AI Sigil Logo
Contact Us
Back to all insights
A futuristic, transparent data orb with pulsating circuits, encased in a golden frame shaped like the state of California, with a digital clock counting down to January 2026.

Sections

California’s Evolving AI and Privacy Landscape in 2026

California AI and Privacy Legislation Update – January 2026

The new year is off to a quick start as February looms. Businesses are beginning to settle into 2026, and some trends (or at least outlines of such) are beginning to emerge. Businesses are digesting the AI and privacy bills that were signed into law last Fall.

California Invasion of Privacy Act (CIPA)

Litigation shows no sign of abating. The failure of SB 690 and another year of runway are driving litigation in this space. As of January 21, 2026, 40 data breaches impacting more than 500 California residents have been reported to the California Attorney General, compared to 23 for the same period in 2025. Privacy class action litigation usually follows soon after reporting, suggesting that 2026 will be another, if not more, active year in that space.

Investigations from regulators follow as well. The beginning of the year is a good time to review the Written Information Security Program (WISP) and confirm appropriate implementation of the systems and measures that flow from the WISP. This is also a good time to review and, if appropriate, update website privacy notices, ensure that website consent managers and opt-out mechanisms function as intended, and conduct privacy and cybersecurity training.

California Privacy Protection Agency

The California Privacy Protection Agency continues to focus on data brokers and, with the availability of the Delete Request and Opt-Out Platform (DROP), will likely step up enforcement in 2026. Implementation of DROP may not be entirely straightforward; therefore, a detailed project plan and punchlist are recommended.

Updated California Consumer Privacy Act (CCPA)

The updated California Consumer Privacy Act regulations became operative on January 1, 2026. These regulations now mandate, among other items, annual cybersecurity audits, data privacy risk assessments, and pre-use notices for automated decision-making technologies, generally with staggered start dates depending on the size of the business.

Legislative Developments

The California legislature reconvened on January 5, 2026. As we are in the second year of the 2025-2026 Biennium, legislators may introduce new bills and/or try to progress bills that had not made it to the Governor’s desk during the first year. For instance, a few bills stalled in the Assembly Privacy and Consumer Protection Committee after having been approved by the Senate:

  • SB 690: aimed to de-conflict CIPA and the CCPA and legislatively close the floodgates on CIPA litigation.
  • SB 420: would have required developers of high-risk automated decision systems to conduct impact assessments before making the system publicly available.

The current legislative session ends on August 31, 2026.

New Laws Effective January 1, 2026

Several AI and data privacy laws went into effect on January 1, 2026:

  • AB 316 (Artificial intelligence: defenses)
  • AB 566 (CCPA: opt-out preference signal)
  • AB 853 (California AI Transparency Act)
  • SB 53 (Artificial intelligence models: large developers)
  • SB 243 (Companion chatbots)
  • SB 361 (Data broker registration: data collection)
  • SB 446 (Amends Section 1798.82 of the Civil Code, relating to personal information and data breach notification)

AB 566 requires web browsers to include a clear, one-step setting allowing users to send an opt-out preference signal. Meanwhile, AB 853 imposes new transparency and disclosure obligations on General AI systems, amending the existing California AI Transparency Act. On a larger scale, SB 53 requires large AI developers to publish risk-management frameworks and report catastrophic safety incidents to the State.

SB 446 mandates data breach notification to impacted California residents within 30 calendar days of discovery or notification of the data breach, with customary exceptions. A breach notification report must be submitted to the California Attorney General within 15 calendar days of notifying the affected individuals.

Newly Introduced Bills

A number of new AI and privacy bills have been introduced:

  • SB 300, SB 867, and AB 1609: new chatbot bills.
  • AB 1064 (Leading Ethical AI Development for Kids Act) was vetoed by Governor Newsom last Fall.
  • A new ballot measure, Parents & Kids Safe AI Act, has been introduced, seeking signatures to put the measure on the ballot in November 2026.

It’s possible that the California legislature may introduce, and Governor Newsom may sign, new legislation on this topic, following the course of the CCPA, which was originally a proposed ballot measure.

AB 1542 (an act to amend Sections 1798.100 and 1798.121 of the Civil Code relating to privacy) would, under the CCPA, prohibit a business, service provider, or contractor from selling or sharing sensitive personal information to a third party. Current law allows the consumer to opt out of the selling or sharing of personal information and to limit the use and disclosure of sensitive personal information to certain uses as set out in the statute. AB 1542 may be heard in committee on February 5, 2026.

Stay tuned. 2026 promises to be another interesting year in California.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More