🎧 Related Podcast Episode

Executive Summary

As of September 22, 2025, California continues to lead the nation in comprehensive privacy and artificial intelligence regulation, with the state legislature having passed 14 major privacy and AI bills that now await Governor Gavin Newsom’s signature or veto. With an October 12 deadline looming, these bills represent a watershed moment for tech regulation in the United States, potentially setting precedents that could influence national policy for years to come. This represents a significant evolution from the eight bills we tracked earlier this year, with several additional measures having gained momentum through the legislative process.

The legislative package addresses critical issues ranging from frontier AI transparency requirements to companion chatbot safeguards, employment AI protections, and enhanced consumer privacy rights. This comprehensive analysis examines each bill’s current status, key provisions, and potential impact on businesses and consumers alike.

The Current Political Landscape

Governor Newsom faces a complex political calculus as he weighs these bills. His track record shows a nuanced approach to tech regulation – last year, he vetoed several major privacy and AI bills, including the controversial SB 1047, citing concerns about stifling innovation and imposing overly rigid requirements. However, he has also signed numerous targeted AI bills, particularly those addressing deepfakes, election integrity, and child safety.

Last year, Newsom vetoed about 18% of nearly 1,000 bills passed in the final days (and nearly 16% of all 1,200 bills passed by the Legislature in 2024). This higher-than-average veto rate suggests the Governor is willing to push back against legislation he views as problematic, even when it comes from his own party.

Major Privacy Legislation

AB 566: The California Opt Me Out Act

Status: Awaiting Governor’s signature Effective Date: January 1, 2027

This bill represents California’s second attempt at mandating browser-level privacy controls. The California Opt Me Out Act mandates that a business “shall not develop or maintain a browser that does not include functionality configurable by a consumer that enables the browser to send an opt-out preference signal to businesses which the consumer interacts with the browser.”

Key provisions include:

  • Mandatory inclusion of opt-out preference signal functionality in all browsers- Requirements that the functionality be easily locatable and configurable- Public disclosure requirements about how the signals work- California Privacy Protection Agency (CPPA) granted rulemaking authority

Notably, the bill does not require the signal to be turned on by default, a compromise likely intended to address industry concerns. A similar bill (AB 3048) passed last year but was vetoed by Newsom, who expressed concerns about technical feasibility and suggested that design questions should be addressed by developers rather than regulators.

AB 1043: The Digital Age Assurance Act

Status: Awaiting Governor’s signature Effective Date: January 1, 2027

The Digital Age Assurance Act requires operating system providers to implement a system for collecting user age during account setup and then sharing the user’s age range (or bracket) with all apps in a covered app store.

This groundbreaking legislation would:

  • Require OS providers to collect age information during account setup- Mandate transmission of age bracket signals to apps- Create actual knowledge standards for developers regarding user ages- Impose penalties of $2,500 per affected child for negligent violations and $7,500 for intentional violations

The bill represents a novel approach to age verification that places the burden on platform providers rather than individual apps or websites, potentially addressing long-standing concerns about children’s online privacy while avoiding the pitfalls of traditional age verification methods.

SB 361: Enhanced Data Broker Regulations

Status: Awaiting Governor’s signature Effective Date: January 1, 2026 (if signed)

This bill significantly expands California’s existing data broker registration requirements. If signed by Governor Newsom, the bill would require data brokers to provide detailed information to the CPPA about the types of personal information they collect, including names, dates of birth, government IDs, biometric data, and whether they have sold or shared data with foreign actors, government entities, law enforcement, or developers of generative AI systems.

Additional requirements include:

  • Clear website links for consumer privacy rights- Prohibition on dark patterns that interfere with rights exercise- Public disclosure of registration information via CPPA website- Enhanced transparency about data flows to AI developers

The immediate effective date of January 1, 2026, suggests legislative urgency in addressing data broker practices.

SB 771: Social Media Platform Liability

Status: Awaiting Governor’s signature Effective Date: January 1, 2027

This bill creates unprecedented private rights of action against social media platforms, allowing users to sue for algorithmic harms. The legislation includes:

  • Liability for algorithms that relay harmful content or aid in violations- Penalties up to $1 million for intentional violations- Doubled penalties when platforms knowingly interact with minors- Joint tortfeasor provisions for coordinated violations

Artificial Intelligence Legislation

SB 53: The Transparency in Frontier AI Act

Status: Passed legislature, awaiting Governor’s signature Effective Date: Various provisions starting January 1, 2026

SB 53 “requires large AI labs to be transparent about their safety protocols, creates whistleblower protections for [employees] at AI labs & creates a public cloud to expand compute access (CalCompute).” This bill represents California’s second attempt at comprehensive frontier AI regulation, following last year’s vetoed SB 1047. The evolution from SB 1047 to SB 53 demonstrates California’s iterative approach to AI governance, which we’ve tracked throughout our ongoing coverage of the state’s legislative developments.

