Laws & Statutes CA CA-SB-53
SB-53
CA · State · USA
CA
USA
● Enacted
Effective Date
2026-01-01
California SB 53 — Transparency in Frontier Artificial Intelligence Act (Chapter 138)
Enacts the Transparency in Frontier Artificial Intelligence Act (TFAIA), imposing safety-governance and transparency obligations on developers of frontier AI models (foundation models trained with >10^26 FLOPs). Large frontier developers (>$500M annual revenue) must write, implement, and publicly publish a frontier AI framework addressing catastrophic risk assessment, mitigations, cybersecurity of model weights, incident response, and internal governance. All frontier developers must publish transparency reports at deployment and report critical safety incidents to the Office of Emergency Services within 15 days (24 hours for imminent risk). The law establishes whistleblower protections for covered employees at frontier developers, including anti-retaliation provisions and an anonymous internal disclosure process. Violations of the TFAIA are subject to civil penalties up to $1M per violation enforced by the Attorney General. The act preempts local regulation of frontier developers' management of catastrophic risk adopted on or after January 1, 2025.
Mapped Requirements
G-01 AI Governance Program & Documentation G-02 Public Transparency & Documentation R-02 Regulatory Disclosure & Submissions S-03 Frontier Model Safety Obligations R-01 Incident Reporting
Official Sources
Full Text
Entry Last Reviewed
2025-07-15
AI generated
Human reviewed
Summary

Enacts the Transparency in Frontier Artificial Intelligence Act (TFAIA), imposing safety-governance and transparency obligations on developers of frontier AI models (foundation models trained with >10^26 FLOPs). Large frontier developers (>$500M annual revenue) must write, implement, and publicly publish a frontier AI framework addressing catastrophic risk assessment, mitigations, cybersecurity of model weights, incident response, and internal governance. All frontier developers must publish transparency reports at deployment and report critical safety incidents to the Office of Emergency Services within 15 days (24 hours for imminent risk). The law establishes whistleblower protections for covered employees at frontier developers, including anti-retaliation provisions and an anonymous internal disclosure process. Violations of the TFAIA are subject to civil penalties up to $1M per violation enforced by the Attorney General. The act preempts local regulation of frontier developers' management of catastrophic risk adopted on or after January 1, 2025.

Enforcement & Penalties
Enforcement Authority
Attorney General enforces TFAIA civil penalties (Bus. & Prof. Code § 22757.15); only the AG may bring TFAIA civil penalty actions. Covered employees have a private right of action for whistleblower retaliation (Labor Code § 1107.1). Office of Emergency Services receives and reviews incident reports and catastrophic risk assessments.
Penalties
TFAIA: Large frontier developers face civil penalties of up to $1M per violation for failing to publish required documents, making false statements about catastrophic risk, failing to report incidents, or failing to comply with their own frontier AI framework. Whistleblower retaliation (Labor Code § 1107.1): private right of action with reasonable attorney's fees to prevailing plaintiff, injunctive relief (including temporary and preliminary), and burden-shifting framework. Loss of equity value excluded from damages under both chapters.
Who Is Covered
"Frontier developer" means a person who has trained, or initiated the training of, a frontier model, with respect to which the person has used, or intends to use, at least as much computing power to train the frontier model as would meet the technical specifications found in subdivision (i).
"Large frontier developer" means a frontier developer that together with its affiliates collectively had annual gross revenues in excess of five hundred million dollars ($500,000,000) in the preceding calendar year.
"Deploy" means to make a frontier model available to a third party for use, modification, copying, or combination with other software. "Deploy" does not include making a frontier model available to a third party for the primary purpose of developing or evaluating the frontier model.
What Is Covered
(1) "Frontier model" means a foundation model that was trained using a quantity of computing power greater than 10^26 integer or floating-point operations. (2) The quantity of computing power described in paragraph (1) shall include computing for the original training run and for any subsequent fine-tuning, reinforcement learning, or other material modifications the developer applies to a preceding foundation model.
"Foundation model" means an artificial intelligence model that is all of the following: (1) Trained on a broad data set. (2) Designed for generality of output. (3) Adaptable to a wide range of distinctive tasks.
Compliance Obligations 14 obligations · click obligation ID to open requirement page
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(a)
Plain Language
Large frontier developers must create, follow, and publicly publish a comprehensive frontier AI framework covering catastrophic risk assessment thresholds, mitigations, third-party evaluations, cybersecurity for model weights, incident response, internal governance, and management of internal-use risks. This is in effect a mandatory AI risk management program.
