California didn't pass one AI law — it passed a stack. AB 2013, the SB 942 AI Transparency Act, the CPPA's automated-decision rules, and frontier-model SB 53 layer on top of each other. Each one assumes you can answer the same question first: where does AI run in your software?
California regulates AI through several instruments at once, and they reach different companies in different ways. We don't anchor to a single deadline — several of these phase in over time and have been amended. Confirm what applies and when with counsel.
The common thread is documentation: training data, automated decisions, AI-generated content and model behavior all have to be disclosed or assessed — and you can't disclose what you haven't located.
Every one of these obligations starts in the same place: knowing exactly which AI systems you run and what they touch. That's the read we produce.
Each of these laws presumes an inventory. AB 2013 presumes you know which of your systems are generative and what data trained them. The CPPA rules presume you know which automated decisions are “significant.” The employment rules presume you know where an automated system touches a hiring or promotion decision.
In practice that inventory rarely exists. The generative feature shipped by one team, the scoring model wired in by another, the vendor AI inside a dependency — these are the systems California's stack reaches, and the ones a self-reported list misses.
Every model, API and LLM call in your code — including the shadow AI nobody reported.
Which systems make consequential decisions, and what regulated data flows into each one.
A signed, source-traced map your counsel turns into the notices and assessments California AI Laws requires.
California regulates AI through several overlapping instruments: AB 2013 (generative AI training-data transparency), SB 942 (the California AI Transparency Act, covering AI-generated content), the CPPA's automated decisionmaking technology regulations under the CCPA, civil-rights rules reaching automated employment decisions, and SB 53 for the largest frontier model developers.
AB 2013 focuses on developers that make generative AI systems or services available to Californians, requiring public documentation of the data used to train them. Whether it reaches you depends on what you ship — which is exactly why you need to know which of your features are generative and what trained them before counsel can answer.
The California Privacy Protection Agency has adopted regulations governing automated decisionmaking technology (ADMT) under the CCPA, giving consumers rights around significant decisions made about them by automated systems. Compliance starts with identifying which automated decisions in your software are in scope.
We surface every AI system in your code, flag which are generative, trace what data trains and feeds them, and identify where automated decisions about people are made. That map is what your counsel uses to apply AB 2013, SB 942, the CPPA rules and the employment regulations to your actual footprint.
This page is general information, not legal advice. AI statutes and their effective dates are moving targets; confirm what applies to you with your own counsel. We produce the technical read — the source-traced map of the AI in your code — that your counsel maps to the obligations that actually bind you.
Two weeks. Fixed price. Read-only. We surface every AI system in your code — generative, automated-decision and otherwise — so your counsel can apply California's overlapping rules.
Get an AI Compliance AuditTwo weeks · Fixed price · Read-only · No engineering meetings