California Privacy Rights Act (CPRA) — AI Provisions Compliance Checklist 2026
The CPRA expanded CCPA to cover automated decision-making technology (ADMT). Businesses using AI in significant decisions about California residents must provide opt-out rights, conduct risk assessmen…
Maximum penalty: $7,500 per intentional violation
Complete each item below to achieve compliance. Use ComplianceIQ to generate all required documentation automatically.
Regulatory Requirements
1. Automated Decision-Making Disclosure
Disclose when automated decision-making technology is used in significant decisions about California residents.
2. AI Opt-Out Mechanism
Provide California residents the right to opt out of automated decision-making and request human review.
3. Privacy Policy — AI Section
Update your privacy policy to describe all automated decision-making and profiling practices.
Implementation Steps
4. Add AI profiling disclosures to your California privacy notice
5. Create an opt-out mechanism for use of AI-driven automated profiling
6. Review any AI tools used in employment decisions for California workers
7. Audit data broker relationships involving AI-generated consumer profiles
8. Implement data minimization for AI processing of California resident data
9. Train customer-facing staff on AI opt-out request procedures