High-risk artificial intelligence systems: duty to protect personal information.
- Requires businesses using high-risk AI systems to implement comprehensive data security programs to protect personal information.
- Mandates annual security reviews and immediate updates when business practices significantly change.
- Establishes strict access controls including encryption, monitoring, and unique authentication for AI system data.
- Violations are classified as deceptive trade practices subject to penalties under California's Unfair Competition Law.
Senator Becker's proposal to regulate high-risk artificial intelligence systems in California establishes new security requirements for businesses that process personal information through AI technologies. The legislation requires covered businesses to implement comprehensive information security programs with specific administrative, technical, and physical safeguards tailored to their operations.
Under the bill's provisions, businesses must develop written security protocols that include employee training, access controls, risk assessments, and incident response procedures. The required safeguards encompass encryption of transmitted data, secure authentication protocols, firewall protection, and regular system monitoring. Businesses must also designate staff to maintain these programs, supervise third-party vendors, and conduct annual security reviews.
The California Privacy Protection Agency would oversee implementation through new regulations, with violations classified as deceptive trade practices under the state's Unfair Competition Law. The measure builds upon existing consumer privacy frameworks while creating specific obligations for AI systems that handle personal data. The requirements would take effect by January 2026 for AI systems deployed since 2022, including substantial modifications to existing systems.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Latest Voting History
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Roger NielloR Senator | Committee Member | Not Contacted | |
 Benjamin AllenD Senator | Committee Member | Not Contacted | |
 Eloise ReyesD Senator | Committee Member | Not Contacted | |
 Scott WienerD Senator | Committee Member | Not Contacted |
- Requires businesses using high-risk AI systems to implement comprehensive data security programs to protect personal information.
- Mandates annual security reviews and immediate updates when business practices significantly change.
- Establishes strict access controls including encryption, monitoring, and unique authentication for AI system data.
- Violations are classified as deceptive trade practices subject to penalties under California's Unfair Competition Law.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Senator Becker's proposal to regulate high-risk artificial intelligence systems in California establishes new security requirements for businesses that process personal information through AI technologies. The legislation requires covered businesses to implement comprehensive information security programs with specific administrative, technical, and physical safeguards tailored to their operations.
Under the bill's provisions, businesses must develop written security protocols that include employee training, access controls, risk assessments, and incident response procedures. The required safeguards encompass encryption of transmitted data, secure authentication protocols, firewall protection, and regular system monitoring. Businesses must also designate staff to maintain these programs, supervise third-party vendors, and conduct annual security reviews.
The California Privacy Protection Agency would oversee implementation through new regulations, with violations classified as deceptive trade practices under the state's Unfair Competition Law. The measure builds upon existing consumer privacy frameworks while creating specific obligations for AI systems that handle personal data. The requirements would take effect by January 2026 for AI systems deployed since 2022, including substantial modifications to existing systems.
Latest Voting History
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Roger NielloR Senator | Committee Member | Not Contacted | |
Benjamin AllenD Senator | Committee Member | Not Contacted | |
Eloise ReyesD Senator | Committee Member | Not Contacted | |
Scott WienerD Senator | Committee Member | Not Contacted |