New California AI Laws Are Here: Is Your Business Ready?

Enforcement mechanisms will include state agency oversight and, in some cases, a private right of action. This article offers an overview of the enacted legislation, outlines key compliance timelines, and provides practical guidance to help businesses navigate California’s rapidly evolving AI regulatory landscape.

This article does not address California AB 1043 (Digital Age Assurance Act), effective January 1, 2027, which establishes age-verification and “digital age signal” requirements for operating system providers, app developers and covered app stores, or California SB 446, effective January 1, 2026, which shortens the state’s data breach notification timeline to 30 days and imposes additional Attorney General reporting obligations. For more information, including how enforcers focus on compliance with notification requirements, please see our client alert and Law360 article.

Federal Landscape 
In 2025, the Trump administration issued a series of executive orders establishing a phased federal approach to artificial intelligence. The executive order (EO) titled “Removing Barriers to American Leadership in Artificial Intelligence,” issued on January 23, 2025, focused on removing regulatory and administrative barriers to promote American leadership in AI, while the three AI Action Plan orders issued on July 23, 2025, emphasized coordinated federal implementation, responsible AI governance and expanded agency adoption. The “Genesis Mission” EO, issued on November 24, 2025, further directed agencies to accelerate the deployment of AI in support of mission-critical functions, setting the groundwork for the Administration’s more comprehensive AI action announced in early December.

On December 11, 2025, President Trump issued an EO titled, “Ensuring a National Policy Framework for Artificial Intelligence.” The Order establishes a national policy to “sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” The Order directs federal agencies to identify state and local AI laws that obstruct innovation or conflict with federal law or policy, and to take appropriate action to challenge or limit such requirements, including through litigation. It specifically references state measures addressing issues such as algorithmic discrimination as potential sources of inconsistency, signaling an increased federal willingness to preempt or contest state AI regulatory regimes, including those adopted by California. (For more information, see our client alert, which discusses the EO’s federal strategy to limit, challenge and potentially preempt state AI laws.)

The Administration’s emphasis on limiting state-level AI regulation is already being tested in litigation challenging state efforts to regulate AI-generated content. X sued the California Attorney General, challenging California Assembly Bill 2655 (the Defending Democracy from Deepfake Deception Act), which requires large online platforms to remove or label materially deceptive AI-generated election content, label certain deepfake content as inauthentic, and implement reporting mechanisms for California residents. X argues that these requirements violate the First Amendment and improperly burden platform operations. In 2025, a federal court struck down significant portions of the law as preempted by federal law, underscoring the growing tension between state efforts to regulate AI-generated content and platform challenges based on free speech, platform liability and limits on state enforcement authority.

Despite these potential setbacks, California has continued to pursue a comprehensive legislative approach to AI regulation. Although several high-profile California bills were vetoed, more than a dozen major laws were signed. The most significant signed laws include AB 853 (California AI Transparency Act) and SB 53 (Transparency in Frontier Artificial Intelligence Act), which impose detailed labeling, provenance, disclosure and risk governance requirements on AI developers and platforms beginning January 1, 2026. Also of significance: AB 325 (amending Cartwright Act) establishes two new criminal and civil antitrust offenses on algorithm pricing, and SB 763 (amending Cartwright Act) increases criminal and civil penalties for Cartwright Act violations. 

This alert provides an overview of the new legislation and highlights notable vetoes. A summary chart detailing each law’s description, effective date and recommended compliance steps is available here.

Together, these laws represent a major expansion of California’s regulation of artificial intelligence. Businesses developing or deploying AI systems should begin sector-specific compliance assessments, update their AI transparency and labeling protocols, strengthen internal governance, and prepare for increased enforcement by the California Privacy Protection Agency (now known as CalPrivacy), by the Attorney General and other regulators from 2025 through 2028.

Vetoed AI Legislation
Governor Newsom vetoed several major AI-related bills that would have expanded California’s regulation of AI across diverse sectors. A summary of the vetoed bills is provided below.

