California Transparency in Frontier AI Act Signed Into Law
Key Point: California enacts first-in-the-nation law focused on regulating frontier artificial intelligence models.
On September 29, 2025, California Governor Gavin Newsom signed SB 53 — the Transparency in Frontier Artificial Intelligence Act (TFAIA) — into law. The law mandates large artificial intelligence (AI) developers to publish safety frameworks, disclose specified transparency reports, and report critical safety incidents to the Office of Emergency Services (OES). This legislation also introduces enhanced whistleblower protections for employees reporting AI safety violations and establishes a consortium to design a framework for CalCompute, a public cloud platform aimed at expanding safe and equitable AI research.
Background
TFAIA succeeds last year’s SB 1047 (the Safe and Secure Innovation for Frontier AI Models Act), which was vetoed by Newsom due to concerns about its potential negative impact on California’s AI economy. The TFAIA was passed with substantial support in both legislative chambers and quickly signed into law by Newsom.
Scope of Law
The TFAIA applies to large frontier developers, defined as those who train or initiate the training of a foundation AI model using a computing power greater than 1026 operations and have an annual gross revenue exceeding $500 million. This definition likely limits applicability to large tech corporations while acknowledging the benefits of AI development to Californians and the economy. The law aims to regulate catastrophic risk, which refers to incidents that could lead to significant loss of life or property damage.
Transparency Obligations
AI Framework
The law establishes obligations for large frontier developers to adopt and disclose safety protocols to mitigate catastrophic risks. Developers must publish a detailed frontier AI framework on their website, including:
- Risk assessments for catastrophic scenarios
- Steps to mitigate those risks
- Internal governance structures
- Cybersecurity measures
- Incident response plans
Frameworks must be updated annually and made public within 30 days of any changes. False or misleading claims regarding risks or adherence to the framework are prohibited.
Transparency Report
Developers must release a transparency report whenever a new or substantially altered frontier model is deployed, detailing the model’s uses, limitations, and catastrophic risk assessments.
Reporting Obligations
TFAIA requires large frontier developers to submit summaries of their catastrophic risk assessments to the OES every three months and mandates reporting of critical safety incidents within specified timeframes.
Critical Safety Reporting
The OES will establish a system for reporting critical safety incidents, requiring disclosure within 15 days, and within 24 hours for incidents posing imminent risk.
Recommendations for Updates
Starting January 1, 2027, the Department of Technology will assess technological developments to update definitions of frontier model and large frontier developer. The California attorney general will also submit annual reports regarding whistleblower activities.
Enforcement
Violations of TFAIA can result in civil penalties up to $1 million per instance, particularly for failure to publish required documents or making false statements.
CalCompute
TFAIA establishes a consortium to create CalCompute, a public cloud computing cluster designed to foster safe and equitable AI development. A comprehensive report on this initiative is due by January 1, 2027.
Whistleblower Protections
The law prohibits retaliation against employees reporting safety risks and mandates annual notification of their rights as whistleblowers. Developers must also establish processes for internal reporting of risks.
