered businesses with $50 million to $100 million in gross annual revenue; and
- April 1, 2030, for covered businesses with under $50 million in revenue.
What Comes Next?
On July 24, 2025, the CPPA sent the rulemaking package to the Office of Administrative Law, which has 30 days to approve the regulations. The CPPA’s Draft Regulations signal a more measured approach to emerging technologies, such as AI. Still, these Draft Regulations carry out the CPPA’s mandate to issue regulations, reinforcing the agency’s commitment to privacy and security. For executives, the potential adoption of the Draft Regulations could be a strategic inflection point: Whether they are responsible for legal, compliance, data governance or information security, these Draft Regulations should prompt a reassessment of data practices, internal documentation and audit readiness. The publication of these Draft Regulations is also an opportunity to engage more deeply with operational teams. These rules will require clear cross-functional coordination, and organizations that begin building these bridges sooner will be better positioned to meet regulatory expectations and reinforce consumer trust in coming years. Compliance Deadlines: Compliance with these Draft Regulations will be required once they are approved by the Office of Administrative Law. The deadlines include:- ADMT Regulations: January 1, 2027
- Privacy Risk Assessments: December 31, 2027
- Cybersecurity Audits:
- For businesses with $100+ million in annual gross revenue: April 1, 2028.
- For businesses between $50 million and $100 million in annual gross revenue: April 1, 2029.
- For businesses with less than $50 million in annual gross revenue: April 1, 2030.