SB 11 sought to clarify digital impersonation as a form of false impersonation and extend right-of-publicity protections to cover digital likenesses. It also would have required consumer warnings for AI tools that create digital replicas and directed the Judicial Council to adopt rules governing AI-generated evidence. SB 771 proposed to make social media platforms civilly liable for algorithmic activity that violates personal rights laws.

In the health care sector, AB 512 would have established requirements for health plans and insurers that use AI, algorithms or other software tools in utilization review and utilization management. AB 682 would have required health plans and insurers to annually report on the number of claim denials involving AI systems. AB 1064, the Leading Ethical AI Development for Kids Act, aimed to restrict the use of companion chatbots with minors unless the systems were designed to prevent foreseeable harm and complied with child-safety standards.

Employment-focused measures included SB 7, the No Robo Bosses Act, which would have required employers to notify workers when AI or automated systems are used in employment decisions.

Together, these vetoed bills illustrate the state’s growing interest in regulating AI while also illustrating the governor’s preference for a more phased-in approach before further expanding California’s AI regulatory framework.

Notably AB 1018, which would have established transparency, disclosure and accountability standards for automated decision systems used in consequential decisions, was ordered inactive but has not been formally vetoed.

Legislation Enacted into Law
Of the new California AI laws taking effect between 2025 and 2028, two establish broad, cross-industry AI governance frameworks, while more than a dozen are industry-specific, and several expand data privacy and consumer protection requirements.

The comprehensive AI laws, AB 853 (California AI Transparency Act) and SB 53 (Transparency in Frontier Artificial Intelligence Act), create statewide standards for transparency, labeling, provenance tracking and risk governance for generative and frontier AI systems. They also require major AI developers to adopt internal oversight frameworks and whistleblower protections.

Industry-specific rules span areas such as employment, health care, education, social media and public safety. These include requirements governing AI hiring tools to prevent employment discrimination under the updated Fair Employment and Housing Act (Code Regs., tit. 2), disclosures and warning obligations for social media and chatbot platforms (SB 243), and restrictions on AI use in health care advertising and decision-making (AB 489).

Additional data privacy and consumer protection measures expand disclosure and compliance obligations for data brokers (SB 361) and prohibit the collection, use or sale of personal geolocation data of individuals seeking reproductive health care services (AB 45).

Collectively, these laws create a regulatory landscape that governs how AI is developed, deployed and monitored across industries.

COMPREHENSIVE

California AB 853 - California AI Transparency Act
AB 853 delays the effective date of the California AI Transparency Act (SB 942), which was originally scheduled to take effect on January 1, 2026, and phases in additional compliance obligations through January 1, 2028. The law adds requirements for large online platforms (distinct from the covered provider obligations in SB 942) to retain any available provenance data in content provided to, or posted on, such platforms, in addition to detecting and labeling provenance data, providing authenticity warnings, and maintaining compliant metadata. By January 1, 2027, AI hosting platforms may not offer noncompliant systems. By January 1, 2028, capture devices must embed latent provenance by default. Violations are subject to civil penalties of $5,000 per violation per day, plus attorney’s fees and costs.

California SB 53 - Transparency in Frontier Artificial Intelligence Act
Effective January 1, 2026, California’s SB 53 imposes governance, disclosure and whistleblower protection requirements on large frontier AI developers. The law requires developers to create and publish a Frontier AI Framework, conduct catastrophic risk assessments, and submit periodic summaries to the Office of Emergency Services. It also mandates an internal whistleblower process with anti-retaliation safeguards and imposes strict reporting deadlines for critical safety incidents—15 days after discovery, or 24 hours if there is imminent risk of death or serious injury. Violations carry civil penalties of up to $1 million per violation and are enforced by the California Attorney General.

SOCIAL MEDIA

California AB 56 - Social Media Warning Law - Addictive Feeds by Social Media Platforms
AB 56 requires social media platforms to implement the same deterrents as on cigarette packs—bold, unavoidable Surgeon General-style addiction warnings—for users under 18. Starting in 2027, platforms must flash large on-screen notices each day a user first accesses the platform, again after three hours of cumulative active use, and then once per additional hour of active use. These requirements apply to all users unless the platform has reasonably determined they are over 17 years old. The law applies to “covered platforms,” defined as online services, including social media platforms, that provide users with a personalized feed as a significant part of the service.

