California’s Generative AI Law

In 2024, California’s governor signed 17 AI bills into law. The California Generative AI Law, summarized here, imposes transparency obligations on developers of generative AI in an effort to help consumers make informed decisions about their use of these technologies. This law largely focuses on the training data involved in generative AI, with the goal of establishing transparency on how the algorithms behind AI models are created. California’s Generative AI Law goes into effect on January 1, 2026.

Schedule a Free Consultation

What you need to know about California’s Generative AI Law:

To What Entities Does This Law Apply?

The law applies to AI developers, defined broadly as any person, government agency, or entity that either develops an AI system or service or “substantially modifies it,” which means creating “a new version, new release, or other update to a generative artificial intelligence system or service that materially changes its functionality or performance, including the results of retraining or fine tuning.”

These AI systems/services must be for use by members of the public.

To What Technologies Does This Law Apply?

Generative artificial intelligence systems.

What Constitutes AI under This Law?

Generative AI is defined as AI “that can generate derived synthetic content, such as text, images, video, and audio, that emulates the structure and characteristics of the artificial intelligence’s training data.”

When Does This Law NOT Apply?

The law does not apply to generative AI systems or services:

  • (A) whose sole purpose is to help ensure security and integrity, such as AI intended to detect security incidents; resist malicious, deceptive, fraudulent, or illegal actions; and ensure the physical safety of natural persons;
  • (B) whose sole purpose is to operate aircraft in the national airspace; and
  • (C) developed for national security, military, or defense purposes and that are made available only to a federal entity.

Key Components of California’s Generative AI Law

What Is Prohibited?

While this law does not prohibit any uses of AI technologies, California has several AI laws that prohibit non-consensual deepfake pornography, the use of AI to deceive individuals in the political context, and that extend child sexual abuse materials to AI-generated content.

Additionally, the state has laws that regulate the use of AI in the healthcare context.

Transparency Obligations

Developers of publicly accessible AI must post the following information on their website regarding the training data used to create the generative AI system: 

  • The sources or owners of the datasets; 
  • A description of how the datasets further the intended purpose of the AI system or service; 
  • The number of data points included in the datasets, which may be in general ranges, and with estimated figures for dynamic datasets; 
  • A description of the types of data points within the datasets (e.g., types of labels used or general characteristics); 
  • Whether the datasets include any data protected by copyright, trademark, or patent or whether the datasets are entirely in the public domain; 
  • Whether the developer purchased or licensed the datasets; 
  • Whether the datasets include “personal information” or “aggregate consumer information” as those terms are defined under the California Consumer Privacy Act; 
  • Whether the developer cleaned, processed, or modified the datasets and the intended purpose of those efforts in relation to the AI system or service; 
  • The time period during which the data in the datasets was collected, including a notice if the data collection is ongoing; 
  • The dates the datasets were first used during the development of the AI system or service; and 
  • Whether the generative AI system or service has used/uses synthetic data generation in its development. The developer may include in its answer a description of the synthetic data’s functional need or desired purpose based on the intended purpose of the AI system or service. 

 

Minimization Obligations

N/A

Accountability Obligations

N/A

AI Impact Assessments

Assessments are not required under the Generative AI Act. 

Reporting Obligations

While this law does not have reporting obligations, California has other AI laws that obligate schools and state agencies to report AI risks and developments to the legislature. 

How Will This Law Be Enforced?

There is no specific information in the law as to penalties, however, potentially expect to the California Attorney General to utilize state unfair competition law.

Data Privacy is Just Good Business

Managing privacy compliance with all these new state privacy laws popping up in the U.S., might seem like a daunting task. But just because the task appears daunting, it doesn’t mean that it’s impossible to handle.

You don’t have to go at it alone! With the right support, you can make data privacy measures a sustainable part of your daily operations. That’s where Red Clover Advisors comes in – to deliver practical, actionable, business-friendly privacy strategies to help you achieve data privacy compliance and establish yourself as a consumer-friendly privacy champion that customers will appreciate.

Book a Free Consultation