California AI regulations: a compliance map
- California regulates AI across multiple fronts, not through a single AI statute.
- Key strands include automated decision-making technology, AI transparency, and the privacy intersection.
- For many AI uses, California's privacy rules and AI-specific rules apply together.
- Treat California as a mapping exercise onto a coherent governance foundation, and confirm specifics against official sources.
- Current as of June 2026. This is general information, not legal advice.
The multi-front approach
Unlike Colorado's single broad AI law, California's AI regulation has emerged across different instruments and bodies. This reflects California's history as an early and active regulator of technology, particularly around privacy. The result is a set of overlapping rules touching AI, which organisations need to understand collectively.
Automated decision-making technology
A significant strand of California's approach concerns automated decision-making technology (ADMT): the use of automated systems, including AI, to make or substantially inform decisions about people. Rules in this area address things like giving people notice that automated decision-making is being used, and in some cases rights to information about or to opt out of certain automated decisions. This connects closely to California's privacy framework.
AI transparency
California has also moved on AI transparency, including requirements relating to disclosing when content is AI-generated or when people are interacting with AI in certain contexts. Transparency obligations of this kind are aimed at ensuring people know when AI is involved.
The privacy intersection
California's strong privacy regime, anchored in its consumer privacy law, intersects heavily with AI, because AI systems that make decisions about people typically process personal information. This means that for many AI uses in California, privacy rules and AI-specific rules apply together, much as the GDPR and the EU AI Act do in Europe.
What this means in practice
For organisations, the practical implication is that California compliance is a mapping exercise: identify how your AI uses intersect with automated decision-making rules, transparency requirements, and privacy obligations, and meet each. Because these rules share underlying concerns, notice, transparency, fairness, and control over automated decisions, with other AI laws and frameworks, a coherent governance practice covers much of the ground.
Approaching California efficiently
As with the other state laws, the efficient approach is not to build a standalone California programme but to maintain a strong AI governance foundation and map California's specific rules, ADMT, transparency, and privacy intersections, onto it. The facts about each AI system, what it does, what data it uses, who it affects, are the same facts these rules turn on, so capturing them once supports compliance across California's multiple requirements and beyond.
A note on evolution
California's AI-related rules are actively developing across multiple bodies and instruments. Treat this as a map of the areas to watch rather than a fixed statement of detailed obligations, and confirm the current requirements against official California sources before relying on specifics.
Key terms
- ADMT
- Automated decision-making technology, regulated under California's privacy framework.
- AI transparency
- Disclosure obligations when content is AI-generated or AI is interacting with people.
- Consumer privacy law
- California's strong privacy regime that intersects heavily with AI.
- Mapping exercise
- Identifying which California rules apply to which AI uses, rather than seeking one law.