High-risk artificial intelligence systems: duty to protect personal information.
- Requires businesses using high-risk AI systems to implement comprehensive data security programs to protect personal information.
- Mandates annual security reviews and immediate updates when business practices significantly change.
- Establishes strict access controls including encryption, monitoring, and unique authentication for AI system data.
- Violations are classified as deceptive trade practices subject to penalties under California's Unfair Competition Law.
Senator Becker's proposal to regulate high-risk artificial intelligence systems in California establishes new security requirements for businesses that process personal information through AI technologies. The legislation requires covered businesses to implement comprehensive information security programs with specific administrative, technical, and physical safeguards tailored to their operations.
Under the bill's provisions, businesses must develop written security protocols that include employee training, access controls, risk assessments, and incident response procedures. The required safeguards encompass encryption of transmitted data, secure authentication protocols, firewall protection, and regular system monitoring. Businesses must also designate staff to maintain these programs, supervise third-party vendors, and conduct annual security reviews.
The California Privacy Protection Agency would oversee implementation through new regulations, with violations classified as deceptive trade practices under the state's Unfair Competition Law. The measure builds upon existing consumer privacy frameworks while creating specific obligations for AI systems that handle personal data. The requirements would take effect by January 2026 for AI systems deployed since 2022, including substantial modifications to existing systems.
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Tim GraysonD Senator | Committee Member | Not Contacted | |
 Megan DahleR Senator | Committee Member | Not Contacted | |
 Kelly SeyartoR Senator | Committee Member | Not Contacted | |
 Josh BeckerD Senator | Bill Author | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 7 | 0 | 0 | 7 | PASS |
- Requires businesses using high-risk AI systems to implement comprehensive data security programs to protect personal information.
- Mandates annual security reviews and immediate updates when business practices significantly change.
- Establishes strict access controls including encryption, monitoring, and unique authentication for AI system data.
- Violations are classified as deceptive trade practices subject to penalties under California's Unfair Competition Law.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Senator Becker's proposal to regulate high-risk artificial intelligence systems in California establishes new security requirements for businesses that process personal information through AI technologies. The legislation requires covered businesses to implement comprehensive information security programs with specific administrative, technical, and physical safeguards tailored to their operations.
Under the bill's provisions, businesses must develop written security protocols that include employee training, access controls, risk assessments, and incident response procedures. The required safeguards encompass encryption of transmitted data, secure authentication protocols, firewall protection, and regular system monitoring. Businesses must also designate staff to maintain these programs, supervise third-party vendors, and conduct annual security reviews.
The California Privacy Protection Agency would oversee implementation through new regulations, with violations classified as deceptive trade practices under the state's Unfair Competition Law. The measure builds upon existing consumer privacy frameworks while creating specific obligations for AI systems that handle personal data. The requirements would take effect by January 2026 for AI systems deployed since 2022, including substantial modifications to existing systems.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 7 | 0 | 0 | 7 | PASS |
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Tim GraysonD Senator | Committee Member | Not Contacted | |
Megan DahleR Senator | Committee Member | Not Contacted | |
Kelly SeyartoR Senator | Committee Member | Not Contacted | |
Josh BeckerD Senator | Bill Author | Not Contacted |