Statutory Text
A large frontier developer shall write, implement, comply with, and clearly and conspicuously publish on its internet website a frontier AI framework that applies to the large frontier developer's frontier models and describes how the large frontier developer approaches all of the following: (1) Incorporating national standards, international standards, and industry-consensus best practices into its frontier AI framework. (2) Defining and assessing thresholds used by the large frontier developer to identify and assess whether a frontier model has capabilities that could pose a catastrophic risk, which may include multiple-tiered thresholds. (3) Applying mitigations to address the potential for catastrophic risks based on the results of assessments undertaken pursuant to paragraph (2). (4) Reviewing assessments and adequacy of mitigations as part of the decision to deploy a frontier model or use it extensively internally. (5) Using third parties to assess the potential for catastrophic risks and the effectiveness of mitigations of catastrophic risks. (6) Revisiting and updating the frontier AI framework, including any criteria that trigger updates and how the large frontier developer determines when its frontier models are substantially modified enough to require disclosures pursuant to subdivision (c). (7) Cybersecurity practices to secure unreleased model weights from unauthorized modification or transfer by internal or external parties. (8) Identifying and responding to critical safety incidents. (9) Instituting internal governance practices to ensure implementation of these processes. (10) Assessing and managing catastrophic risk resulting from the internal use of its frontier models, including risks resulting from a frontier model circumventing oversight mechanisms.
G-01 AI Governance Program & Documentation · G-01.2 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(b)(1)
Plain Language
Large frontier developers must review their frontier AI framework at least annually.
Statutory Text
A large frontier developer shall review and, as appropriate, update its frontier AI framework at least once per year.
G-01 AI Governance Program & Documentation · G-01.2 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(b)(2)
Plain Language
When a large frontier developer makes a material modification to its frontier AI framework, it must publish the updated framework and a written justification for the change within 30 days of making that modification.
Statutory Text
If a large frontier developer makes a material modification to its frontier AI framework, the large frontier developer shall clearly and conspicuously publish the modified frontier AI framework and a justification for that modification within 30 days.
G-02 Public Transparency & Documentation · G-02.1 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(c)(1)
Plain Language
All frontier developers must publish a transparency report on their website at or before deployment of each new or substantially modified frontier model, disclosing key model characteristics including supported languages, output modalities, intended uses, and use restrictions. Section 22757.12(c)(3) explicitly notes that publishing this information as part of a system card or model card satisfies the requirement. Section 22757.12(c)(4) says developers are encouraged to make these disclosures consistent with industry best practices.
Statutory Text
Before, or concurrently with, deploying a new frontier model or a substantially modified version of an existing frontier model, a frontier developer shall clearly and conspicuously publish on its internet website a transparency report containing all of the following: (A) The internet website of the frontier developer. (B) A mechanism that enables a natural person to communicate with the frontier developer. (C) The release date of the frontier model. (D) The languages supported by the frontier model. (E) The modalities of output supported by the frontier model. (F) The intended uses of the frontier model. (G) Any generally applicable restrictions or conditions on uses of the frontier model.
G-02 Public Transparency & Documentation · G-02.3 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(c)(2)
Plain Language
Large frontier developers must include in each deployment transparency report summaries of their catastrophic risk assessments, assessment results, third-party evaluator involvement, and other steps taken under their frontier AI framework for that model.
Statutory Text
Before, or concurrently with, deploying a new frontier model or a substantially modified version of an existing frontier model, a large frontier developer shall include in the transparency report required by paragraph (1) summaries of all of the following: (A) Assessments of catastrophic risks from the frontier model conducted pursuant to the large frontier developer's frontier AI framework. (B) The results of those assessments. (C) The extent to which third-party evaluators were involved. (D) Other steps taken to fulfill the requirements of the frontier AI framework with respect to the frontier model.
R-02 Regulatory Disclosure & Submissions · R-02.1 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(d)
Plain Language
Large frontier developers must submit to the Office of Emergency Services quarterly summaries (or on another pre-agreed schedule) of catastrophic risk assessments from internal use of their frontier models.
Statutory Text
A large frontier developer shall transmit to the Office of Emergency Services a summary of any assessment of catastrophic risk resulting from internal use of its frontier models every three months or pursuant to another reasonable schedule specified by the large frontier developer and communicated in writing to the Office of Emergency Services with written updates, as appropriate.
S-03 Frontier Model Safety Obligations · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(e)(1)(A)
Plain Language
Frontier developers are prohibited from making materially false or misleading public statements about catastrophic risks posed by their frontier models or how they manage those risks.
Statutory Text
(1)(A) A frontier developer shall not make a materially false or misleading statement about catastrophic risk from its frontier models or its management of catastrophic risk... (2) This subdivision does not apply to a statement that was made in good faith and was reasonable under the circumstances.
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(e)(1)(B)
Plain Language
Large frontier developers must not misrepresent their implementation of or compliance with their own frontier AI framework.
Statutory Text
(B) A large frontier developer shall not make a materially false or misleading statement about its implementation of, or compliance with, its frontier AI framework... (2) This subdivision does not apply to a statement that was made in good faith and was reasonable under the circumstances.
G-02 Public Transparency & Documentation · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.12(f)
Plain Language
When a frontier developer redacts published compliance documents for trade secret, cybersecurity, public safety, or national security reasons, it must describe the nature and justification of each redaction and retain the unredacted information for five years.