Key differences from SB 1047:

  • Focus on transparency rather than liability- No “kill switch” requirement- No third-party audit mandates- Uniform penalties up to $1 million per violation (rather than percentage-based)- Two-tiered system based on company revenue ($500M threshold)

Anthropic became the first major tech company Monday to endorse a California bill that would regulate the most advanced artificial intelligence models. This endorsement marks a significant departure from the unified industry opposition to SB 1047.

The bill includes:

  • Mandatory publication of “frontier AI frameworks”- Transparency reports for model releases- Critical incident reporting to Office of Emergency Services- Enhanced whistleblower protections- Creation of CalCompute consortium for democratized AI access

SB 7: The “No Robo Bosses” Act

Status: Passed legislature, awaiting Governor’s signature Effective Date: January 1, 2026

California lawmakers just passed a law that could soon require employers to not only provide notices to applicants and workers when AI is used in workplace decision-making, but would also prohibit the use of AI for certain workplace actions.

This comprehensive employment AI regulation includes:

Notice Requirements:

  • 30-day advance notice before ADS deployment- Written disclosure of ADS use and capabilities- Maintenance of current ADS inventory lists- Post-decision notices for affected workers

Prohibited Uses:

  • Inferring protected characteristics- Identifying workers exercising legal rights- Collecting undisclosed worker data- Violating labor laws- Relying solely on customer ratings

Human Review Requirements:

  • Mandatory human oversight for critical decisions- Requirement for reviewers to examine additional relevant information- Prohibition on sole reliance on ADS for terminations

Enforcement will be handled by the Labor Commissioner, adding teeth to these worker protections.

Companion Chatbot Bills: SB 243 and AB 1064

Status: Both passed legislature, awaiting Governor’s signature Effective Date: January 1, 2026

These bills address growing concerns about AI companion chatbots following several high-profile tragedies involving minors.

SB 243 Requirements: The bill specifically aims to prevent companion chatbots — which the legislation defines as AI systems that provide adaptive, human-like responses and are capable of meeting a user’s social needs — from engaging in conversations around suicidal ideation, self-harm, or sexually explicit content.

Key provisions include:

  • Mandatory disclosure that users are interacting with AI- Protocols to prevent suicide/self-harm content- Special protections for minors including break reminders- Annual reporting to Office of Suicide Prevention- Private right of action with $1,000 statutory damages

AB 1064 (LEAD for Kids Act): This more restrictive bill would prohibit companion chatbots for children unless they cannot foreseeably:

  • Encourage self-harm or violence- Offer unlicensed mental health therapy- Engage in sexual interactions- Prioritize engagement over safety- Encourage illegal activities

The passage of both bills reflects legislative concern about AI’s impact on vulnerable populations, particularly following incidents involving teenage suicides after chatbot interactions.

Additional AI Bills

AB 853: California AI Transparency Act Amendments

  • Requires large platforms to provide provenance data access- Mandates capture devices include latent disclosures- Builds on 2024’s transparency framework

SB 11: Digital Replica Disclosure

  • Requires disclosure for AI technology enabling digital replicas- $10,000 daily penalties for non-compliance- Addresses deepfake concerns

AB 325: Cartwright Act Violations

  • Prohibits use of common pricing algorithms for price fixing- Targets algorithmic collusion in markets- Creates antitrust liability for AI-coordinated pricing

AB 316: AI Liability Defense Prohibition

  • Bars defendants from claiming AI acted autonomously- Ensures accountability for AI-caused harms- Closes potential liability loophole

Industry Response and Challenges

The tech industry’s response has been mixed but increasingly oppositional. OpenAI did not mention SB 53 specifically but argued that to avoid “duplication and inconsistencies,” companies should be considered compliant with statewide safety rules as long as they meet federal or European standards.

Major concerns include:

  • Compliance complexity across multiple jurisdictions- Technical feasibility of certain requirements- Innovation impacts in a competitive global market- Constitutional challenges based on interstate commerce

Andreessen Horowitz’s head of AI policy and chief legal officer recently claimed that “many of today’s state AI bills — like proposals in California and New York — risk” crossing a line by violating constitutional limits on how states can regulate interstate commerce.

What Failed to Pass

Several significant bills died in the legislature, including some we had been tracking since earlier this year:

Privacy Bills:

  • SB 435 (sensitive personal information protections)- AB 302 (data broker restrictions for officials/judges)- SB 354 (Insurance Consumer Privacy Protection Act)- AB 322 (precise geolocation restrictions)

AI Bills:

  • AB 1018 (broader automated decision systems regulation)- SB 420 (comprehensive ADS framework)- Four of five algorithmic pricing bills- Both workplace surveillance bills

The failure of these bills suggests legislative limits on how far California is willing to go in regulating technology, even with Democratic supermajorities.