The warning regime in AB 56 aligns closely with California’s broader legislative push to curb youth social media addiction, including SB 976 (Protecting Our Kids from Social Media Addiction Act), enacted during the 2023–2024 legislative session. SB 976 targets similar harms by restricting certain design features, including personalized feeds, and imposing default settings for minors, reflecting a coordinated policy approach aimed at mitigating the mental health impacts of social media on children and adolescents. However, SB 976 is currently partly enjoined and subject to ongoing constitutional challenges brought by industry groups.

California AB 656 - Social Media Account Deletion and Cancellation Rights
Effective October 8, 2025, California’s AB 656 requires large social media platforms (those generating more than $100 million in annual revenue) to provide users with a clear and conspicuous “Delete Account” button that is easily accessible through the platform’s settings menu across all access points (mobile applications, web browsers). When a user selects this option, the platform must clearly outline the steps to delete one’s account and associated personal information, in accordance with the CCPA. The law prohibits the use of dark patterns or other design tactics that obstruct or interfere with a user’s ability to delete their account. It also specifies that a deletion request also constitutes a CCPA personal information deletion request.

EMPLOYMENT

California Code Regs., tit. 2 - Automated Decision System
Effective October 1, 2025, updates to the California Fair Employment and Housing Act make it unlawful for employers or other covered entities to use automated-decision systems (ADS) or selection criteria that result in discrimination based on protected characteristics. The regulations define ADS broadly to include any tool that assists or replaces human discretion in employment decisions, such as screening, ranking or evaluating candidates. In evaluating alleged violations, relevant evidence includes whether the employer conducted anti-bias testing and implemented proactive measures to prevent discriminatory outcomes. The measure also expands existing anti-discrimination protections and requires employers to preserve ADS-related data and employment records for four years.

DATA PRIVACY / PROTECTION

California SB 361 - Data Brokers
Effective January 1, 2026, California’s SB 361 strengthens consumer privacy protections by expanding disclosure and compliance obligations for data brokers under the California Consumer Privacy Act (CCPA). The law requires data brokers to provide more detailed registration information to the California Privacy Protection Agency (CPPA), including the types of personal data collected and whether such data has been shared with foreign actors, government entities or developers of generative AI systems.

Beginning January 1, 2026, the CPPA implemented a statewide mechanism allowing consumers to request deletion of their personal information across all registered data brokers through a single portal. Starting August 1, 2026, data brokers must check this system at least every 45 days to process deletion and opt-out requests, and by January 1, 2028, they must undergo independent third-party audits every three years.

California AB 45 - Geofence Data Tied to Reproductive Health Services
Effective January 1, 2026, California’s AB 45 creates strict protections for reproductive health privacy by prohibiting geofencing and personal data collection around family planning centers and health care facilities. It also blocks law enforcement and out-of-state prosecutors from accessing research or location data related to abortion care. Violations carry penalties of $25,000 per violation, enforceable by the Attorney General, and affected individuals may bring civil actions. The law further protects reproductive health research data from out-of-state subpoenas and directs collected penalty funds toward reproductive justice and health education programs.

California SB 683 - Privacy: Likeness/Injunctive Relief
Effective January 1, 2026, California’s SB 683 allows individuals whose name, voice, signature, photograph or likeness is used without consent to seek an injunction or temporary restraining order, and explicitly applies to AI-generated and synthetic representations. The order requires the violator to remove, recall or cease distribution of the unauthorized content within two business days, unless the court orders otherwise. Individuals may bring a civil action for damages, profits, and injunctive or temporary relief, and prevailing plaintiffs may recover the greater of $750 or actual damages plus any attributable profits. The law also authorizes awards of reasonable attorney’s fees and costs.

