Intellectual Property Law

State Legislation Update: September 2025

Intellectual Property Law Legislation Interest Group Report

As of September 8, 2025 the following state bills have been identified which may be of interest to the Section.  Please note that bills must be passed (enrolled) by the California legislature by September 30, 2025, to be considered by Governor Newsom for approval/veto, by October 31, 2025. The summary and status of those bills are as follows:

AB 222, Bauer-Kahan-D, Data centers: power usage effectiveness: cost shifts.

Status: Engrossed (pending in the Senate Appropriations Committee)

Summary: Current law requires the State Energy Resources Conservation and Development Commission (Energy Commission) to biennially adopt an integrated energy policy report, as specified, and to make the reports accessible to state, local, and federal entities and to the general public. This bill would require the Energy Commission to establish a process for the owner of a data center, as defined, to submit the power usage effectiveness ratio, as defined, for the data center to the Energy Commission on a biannual basis, and require the owner of a data center to submit this information for the data center in the manner and timeframe specified by the Energy Commission.

AB 316, Krell-D, Artificial intelligence: defenses.

Status: Engrossed (under consideration by full Senate))

Summary: Current law requires the developer of a generative artificial intelligence system or service that is released on or after January 1, 2022, and made publicly available to Californians for use, to post on the developer’s internet website documentation regarding the data used by the developer to train the generative artificial intelligence system or service. Existing law defines “artificial intelligence” for these purposes. This bill would prohibit a defendant who developed, modified, or used artificial intelligence, as defined, from asserting a defense that the artificial intelligence autonomously caused the harm to the plaintiff.

AB 410, Wilson-D, Bots: disclosure.

Status: Engrossed (pending in the Senate Appropriations Committee)

Summary: Current law makes it unlawful for any person to use a bot to communicate or interact with another person in this state online with the intent to mislead the other person about its artificial identity for the purposes of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction or to influence a vote in an election, unless the person using the bot discloses that it is a bot. Current law defines a “bot” as an automated online account where all or substantially all of the actions or posts of that account are not the result of a person. This bill would require a person who uses a bot to autonomously communicate with another to ensure that the bot discloses to any person with whom the bot communicates when the bot first communicates with the person that the bot is a bot and not a human being, answers truthfully any query from a person regarding its identity as a bot or a human, and refrains from attempting to mislead a person regarding its identity as a bot.

AB 412, Bauer-Kahan-D, Generative artificial intelligence: training data: copyrighted materials.

Status: Engrossed (pending in the Senate Judiciary Committee)

Summary: Current federal law, through copyright, provides authors of original works of authorship, as defined, with certain rights and protections. Existing federal law generally gives the owner of the copyright the right to reproduce the work in copies or phonorecords and the right to distribute copies or phonorecords of the work to the public. Current federal law provides that sound recordings fixed before February 15, 1972, are not subject to copyright, but are subject to similar rights and protections under the Classics Protection and Access Act. Current law requires, on or before January 1, 2026, and before each time thereafter that a generative artificial intelligence system or service, as defined, or a substantial modification to a generative artificial intelligence system or service, released on or after January 1, 2022, is made available to Californians for use, regardless of whether the terms of that use include compensation, a developer of the system or service to post on the developer’s internet website documentation, as specified, regarding the data used to train the generative artificial intelligence system or service. This bill would require a developer of a generative artificial intelligence model to, among other things, document any covered materials that the developer knows were used by the developer to train the model. The bill would require the developer to make available a mechanism on the developer’s internet website allowing a rights owner to submit a request for information about the developer’s use of covered materials that would allow the rights owner to provide the developer with, among other things, registration, preregistration, or index numbers and fingerprints for one or more covered materials. The bill would, subject to specified exceptions, require a developer to, within 30 days of receiving that request from the rights owner, assess whether the covered material represented by a fingerprint provided by the rights owner is likely to be present in the developer’s dataset and provide the rights owner with a list of their covered materials that were used to train the model and are likely to be present in the developer’s dataset, as specified. The bill would provide that each day following the 30-day period that a developer fails to provide a rights owner with that information constitutes a discrete violation.

AB 566, Lowenthal-D, California Consumer Privacy Act of 2018: opt-out preference signal

Status: Engrossed (pending in the Senate Appropriations Committee)

Summary: The California Consumer Privacy Act of 2018 (CCPA) grants a consumer various rights with respect to personal information that is collected or sold by a business, as defined, including the right to direct a business that sells or shares personal information about the consumer to third parties not to sell or share the consumer’s personal information, as specified. The California Privacy Rights Act of 2020, approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA. This bill would prohibit a business from developing or maintaining a browser or browser engine, as defined, that does not include a setting that enables a consumer to send an opt-out preference signal, as defined, to businesses with which the consumer interacts through the browseror browser engine, as prescribed. The bill would require a business that develops or maintains a browser or browser engine to make clear to a consumer in its public disclosures how the opt-out preference signal works and the types of personal information to which the signal would apply. The bill would authorize the agency to adopt regulations as necessary to implement and administer those provisions. This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.

AB 853, Wicks-D, California AI Transparency Act.

Status: Engrossed (under consideration by full Senate)

Summary: The California AI Transparency Act requires a person that creates, codes, or otherwise produces a generative artificial intelligence system that has over 1,000,000 monthly visitors or users and is publicly accessible within the geographic boundaries of the state to make available an AI detection tool at no cost to the user that, among other things, allows a user to assess whether image, video, or audio content, or content that is a combination thereof, was created or altered by that person’s generative artificial intelligence system and outputs any system provenance data that is detected in the content. This bill would additionally require a large online platform, as defined, to, among other things, use a specified label to disclose any machine-readable provenance data detected in content distributed on the large online platform. The bill would also require a capture device manufacturer, with respect to any capture device the capture device manufacturer produces for sale in the state, to, among other things, provide a user with the option to include a latent disclosure in content captured by the capture device that, to the extent that it is technically feasible and reasonable, conveys certain information, including the name of the capture device manufacturer. The bill would define “capture device” to mean a device that can record photographs, audio, or video content, including, but not limited to, video and still photography cameras, mobile phones with built-in cameras or microphones, and voice recorders. This bill contains other related provisions and other existing laws.

AB 1018, Bauer-Kahan-D, Automated decision systems.

Status: Engrossed (under consideration by the full Senate)

Summary: The California Fair Employment and Housing Act establishes the Civil Rights Department within the Business, Consumer Services, and Housing Agency and requires the department to, among other things, bring civil actions to enforce the act. Current law requires, on or before September 1, 2024, the Department of Technology to conduct, in coordination with other interagency bodies as it deems appropriate, a comprehensive inventory of all high-risk automated decision systems that have been proposed for use, development, or procurement by, or are being used, developed, or procured by, any state agency. This bill would generally regulate the development and deployment of an automated decision system (ADS) used to make consequential decisions, as defined. The bill would define “automated decision system” to mean a computational process derived from machine learning, statistical modeling, data analytics, or artificial intelligence that issues simplified output, including a score, classification, or recommendation, that is designed or used to assist or replace human discretionary decisionmaking and materially impacts natural persons. This bill would require a developer of a covered ADS, as defined, to take certain actions, including conduct performance evaluations of the covered ADS and provide deployers to whom the developer transfers the covered ADS with certain information, including the results of those performance evaluations.

AB 1064, Bauer-Kahan-D, Leading Ethical AI Development (LEAD) for Kids Act.

Status: Engrossed (under consideration by the full Senate)

Summary: The California AI Transparency Act requires a person that creates, codes, or otherwise produces a generative artificial intelligence system that has over 1,000,000 monthly visitors or users and is publicly accessible within the geographic boundaries of the state to make available an AI detection tool at no cost to the user that, among other things, allows a user to assess whether image, video, or audio content, or content that is any combination thereof, was created or altered by the covered provider’s generative artificial intelligence system. The California Consumer Privacy Act of 2018 prohibits certain businesses from selling or sharing the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, if the consumer is at least 13 years of age and less than 16 years of age, or the consumer’s parent or guardian, if the consumer is less than 13 years of age, has affirmatively authorized the sale or sharing of the consumer’s personal information. This bill, the Leading Ethical AI Development (LEAD) for Kids Act, would, among other things related to the use of certain artificial intelligence systems by children, prohibit a developer, as defined, of an artificial intelligence system from knowingly or recklessly using the personal information of a child to train a covered product unless the child, if the child is at least 13 years of age and less than 16 years of age, or the child’s parent or guardian, if the child is less than 13 years of age, has provided consent to the developer to use the child’s personal information for that specific purpose. The bill would also prohibit a developer from designing, coding, substantially modifying, or otherwise producing a covered product that is intended to be used by or on a child in the state. The act would define “covered product” to mean an artificial intelligence system that is a companion chatbot, as defined, that can foreseeably take certain actions with respect to a child or an artificial intelligence system that is used to, among other things, collect or process a child’s biometric information for any purpose other than confirming a child’s identity, with the consent of the child’s parent or guardian, in order to grant access to a service, unlock a device, or provide physical access to an educational institution. This bill contains other existing laws.

