California AI Laws 2026: Everything You Need to Know
California has tried more AI legislation than any other state. Some passed, some failed, some are coming back. Here is the current landscape — and what companies need to do about it.
What actually passed (and when)
AB 2013 — AI training data transparency (effective January 2026)
Companies that develop AI systems and make them available in California must publish documentation on their website describing the datasets used to train the AI, including the source, description, how the data was obtained, and whether the data was licensed or scraped. This applies to generative AI systems specifically.
Who is affected: AI developers — companies that build foundation models or deploy generative AI to consumers in California. Does not apply to companies that only use AI (e.g., using Claude or ChatGPT via API to power a product).
What to do: If you develop AI, publish a training data disclosure document. If you only use AI tools, this law does not create obligations for you.
SB 942 — California AI Transparency Act (effective January 2026)
AI systems used in California that generate synthetic content (images, video, audio, text) must include a "latent disclosure" — an invisible watermark or metadata indicating the content was AI-generated. Systems that generate content must also provide users a way to detect whether content was AI-generated.
Who is affected: Companies with AI systems that generate content — primarily generative AI providers (OpenAI, Anthropic, Midjourney, etc.). Downstream companies using their APIs may need to preserve the watermarks and not strip them.
AB 1008 — CCPA applies to personal information in AI training data (effective 2026)
The California Privacy Protection Agency clarified that the California Consumer Privacy Act applies to personal information used in AI training. Californians have the right to know if their data was used to train an AI model, to opt out, and to request deletion.
What to do: If your AI model was trained on data that includes Californians' personal information, update your privacy policy to describe this and offer opt-out mechanisms. This is likely to require changes to your CCPA compliance program.
What failed but is likely coming back
SB 1047 — Safe and Secure AI Models Act (VETOED by Governor Newsom, September 2024)
This bill would have required developers of large AI models (costing more than $100M to train) to implement safety protocols before training, conduct pre-deployment testing, and accept liability for harms from their models.
Governor Newsom vetoed it, saying it would harm California's AI industry. However, the author Senator Wiener has indicated he will introduce a revised version. Watch for SB 1047 successor legislation in 2026.
AB 2930 — Automated Decision Systems (FAILED 2024)
This bill would have required impact assessments for automated decision systems used in consequential decisions (employment, housing, credit). It failed in committee but the concept has appeared in multiple subsequent California bills.
CCPA and AI: what is already required
Even without new AI-specific laws, the California Consumer Privacy Act already covers many AI use cases involving California residents:
- Profiling disclosure: If you use automated profiling to make decisions about individuals, you must disclose this in your privacy policy.
- Opt-out right: California residents can opt out of the sale or sharing of their personal information — including for AI training purposes.
- Sensitive data: CCPA/CPRA imposes extra restrictions on sensitive personal information (health data, precise geolocation, etc.) — often used in AI systems.
- Right to limit: Consumers can limit use of their sensitive personal information to only what is necessary to provide the service.
What California companies (and companies with California users) must do now
- • Update CCPA privacy policy to disclose AI tool usage and data sent to AI APIs
- • If you build generative AI: implement training data disclosure per AB 2013
- • If your AI generates content: preserve and do not strip AI watermarks per SB 942
- • Audit what personal data from California users goes into AI training or processing
- • Add AI-specific language to your CCPA opt-out mechanisms
- • Review sensitive data handling in any AI system (health, location, biometrics)
- • Monitor for SB 1047 successor legislation in 2026
- • Monitor for automated decision systems bill (AB 2930 successor)
- • California Privacy Protection Agency rulemaking on AI (ongoing)
How California compares to other US states
California is the most active AI legislative state but not the only one. Colorado has passed the Colorado AI Act (SB 205, effective February 2026), which focuses on AI used in consequential decisions. New York has NYC Local Law 144 regulating AI bias audits for automated employment decisions, and broader state bills are in progress. Illinois has the AI Video Interview Act.
If you have users in multiple US states, you cannot comply with just California — you need to track what each state requires. California is often the toughest, but not always.
See exactly which California laws apply to your AI
ComplianceIQ maps your AI tools against California's current laws and tracks upcoming legislation. Know what you need to do now — and what to watch for.
Check California compliance free →