California AB 566 (Opt Me Out Act) - CCPA “Opt-Out Preference Signal” Mechanism
Effective January 1, 2027, AB 566 helps consumers exercise their opt-out rights under the California Consumer Privacy Act by requiring browsers to include a setting that allows users to send an opt-out preference signal to websites. This enables Californians to opt out of the sale or sharing of their personal data across multiple sites at once rather than individually on each website.

CHATBOT LAWS

California SB 243 - Companion Chatbot Disclosures
Effective January 1, 2026, California SB 243 establishes a comprehensive safety framework for “companion chatbots,” requiring platforms to clearly disclose that the chatbot is AI, implement evidence-based protocols to prevent self-harm content, and apply heightened protections for minors, including regular reminders that they’re interacting with a nonhuman system. Operators must also block sexually explicit content for minors and publish their safety protocols. Beginning in 2027, they must also report crisis-related interventions to the Office of Suicide Prevention.

California SB 857 - Public Safety Omnibus
Effective January 1, 2026, SB 857 adds new provisions expanding state agency data-sharing authority across correctional, workforce and youth-services systems. It also criminalizes the knowing possession, distribution or production of obscene or sexualized images that depict minors using AI or digital alteration, even if no real child was involved.

California AB 489 - Health AI Representation Restrictions
Effective January 1, 2026, California’s AB 489 extends existing prohibitions on the use of specified language falsely implying possession of a health care license to AI or generative AI (genAI) systems. It makes it unlawful for any person or entity to advertise or deploy an AI or genAI system in a way that uses titles, letters or phrases implying the system is a licensed health care professional—or that care, advice, reports or assessments are provided by a licensed professional—when they are not. Each prohibited use constitutes a separate violation enforceable by the relevant health care licensing board or agency.

GENERATIVE AI LAWS

California AB 316 - AI Defenses Prohibition
Effective January 1, 2026, California’s AB 316 clarifies that developers, modifiers and users of AI systems cannot avoid liability by claiming that an AI system acted autonomously. The statute does, however, allow other affirmative defenses, including those based on causation, foreseeability or comparative fault.

PRICING ALGORITHM LAWS

California AB 325 – Two New Provisions for California’s Cartwright Act
Effective January 1, 2026, California’s AB 325 amends the Cartwright Act to (1) prohibit the use or distribution of “common pricing algorithms” as part of a contract, combination or conspiracy to restrain trade and (2) create a standalone prohibition on certain coercive uses of such tools and establish new standards for antitrust enforcement. AB 325 makes it unlawful for any person to use or distribute a “common pricing algorithm” that leverages competitor data to recommend, stabilize, align or otherwise influence prices or commercial terms, or to coerce others into adopting algorithm-recommended pricing or terms for similar products or services in California. The law defines “common pricing algorithms” broadly to include any shared technology or methodology used by two or more persons that relies on competitor data to recommend, align, stabilize, set or otherwise influence a price or commercial term. AB 325 also eases pleading requirements for Cartwright Act conspiracy claims by allowing plaintiffs to proceed with factual allegations showing a plausible restraint of trade, without needing to rule out independent action at the motion to dismiss stage. For more information, please see our client alert and Law360 article.

California SB 763 - Increases Criminal and Civil Penalties for Violations of Cartwright Act
Effective January 1, 2026, California’s SB 763 complements AB 325’s new restrictions on “common pricing algorithms” by sharply increasing the criminal and civil penalties for all Cartwright Act violations, including those involving AI-driven and algorithmic pricing conduct. The bill amends existing law to impose steeper fines and imprisonment terms for individuals and corporations engaged in conspiracies to restrain trade, including fines up to $6 million for corporations and $1 million or more for individuals, with potentially higher penalties tied to the amount of financial gain or loss caused. It also establishes a new civil penalty of up to $1 million per violation, recoverable by the Attorney General or a district attorney, with courts directed to consider factors such as the seriousness, persistence and willfulness of the misconduct, as well as the defendant’s cooperation and financial condition. SB 763 further clarifies that all antitrust penalties and remedies are cumulative, allowing both civil and criminal enforcement actions to proceed simultaneously. For more information, please see our client alert and Law360 article.