Timeline and Next Steps

October 12, 2025: Deadline for Governor Newsom to sign or veto all bills. Any unsigned bills automatically become law.

January 1, 2026: Immediate effective date for:

  • SB 361 (data broker regulations)- SB 7 (employment AI)- SB 243 and AB 1064 (companion chatbots)

January 1, 2027: Delayed effective date for:

  • AB 566 (browser opt-out signals)- AB 1043 (age verification)- SB 771 (social media liability)

Key Implementation Milestones:

  • April 1, 2026: Deadline for existing ADS notice compliance- July 1, 2026: AB 325 pricing algorithm restrictions take effect- July 1, 2027: Age signal implementation for pre-existing accounts- January 1, 2027: CalCompute consortium recommendations due

Implications for Businesses

Companies operating in California should immediately begin preparing for potential compliance obligations. For a comprehensive framework on navigating these requirements, see our 2025 compliance deep dive into California’s privacy and AI legislation.

For Tech Companies:

  1. Browser/OS Developers: Prepare opt-out signal and age verification architectures2. AI Developers: Draft transparency frameworks and incident reporting protocols3. Chatbot Operators: Implement content filtering and user protection systems4. Social Media Platforms: Review algorithmic decision-making and liability exposure

For Employers:

  1. Inventory all automated decision systems currently in use2. Develop notice templates and distribution procedures3. Establish human review processes for ADS decisions4. Update employee handbooks and onboarding materials

For Data Brokers:

  1. Prepare comprehensive disclosure systems2. Document data flows to AI developers3. Remove dark patterns from privacy interfaces4. Establish clear consumer rights portals

National and Global Context

California’s actions don’t occur in a vacuum. If California signs SB 53 into law, it will not merely regulate American labs; it will signal to international partners and federal lawmakers that certain transparency practices are becoming expected norms. As we’ve previously examined in our comparative analysis of global AI regulation efforts, California’s approach represents a unique middle ground between prescriptive international frameworks and federal deregulation.

The international landscape shows divergent approaches:

  • EU: Prescriptive rules and use-case categorization- India: Non-prescriptive framework focused on boundaries- Federal US: Current administration favoring innovation over regulation

With the Trump administration’s stated preference for minimal AI regulation and potential federal preemption, California’s bills may represent the high-water mark for state-level AI governance.

Predictions and Analysis

Based on Governor Newsom’s past actions and current political dynamics, we can make several predictions:

Likely to be Signed:

  • SB 361 (data brokers) - Builds on existing framework- SB 243 (companion chatbots) - Addresses clear harms to minors- AB 316 (AI liability) - Closes obvious loophole

Uncertain Fate:

  • SB 53 (frontier AI) - Industry division and Anthropic support may help- SB 7 (employment AI) - Labor support vs. business concerns- AB 566 (browser opt-out) - Second attempt after previous veto

Likely Vetoes:

  • AB 1064 (LEAD for Kids) - May be seen as duplicative with SB 243- SB 771 (social media liability) - Potentially too expansive

Conclusion

California’s 2025 legislative session represents a pivotal moment in technology regulation. The bills awaiting Governor Newsom’s signature would create the most comprehensive state-level framework for AI governance and privacy protection in the nation. As we’ve documented in our analysis of California’s leadership role in global AI regulation, the state’s actions continue to influence policy discussions worldwide. While some measures may face vetoes based on concerns about innovation and technical feasibility, the sheer volume and scope of legislation signals California’s continued commitment to leading on tech regulation.

The coming weeks will determine whether California maintains its position as the de facto national regulator for technology companies or whether industry pushback and federal preemption concerns will limit the state’s regulatory reach. Regardless of the outcome, businesses should prepare for a new era of transparency, accountability, and user protection in the digital economy.

As “I reject the premise that this is a zero-sum situation, that innovation and regulation are mutually exclusive,” Padilla said. “Don’t tell me that we can’t walk and chew gum.” This sentiment captures the fundamental tension California seeks to resolve: maintaining its position as a global innovation hub while protecting consumers from emerging technological harms.

The October 12 deadline looms large, and all eyes are on Governor Newsom as he weighs the future of privacy and AI regulation not just in California, but potentially across the nation and around the world.

This article provides a comprehensive overview of California’s 2025 privacy and AI legislation as of September 22, 2025. Businesses and individuals should consult with legal counsel for specific compliance guidance as these bills develop and implementation details emerge.

For additional context and analysis on California’s evolving privacy and AI landscape, see our previous coverage: