Artificial intelligence is one area where lawmakers seem to have a laser focus this session, with proposals ranging from the establishment of an AI research hub to those focused on the reduction of algorithmic bias.
- Senate Bill 893: California Artificial Intelligence Research Hub — This bill would establish a research hub between the Government Operations Agency (GovOps), the Governor’s Office of Business and Economic Development (GO-Biz) and the California Department of Technology (CDT) meant to “facilitate collaboration” and identify risks across government and the private sector with regards to artificial intelligence technologies. The bill was introduced by senators Steve Padilla, D-District 18, and Bill Dodd, D-District 3. It was most recently amended and re-referred to the Committee on Governmental Organization.
- Senate Bill 896: Artificial Intelligence Accountability Act — This bill would require GovOps, CDT and the Office of Data and Innovation (ODI) to report on the benefits and risks of AI technologies. It would also require the California Cybersecurity Integration Center and the State Threat Assessment Center to perform joint risk analysis of generative AI as often as the director of Emergency Services deems necessary. Additionally, the bill would mandate that state agencies clearly identify when they are using AI for external communications and that any decision-making system be evaluated for risk before adoption. The bill was sponsored by Sen. Bill Dodd, D-District 3. It is scheduled for a hearing April 9.
- Senate Bill 1047: Safe and Secure Innovation for Frontier Artificial Intelligence Systems Act — This bill would mandate that CDT “identify, assess and prioritize high-risk, critical information technology services and systems across state government” through the “Frontier Model Division.” It would also mandate that technology developers be able to “reasonably exclude the possibility that the covered model has a hazardous capability, as well as requiring a ‘full shutdown’ capability until a positive safety determination could be made.” Violation of these provisions would face civil action to be recovered by the attorney general. Annual developer compliance certifications would be conducted and publicly maintained by CDT for “antiderivative covered model[s].” The bill would also mandate that CDT commission consultants to create CalCompute, a “public cloud computing cluster” for “conducting research into the safe and secure deployment of large-scale artificial intelligence models.” This bill was introduced by Sen. Scott Wiener, D-District 11, and was amended and re-referred to the Committee on Judiciary on March 20.
- Assembly Bill 2930: Automated Decision Tools — This bill, introduced by Assemblymember Rebecca Bauer-Kahan, D-District 16, would place limitations on the use of automated decision-making tools. It would require technology developers to perform impact assessments before Jan. 1, 2026, and would mandate that a deployer or developer provide that assessment to the Civil Rights Department within seven days of a request. The bill would require deployers of automated decision-making technology to notify affected individuals before the technology’s use. It would prohibit algorithmic discrimination, with civil penalties of up to $25,000 per violation. The bill was most recently referred to the committees on Privacy and Consumer Protection and Judiciary on March 21.
Cybersecurity and privacy is another significant priority area this session. Several pieces of legislation are being aimed at better safeguarding state data stores and reducing the risk exposure brought on by new procurements.
- Assembly Bill 2777: California Cybersecurity Maturity Metric — This bill, from Assemblymember Lisa Calderon, D-District 56, would require CDT to “make changes to the California Cybersecurity Maturity Metric, including the Maturity Metric Score criteria, to accomplish specified goals, including to achieve a score for all state agencies every three years.” That score, the legislation notes, would be based on the two most recent security assessments “performed by, or at the direction of, the Office of Information Security.” The bill was most recently re-referred to the Committee on Privacy and Consumer Protection on March 20.
Some other bills worth noting have to do with the definition and protection of a new kind of personal information and equal access to Internet websites.
- Senate Bill 1223: Consumer Privacy: Sensitive Personal Information: Neural Data — This bill would amend the California Privacy Rights Act of 2020 to include neural data, or “information that is generated by the measurement of the activity of an individual’s central or peripheral nervous systems,” as sensitive personal information. The bill was introduced by Sen. Josh Becker, D-District 13, and was amended and re-referred to the Committee on Rules on March 18.
- Senate Bill 1486: Accessibility: Internet Websites — This bill from Sen. Brian Dahle, R-District 1, would allow for “statutory damages based upon the inaccessibility of an Internet website.” Plaintiffs would need to prove a “specific barrier” to their access or that they were deterred due to a “failure to provide equally effective communication or to facilitate full and equal enjoyment of the entity’s goods and services offered to the public.” The bill was amended and re-referred to the Committee on Rules on March 20.