DIGITAL REPLICA / DEEPFAKE LAWS / ALTERED IMAGES

California AB 621 - Deepfake Remedies
Effective October 13, 2025, California’s AB 621 addresses the creation and distribution of “deepfake pornography,” defined as digitally altered sexually explicit material depicting individuals without their consent. The law creates a private right of action against any person who creates, shares or knowingly facilitates such content and extends liability to service providers that continue supporting a deepfake pornography service after receiving notice. It establishes a presumption of liability for operators unless they can demonstrate the depicted person’s written consent, subject to limited exemptions for protected speech, journalism and legal proceedings. Violators face statutory damages ranging from $1,500 to $50,000 per violation, up to $250,000 for malicious conduct, along with punitive damages, attorney’s fees, injunctive relief and additional civil penalties enforceable by public prosecutors.

California AB 723 - Real Estate (GenAI-Adjacent but Sector-Specific)
Effective January 1, 2026, AB 723 requires real estate brokers, salespersons and their representatives to clearly disclose when property images used in advertisements or promotional materials have been digitally altered. The disclosure must include a prominent statement that the image has been modified and provide a link via website, URL or QR code to the original, unaltered image. A “digitally altered image” includes photos modified using editing software or AI to add, remove or change elements such as fixtures, furniture, landscaping or views, but excludes basic edits like lighting adjustments or cropping. When the advertisement appears on a website controlled by the professional, the unaltered image must be displayed or linked, and violations may constitute a criminal offense.

MISCELLANEOUS

Cybersecurity

California AB 979 - AI Cybersecurity Integration
Effective January 1, 2026, California’s AB 979 strengthens the state’s cybersecurity framework by integrating AI considerations into existing cyber-defense coordination efforts. The law directs the California Cybersecurity Integration Center (Cal-CSIC) to collaborate with federal and private partners to counter AI-enabled threats and align with initiatives such as the Joint Cyber Defense Collaborative’s 2025 AI Cybersecurity Collaboration Playbook.

By January 1, 2027, Cal-CSIC must develop a California AI Cybersecurity Collaboration Playbook establishing mandatory information-sharing requirements for state contractors and AI service vendors, with voluntary mechanisms available to other entities. The law reinforces Cal-CSIC’s leadership in statewide cyber-incident detection and response, mandates annual cybersecurity expenditure reporting, and protects sensitive AI-related cybersecurity information from public disclosure.

Government

California SB 524 - AI in Law Enforcement Oversight
Effective January 1, 2026, California’s SB 524 requires law enforcement agencies to disclose when official reports are generated, in whole or in part, using artificial intelligence. Each page of such reports must identify the AI programs used and include the statement: “This report was written either fully or in part using artificial intelligence.” The bill further mandates that all AI-generated drafts and edits be retained for as long as the final report, with systems maintaining an audit trail identifying the individuals involved, any changes made, and the video or audio inputs used.

Education

California SB 241 - Community College AI Use
Effective January 1, 2026, California’s SB 241 clarifies that community college personnel may use AI tools to assist in the operations of a community college or in providing services to community college students.

California SB 253 - AI and the Bar Exam
Effective January 1, 2026, California’s SB 253 requires the California Committee of Bar Examiners to disclose if artificial intelligence (AI) is used in developing questions for or grading any portion of the bar examination.

California AB 1170 - Education Working Group
Effective January 1, 2026, AB 1170 amends the Education Code § 33328.5 to create a Department of Education working group to develop guidance and model policies on the safe, ethical use of AI in schools. The group is tasked with addressing issues of data ownership, licensing, source code access, and explicit requirements for pupil and educator data privacy, data security and safe procurement of AI technologies.

***

California’s new AI regulations mark another year of California being the frontrunner in regulating development and deployment of artificial intelligence. However, in 2025, there was a slight shift, where Gov. Newsom emphasized that the state would like to balance innovation with consumer protection.

We at Pillsbury are monitoring the quickly evolving landscape. We are available to advise clients on the operational, compliance and governance implications of California’s AI regulatory framework.