The California legislature has concluded another AI-inspired legislative session, and Governor Gavin Newsom has signed (or vetoed) bills that will have new impacts on the AI ecosystem. By our analysis, California now leads U.S. states in rolling out the most comprehensive set of targeted AI regulations in the country – but now what? The dominant […]
On July 24, 2025, the California Privacy Protection Agency (CPPA) voted unanimously to finalize rules under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act. These new rules introduce significant obligations for businesses subject to the CCPA. They impose requirements on the use of automated decision-making technologies (ADMT) and mandate cybersecurity audits and risk assessments. The California Office of Administrative Law must review and approve these rules by around September 5, 2025. Once approved, they will become effective on a phased basis between 2027 and 2030.
