California ADMT — automated decision-making under CCPA.
How Hael produces the automated decision-making transparency documentation and consumer notices the forthcoming California ADMT regulations require — generated against live operational state, sealed for the regulator.
What California ADMT requires
The California Privacy Protection Agency (CPPA) is finalising regulations under the California Consumer Privacy Act (CCPA) governing the use of Automated Decision-Making Technology (ADMT) for significant decisions. The regulations apply to businesses subject to the CCPA that use ADMT to make significant decisions concerning California residents — financial or lending services, housing, insurance, education enrolment or opportunity, criminal justice, employment opportunities, healthcare services, or access to essential goods or services.
Three substantive obligations attach. First, a pre-use notice describing the ADMT, its intended purpose, the categories of personal information used and the consumer's rights. Second, a consumer opt-out mechanism — the right not to be subject to ADMT for significant decisions, with limited exceptions (security, fraud prevention, legally required decisions). Third, a consumer access right — the right to know how the ADMT functioned in their specific case. The regulations also require risk assessments before deployment and at material change.
How Hael runs it
Hael generates the pre-use notice from the agent registry — purpose, personal information categories, consumer rights, opt-out pathway. The notice arrives as a portable document with deployment-context variants. The opt-out mechanism is wired into the platform's consent management surface, with opt-out elections recorded in the audit chain and propagated to downstream ADMT execution.
Consumer access requests trigger generation of an individualised explanation document — the inputs the ADMT received in the consumer's case, the output it produced, the logic involved at a level meaningful to a non-technical consumer, and the consumer's appeal rights. Risk assessments are generated on deployment and regenerated at material change, with assessment artefacts sealed with hash-chained provenance.
Questions
What is a 'significant decision' under ADMT?
Decisions concerning financial or lending services, housing, insurance, education enrolment or opportunity, criminal justice, employment opportunities, healthcare services, or access to essential goods or services. The CPPA rules elaborate sub-categories and edge cases.
Can a business decline to honour an opt-out?
Limited exceptions apply: security and fraud prevention, legally required decisions, and certain narrowly defined operational necessities. Routine commercial convenience does not justify declining the opt-out. Each exception requires documented justification.
What does the consumer access explanation need to contain?
The inputs the ADMT used in the consumer's case, the output it produced, the logic involved at a level meaningful to a non-technical consumer (not the model weights), and information on the consumer's appeal rights. Boilerplate explanations do not satisfy the right.
See Hael run your CCPA ADMT obligations.
Pre-use notice generation, opt-out infrastructure, consumer access explanations, risk assessment artefacts — wired against your ADMT inventory.