SB 11, Ashby-D, Artificial intelligence technology.

Status: Engrossed (under consideration by the full Assembly)

Summary: Current law prohibits the false impersonation of another person in either their personal or official capacity with the intent to steal or defraud, as specified. This bill would define various terms related to artificial intelligence and digital replication, and would clarify that false impersonation includes the use of a digital replica with the intent to impersonate another for purposes of these and other criminal provisions.

SB 52, Perez-D, Housing Rental terms algorithmic devices

Status: Engrossed (pending in the Assembly Appropriations Committee)

Summary: Current law governs the hiring of residential dwelling units and requires a landlord to provide specified notice to tenants prior to an increase in rent. The Costa-Hawkins Rental Housing Act prescribes statewide limits on the application of local rent control with regard to certain properties. That act, among other things, authorizes an owner of residential real property to establish the initial and all subsequent rental rates for a dwelling or unit that meets specified criteria, subject to certain limitations. This bill would make it unlawful for any person to sell, license, or otherwise provide to 2 or more persons a rental pricing algorithm, as defined, with the intent that it be used by 2 or more persons, as specified, to set rental terms, as defined, for residential premises. The bill would make it unlawful for any person to use a rental pricing algorithm to recommend rental terms for residential premises if the person knew or should have known that the rental pricing algorithm would be used to set rental terms by 2 or more landlords in the same or related market used or if the person coerces any other person to use the rental pricing algorithm to set rental terms for residential premises in the same market or a related market.

SB 53, Weiner-D, Artificial intelligence models: large developers.

Status: Engrossed (under consideration by the full Assembly)

Summary: Current law generally regulates artificial intelligence, including by requiring, on or before January 1, 2026, and before each time thereafter, that a generative artificial intelligence system or service, or a substantial modification to a generative artificial intelligence system or service, released on or after January 1, 2022, is made publicly available to Californians for use, the developer of the system or service to post on the developer’s internet website documentation regarding the data used by the developer to train the generative artificial intelligence system or service, as prescribed. This bill would enact the Transparency in Frontier Artificial Intelligence Act (TFAIA) that would, among other things related to ensuring the safety of a foundation model developed by a large developer, require a large developer to write, implement, and clearly and conspicuously publish on its internet website a safety and security protocol that describes in specific detail, among other things, the testing procedures that the large developer uses to assess catastrophic risks from its foundation models, as specified. The TFAIA would define “foundation model” to mean an artificial intelligence model that is trained on a broad data set, designed for generality of output, and adaptable to a wide range of distinctive tasks.

SB 238, Smallwood-Cuevas-D, Workplace surveillance tools.

Status: Engrossed (pending in the Assembly Privacy and Consumer Protection Committee)

Summary: This bill would require an employer to annually provide a notice to the Department of Industrial Relations of all the workplace surveillance tools the employer is using in the workplace. The bill would require the notice to include, among other information, the personal information that will be collected from workers and consumers and whether they will have the option of opting out of the collection of personal information. The bill would require the department to make the notice publicly available on the department’s internet website within 30 days of receiving the notice. The bill would define “employer” to include, among other entities, public employers, as specified.

SB 243, Padilla-D, Companion chatbots.

Status: Engrossed (under consideration by the full Assembly)

Summary: Current law requires a social media platform to take various steps to prevent cyberbullying of minors on the platform, including by requiring the platform to establish a prominent mechanism within its internet-based service that allows any individual, whether or not that individual has a profile on the internet-based service, to report cyberbullying or any content that violates the existing terms of service related to cyberbullying. Current law authorizes the State Department of Public Health to establish the Office of Suicide Prevention in the department, as prescribed. This bill would, among other things related to making a companion chatbot platform safer for users, require an operator of a companion chatbot platform to take reasonable steps to prevent a companion chatbot, as defined, on its companion chatbot platform from providing rewards to a user at unpredictable intervals or after an inconsistent number of actions or from encouraging increased engagement, usage, or response rates. The bill would also require an operator to prevent a companion chatbot on its companion chatbot platform from engaging with users unless the operator has implemented a protocol for addressing suicidal ideation, suicide, or self-harm expressed by a user to the companion chatbot, as specified, and publish details on that protocol on the operator’s internet website. This bill would require an operator to annually report to the Office of Suicide Prevention certain things, including the number of times the operator has detected exhibitions of suicidal ideation by users, and would require the office to post data from that report on its internet website.

SB 295, Hurtado-D, California Preventing Algorithmic Collusion Act of 2025.

Status: Engrossed (under consideration by the full Assembly)

Summary: Current law imposes various responsibilities on the Attorney General related to consumer protection, including, among others, the supervision of charitable trusts and the enforcement of antitrust laws. Current law, commonly known as the Cartwright Act, identifies certain acts that are unlawful restraints of trade and unlawful trusts and prescribes provisions for its enforcement through civil actions. This bill would enact the California Preventing Algorithmic Collusion Act of 2025, to prohibit a person from distributing or making recommendations based on the use of a pricing algorithm to 2 or more competitors, as defined, under specified circumstances, if the person knows or should know that the pricing algorithm processes competitor data, as defined. The bill would prohibit a person from using the recommendation of a pricing algorithm that processes competitor data, as specified, if the person knows or should know that the pricing algorithm uses or incorporates competitor data. The bill would declare that these provisions do not apply to the distribution or use of a pricing algorithm if all of the competitor data processed by the pricing algorithm was collected more than one year before the use or distribution of the pricing algorithm.

SB 354, Limon-D, Insurance Consumer Privacy Protection Act of 2025.

Status: Engrossed (pending in the Assembly Insurance Committee)

Summary: The California Consumer Privacy Act of 2018 (CCPA) grants to a consumer various rights with respect to personal information that is collected by a business, including the right to request that a business delete personal information about the consumer that the business has collected from the consumer. The California Privacy Rights Act of 2020, an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA. Existing law, the Insurance Information and Privacy Protection Act, establishes privacy standards for the collection, use, and disclosure of information gathered in connection with insurance transactions by insurance institutions, agents, and insurance-support organizations. This bill would enact the Insurance Consumer Privacy Protection Act of 2025 to establish new standards for the collection, processing, retaining, or sharing of consumers’ personal information by insurance licensees and their third-party service providers. The bill would authorize processing of a consumer’s personal information for specified purposes, including in connection with an insurance transaction. The bill would require a licensee to provide a clear and conspicuous privacy notice that includes specified information to a consumer at specified times, and would prohibit the processing of a consumer’s personal information unless it is consistent with and complies with that notice and is reasonably necessary and proportionate to achieve the purposes related to an insurance transaction or other purpose the consumer requested or authorized. The bill would also require a licensee to provide a privacy rights notice, as specified, to each consumer with whom the licensee has an ongoing business relationship. The bill would require a licensee or third-party service provider to obtain a consumer’s consent to take specified actions and would set forth the means by which consent is obtained. The bill would authorize a licensee to retain personal information, as specified, and would require a licensee to develop a written records retention policy and schedule. The bill would require a licensee to provide specified information to a consumer if it makes an adverse underwriting decision and would provide a process by which a consumer may correct, amend, or delete any personal or publicly available information about the consumer in the possession of the licensee or its third-party service providers. The bill would require a contract between a licensee and a third-party service provider to clearly govern the processing of personal information performed on behalf of the licensee. The bill would prohibit retaliation against a consumer because the consumer exercised or attempted to exercise their rights under the act. The bill would prohibit public disclosure of specified systems, processes, policies, procedures, and plans that are disclosed to the Insurance Commissioner. This bill contains other related provisions and other existing laws.

SB 361, Becker-D, Data Broker registration: data collection

An act to amend Section 1798.99.82 of the Civil Code, relating to privacy.

Status: Engrossed (under consideration by the full Assembly)

Summary: The California Consumer Privacy Act of 2018 (CCPA) grants a consumer various rights with respect to personal information that is collected or sold by a business, including the right to request that a business disclose specified information that has been collected about the consumer, to request that a business delete personal information about the consumer that the business has collected from the consumer, and to direct a business not to sell or share the consumer’s personal information, as specified. The CCPA defines various terms for these purposes. The California Privacy Rights Act of 2020 (CPRA), approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA. Existing law requires a data broker to register with the agency, and defines “data broker” to mean a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions. Existing law requires a data broker, in registering with the agency, to pay a registration fee in an amount determined by the agency and provide specified information, including, among other things, the name of the data broker and its primary physical, email, and internet website addresses, and whether the data broker collects the personal information of minors, consumers’ precise geolocation, or consumers’ reproductive health care data. This bill would require a data broker to provide additional information to the agency, including whether the data broker collects consumers’ login or account information, various government identification numbers, citizenship data, union membership status, sexual orientation status, gender identity and gender expression data, and biometric data. The bill would also require a data broker to provide information regarding whether, in the past year, the data broker shared or sold consumers’ data to a foreign actor, as defined, the federal government, other state governments, law enforcement, or a developer of an AI system or model, as defined. This bill would declare that it furthers the purposes and intent of the CPRA for specified reasons.

SB 420, Padilla-D, Automated decision systems.

Status: Engrossed (pending in the Assembly Privacy and Consumer Protection Committee)

Summary: The California AI Transparency Act requires a covered provider, as defined, of a generative artificial intelligence system to make available an AI detection tool at no cost to the user that meets certain criteria, including that the tool outputs any system provenance data, as defined, that is detected in the content. The California Consumer Privacy Act of 2018 grants a consumer various rights with respect to personal information that is collected or sold by a business, as defined, including the right to direct a business that sells or shares personal information about the consumer to third parties not to sell or share the consumer’s personal information, as specified. This bill would generally regulate a developer or a deployer of a high-risk automated decision system, as defined, including by requiring a developer or a deployer to perform an impact assessment on the high-risk automated decision system before making it publicly available or deploying it, as prescribed. The bill would require a state agency to require a developer of a high-risk automated decision system deployed by the state agency to provide to the state agency a copy of the impact assessment and would require the state agency to keep that impact assessment confidential. The bill would also require a developer to provide to the Attorney General or Civil Rights Department, within 30 days of a request from the Attorney General or the Civil Rights Department, a copy of an impact assessment and would require the impact assessment to be kept confidential.

SB 446, Hurtado-D. Data breaches: customer notification.

Status: Enrolled and presented to the Governor

Summary: Existing law requires an individual or a business that conducts business in California, and that owns or licenses computerized data that includes personal information, to disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was compromised, as specified, and requires that disclosure to be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as specified, or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. This bill would require that data breach disclosure to be made within 30 calendar days of discovery or notification of the data breach but would authorize an individual or business to delay the disclosure to accommodate the legitimate needs of law enforcement, as specified, or as necessary to determine the scope of the breach and restore the reasonable integrity of the data system. Existing law also requires an individual or business that is required to issue the security breach notification described above to more than 500 California residents as a result of a single breach of the security system to electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General.

This bill would require that submission to the Attorney General to be made within 15 calendar days of notifying affected consumers of the security breach.

SB 468, Becker-D, High-risk artificial intelligence systems: duty to protect personal information.

Status: Introduced (pending in the Senate Appropriations Committee)

Summary: The California Consumer Privacy Act of 2018 (CCPA) grants a consumer various rights with respect to personal information that is collected or sold by a business. The CCPA defines various terms for these purposes. The California Privacy Rights Act of 2020 (CPRA), approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA. Current law requires, on or before January 1, 2026, and before each time thereafter that a generative artificial intelligence system or service, as defined, or a substantial modification to a generative artificial intelligence system or service, released on or after January 1, 2022, is made available to Californians for use, regardless of whether the terms of that use include compensation, a developer of the system or service to post on the developer’s internet website documentation, as specified, regarding the data used to train the generative artificial intelligence system or service. This bill would impose a duty on a covered deployer, defined as a business that deploys a high-risk artificial intelligence system that processes personal information, to protect personal information held by the covered deployer, subject to certain requirements. In this regard, the bill would require a covered deployer whose high-risk artificial intelligence systems process personal information to develop, implement, and maintain a comprehensive information security program, as specified, that contains administrative, technical, and physical safeguards that are appropriate for, among other things, the covered deployer’s size, scope, and type of business.

SB 503, Weber-Pierson-D, Health care services: artificial intelligence.

Status: Engrossed (under consideration by the full Assembly)

Summary: Current law requires a health facility, clinic, physician’s office, or office of a group practice that uses generative artificial intelligence to generate written or verbal patient communications pertaining to patient clinical information, as defined, to ensure that those communications include both (1) a disclaimer that indicates to the patient that a communication was generated by generative artificial intelligence, as specified, and (2) clear instructions describing how a patient may contact a human health care provider, employee, or other appropriate person. Current law exempts from this requirement a communication read and reviewed by a human licensed or certified health care provider. This bill would require developers of artificial intelligence systems, as defined, and health facilities, clinics, physician’s offices, or offices of a group practice to make reasonable efforts to identify artificial intelligence systems used to support clinical decisionmaking and health care resource allocation that are known or have a reasonably foreseeable risk for biased impacts in the system’s outputs resulting from use of the system in health programs or activities. The bill would require developers and deployers to make reasonable efforts to mitigate the risk for biased impacts in the system’s outputs resulting from use of the system in health programs or activities. The bill would require deployers to regularly monitor these artificial intelligence systems and take reasonable and proportionate steps to mitigate any bias that may occur.

SB 690, Caballero-D, An act to amend Sections 631, 632, 632.7, 637.2, and 638.50 of the Penal Code, relating to crimes.

Status: Engrossed (pending in the Assembly Privacy and Consumer Protection Committee)

Summary:

(1) Existing law prohibits tapping a communication wire or intercepting or recording a telephone communication, as specified, without the consent of all parties. Existing law exempts specified communication intercepts, including those in a correctional institution and those required for utility maintenance purposes. A violation of these provisions is punishable as either a misdemeanor or a felony.

This bill would also exempt communication intercepts for a commercial business purpose from those prohibitions. The bill would define a commercial business purpose to mean the processing of personal information either performed to further a business purpose or subject to a consumer’s opt-out rights.

(2) Existing law defines a “pen register” for these purposes to mean a device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted but not the contents of a communication, with specified exceptions. Existing law defines a “trap and trace device” as a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication but not the contents of a communication.

The bill would specify that a pen register does not include a device or process used in a manner consistent with a commercial business purpose. This bill would also specify that a trap and trace device does not include a device or process that is used in a manner consistent with a commercial business purpose.

(3) Existing law authorizes a person who has been injured by a violation of those prohibitions to bring an action against the person who committed the violation to enjoin and restrain the violation, as well as to bring an action for monetary damages, as specified.

This bill would specify that this authorization does not apply to the processing of personal information for a commercial business purpose.

SB 833, McNerney-D, Critical infrastructure: automated decision systems: human oversight: adverse event reporting

Status: Engrossed (pending in the Assembly Appropriations Committee)

The California Emergency Services Act establishes the California Cybersecurity Integration Center within the Office of Emergency Services to serve as the central organizing hub of state government’s cybersecurity activities and to coordinate information sharing with various entities. Current law also requires the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and information, as prescribed. This bill would require an operator, defined as a state agency in charge of specified critical infrastructure, that deploys artificial intelligence to establish a human oversight mechanism to monitor the system’s operations in real time and review and approve any plan or action proposed by the artificial intelligence system before execution, except as provided. The bill would require the Department of Technology to administer specialized training in artificial intelligence safety protocols and risk management techniques to oversight personnel. The bill would require an operator to conduct an annual assessment of its artificial intelligence systems and automated decision systems, as specified, and to submit a summary of the findings to the department. This bill would require any entity that engages in conduct that could materially impact critical infrastructure safety, security, or operations to report an artificial intelligence (AI) adverse event, as defined, in a form and manner prescribed by the Office of Emergency Services, as provided. The bill would subject each entity that fails to provide an AI adverse event report to a specified civil penalty.

Related Content
«

Forgot Password

Enter the email associated with you account. You will then receive a link in your inbox to reset your password.

Personal Information

Select Section(s)

CLA Membership is $99 and includes one section. Additional sections are $99 each.
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
  • $99
Total: $0.00

Payment