California Enacts New AI Safety and Transparency Laws While Vetoing ‘No Robo Bosses Act’h2>
In the absence of comprehensive federal legislation addressing b>artificial intelligence (AI)b> safety and permissible uses in the workplace, state legislatures and agencies are moving forward with regulations that impose significant transparency, reporting, and testing obligations on employers using AI. Recent activities in b>Californiab> have highlighted the state’s commitment to balancing public safety concerns with the desire to foster technological innovation.p>
New Regulations on Automated Decision-Making Technologiesh3>
On September 29, the b>California Privacy Protection Agency (CPPA)b> announced the approval of new regulations concerning the use of b>automated decision-making technologies (ADMT)b>. Starting January 1, 2027, businesses will be required to provide pre-use notice to Californians before collecting personal information that will be processed by ADMT.p>
This notice must include:p>
-
li>The specific purpose for using ADMT for significant decisions, including employment-related ones.li>
li>Consumer rights to opt out and information on how decisions will be made if they do so.li>
li>Access details about how ADMT operates.li>
ul>
Additionally, businesses will need to conduct risk assessments for any processing activities that pose a “significant risk” and report these results to the CPPA starting April 1, 2028. Notably, using ADMT for employment-related decisions is identified as a significant risk.p>
Transparency in Frontier Artificial Intelligence Act (SB 53)h3>
On the same day, Governor Gavin Newsom signed into law SB 53, the b>Transparency in Frontier Artificial Intelligence Actb>. This act establishes a regulatory framework for developers of b>frontier modelsb>, defined as models trained on computing power greater than 10^26 floating-point operations (FLOPs).p>
Key provisions of SB 53 include:p>
-
li>b>Safety Frameworks:b> Developers must create and publish a safety framework on their websites, addressing industry standards, risk assessment thresholds, and cybersecurity practices.li>
li>b>Transparency Reporting:b> Developers must publish public transparency reports detailing the model’s release date, intended use, and restrictions before making the model available to third parties.li>
li>b>Whistleblower Protections:b> The act protects employees reporting potential violations, encouraging a safer environment for discussing catastrophic risks.li>
ul>
Developers will also have to notify the b>California Office of Emergency Services (OES)b> of critical safety incidents within specified timeframes.p>
Veto of the ‘No Robo Bosses Act’ (SB 7)h3>
Not all AI-related legislation has passed. On October 13, Newsom vetoed SB 7, the b>No Robo Bosses Actb>, which aimed to regulate the use of b>automated decision systems (ADS)b> in employment. The bill sought to impose human oversight and notification requirements for the use of ADS in various employment decisions.p>
Newsom cited the bill’s ambiguity and its failure to differentiate between high-risk AI tools and routine administrative technologies as reasons for the veto. He suggested that existing CPPA regulations could adequately address many of the concerns raised by SB 7.p>
Implications for Employersh3>
Employers should take the following actions in light of these new regulations:p>
-
li>b>Review all ADS currently in use:b> Identify and assess the risks associated with existing AI tools, especially those used in hiring and disciplinary decisions.li>
li>b>Be aware of whistleblower protections:b> Establish clear reporting channels and train managers to handle reported concerns appropriately.li>
li>b>Monitor the evolving regulatory landscape:b> Stay informed about new regulations and consider consulting legal counsel regarding existing and potential future laws.li>
ul>
As California continues to lead in AI regulation, employers must remain vigilant and proactive in adapting to these new legal frameworks.p>