Statutory Text
(1) When a frontier developer publishes documents to comply with this section, the frontier developer may make redactions to those documents that are necessary to protect the frontier developer’s trade secrets, the frontier developer’s cybersecurity, public safety, or the national security of the United States or to comply with any federal or state law. (2) If a frontier developer redacts information in a document pursuant to this subdivision, the frontier developer shall describe the character and justification of the redaction in any published version of the document to the extent permitted by the concerns that justify redaction and shall retain the unredacted information for five years.
R-01 Incident Reporting · R-01.1 · Developer · Foundation ModelFrontier AI System
Bus. & Prof. Code § 22757.13(c)(1)
Plain Language
Frontier developers must report critical safety incidents to the Office of Emergency Services within 15 days of discovery. If the incident poses an imminent risk of death or serious physical injury, the developer must additionally notify an appropriate authority — such as a law enforcement or public safety agency — within 24 hours. Developers may file amended reports as new information emerges after the initial filing. Reporting critical safety incidents involving non-frontier foundation models is encouraged but not required.
Statutory Text
(1) Subject to paragraph (2), a frontier developer shall report any critical safety incident pertaining to one or more of its frontier models to the Office of Emergency Services within 15 days of discovering the critical safety incident. (2) If a frontier developer discovers that a critical safety incident poses an imminent risk of death or serious physical injury, the frontier developer shall disclose that incident within 24 hours to an authority, including any law enforcement agency or public safety agency with jurisdiction, that is appropriate based on the nature of that incident and as required by law. (3) A frontier developer that discovers information about a critical safety incident after filing the initial report required by this subdivision may file an amended report. (4) A frontier developer is encouraged, but not required, to report critical safety incidents pertaining to foundation models that are not frontier models.
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Labor Code § 1107.1(a)
Plain Language
Frontier developers must not adopt rules, policies, or contracts that prevent covered employees from reporting catastrophic risk dangers or TFAIA violations to the Attorney General, federal authorities, or authorized internal personnel, and must not retaliate against employees who make such disclosures.
Statutory Text
A frontier developer shall not make, adopt, enforce, or enter into a rule, regulation, policy, or contract that prevents a covered employee from disclosing, or retaliates against a covered employee for disclosing, information to the Attorney General, a federal authority, a person with authority over the covered employee, or another covered employee who has authority to investigate, discover, or correct the reported issue, if the covered employee has reasonable cause to believe that the information discloses either of the following: (1) The frontier developer's activities pose a specific and substantial danger to the public health or safety resulting from a catastrophic risk. (2) The frontier developer has violated Chapter 25.1 (commencing with Section 22757.10) of Division 8 of the Business and Professions Code.
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Labor Code § 1107.1(b)
Plain Language
Frontier developers may not include provisions in contracts that prohibit or restrict employees from making whistleblower disclosures protected under California Labor Code Section 1102.5.
Statutory Text
A frontier developer shall not enter into a contract that prevents a covered employee from making a disclosure protected under Section 1102.5.
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Labor Code § 1107.1(d)
Plain Language
Frontier developers must provide clear notice to all covered employees of their whistleblower rights, either through continuous workplace posting (including periodic notice for remote workers) or annual written notice acknowledged by each employee.
Statutory Text
A frontier developer shall provide a clear notice to all covered employees of their rights and responsibilities under this section, including by doing either of the following: (1) At all times posting and displaying within any workplace maintained by the frontier developer a notice to all covered employees of their rights under this section, ensuring that any new covered employee receives equivalent notice, and ensuring that any covered employee who works remotely periodically receives an equivalent notice. (2) At least once each year, providing written notice to each covered employee of the covered employee's rights under this section and ensuring that the notice is received and acknowledged by all of those covered employees.
G-01 AI Governance Program & Documentation · Developer · Foundation ModelFrontier AI System
Labor Code § 1107.1(e)(1)
Plain Language
Large frontier developers must establish an anonymous internal reporting process for covered employees to disclose good-faith concerns about catastrophic safety risks or violations of California's frontier AI law. The developer must provide the reporting employee with monthly status updates on the investigation and any actions taken in response. Disclosures and responses must be shared with the company's officers and directors at least quarterly — except that if an employee has alleged wrongdoing by a specific officer or director, that individual must be excluded from receiving the relevant disclosures.
Statutory Text
A large frontier developer shall provide a reasonable internal process through which a covered employee may anonymously disclose information to the large frontier developer if the covered employee believes in good faith that the information indicates that the large frontier developer's activities present a specific and substantial danger to the public health or safety resulting from a catastrophic risk or that the large frontier developer violated Chapter 25.1 (commencing with Section 22757.10) of Division 8 of the Business and Professions Code, including a monthly update to the person who made the disclosure regarding the status of the large frontier developer's investigation of the disclosure and the actions taken by the large frontier developer in response to the disclosure. (2)(A) Except as provided in subparagraph (B), the disclosures and responses of the process required by this subdivision shall be shared with officers and directors of the large frontier developer at least once each quarter. (B) If a covered employee has alleged wrongdoing by an officer or director of the large frontier developer in a disclosure or response, subparagraph (A) shall not apply with respect to that officer or director.