California has quickly become one of the most active jurisdictions in the U.S. for regulating artificial intelligence (AI). With several new AI-focused laws and pending regulations, companies across the country—and around the globe—must assess whether these laws apply to them based not on where they’re located, but on whether their services are used by Californians. Below is a short Q&A to help your business navigate California’s evolving AI compliance landscape.
Do California’s AI laws apply to companies based outside of California?
Yes. California’s new AI laws—such as SB 942 and AB 2013—apply to companies regardless of where they are based if their AI systems or services are accessible to or target users in California. The laws focus on how and where the technology is used, not where the provider is located.
Which laws should I be aware of?
California has enacted and proposed several AI-related rules. Key ones include:
1. SB 942 – California AI Transparency Act
Applies to AI systems with over 1 million monthly users that are publicly accessible in California. Once operative, it will require labeling of AI-generated content, detection of manipulated media (e.g., deepfakes), and transparency about system functionality.
2. AB 2013 – Generative AI Training Data Transparency Act
Applies to any developer of a generative AI system that is made available to California users. Requires detailed public disclosures about training datasets, including whether they contain personal information or copyrighted material.
3. CPPA Automated Decision-Making Technology (ADMT) Regulations
Applies to businesses subject to the California Consumer Privacy Act (CCPA/CPRA). These rules impose notice, opt-out, and assessment obligations on companies that use AI or profiling systems to make decisions about individuals (e.g., for employment, credit, or housing). Applies to any business “doing business in California,” including those located out-of-state but collecting Californians’ data.
I’m not located in California. How do I know if I’m subject to these laws?
You should evaluate:
- Whether California residents can access or use your AI product or service.
- Whether your company meets the user threshold for SB 942 (1 million+ monthly users).
- Whether your AI system is made available to Californians (AB 2013).
- Whether your business collects personal information from California residents and meets the CPRA applicability thresholds.
If the answer is yes to any of these, you may be subject to one or more of the AI laws or regulations, even if your company is based elsewhere.
Are there penalties for non-compliance?
Yes. Enforcement mechanisms vary by statute, but may include:
- Civil penalties.
- Attorney General or regulator enforcement.
- Business disruptions if AI offerings are restricted or challenged in California.
What should businesses do now?
- Audit your AI systems and user base for California exposure.
- Update disclosures to meet transparency requirements.
- Monitor guidance from the California Privacy Protection Agency and Attorney General.
- Work with legal counsel to ensure compliance across jurisdictions.
Takeaway
California’s AI laws mark the beginning of a national (and global) shift toward regulating artificial intelligence. Whether your business is headquartered in California or not, if you provide AI-powered products or services to Californians, compliance may be required.
For questions on how these laws apply to your organization or assistance preparing a compliance plan, contact your legal team at Rupp Pfalzgraf LLC. Our AI Law team can help you navigate emerging regulations.