| Last Version Text |
<?xml version="1.0" ?>
<ns0:MeasureDoc xmlns:html="http://www.w3.org/1999/xhtml" xmlns:ns0="http://lc.ca.gov/legalservices/schemas/caml.1#" xmlns:ns3="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0" xsi:schemaLocation="http://lc.ca.gov/legalservices/schemas/caml.1# xca.1.xsd">
<ns0:Description>
<ns0:Id>20250SB__005390CHP</ns0:Id>
<ns0:VersionNum>90</ns0:VersionNum>
<ns0:History>
<ns0:Action>
<ns0:ActionText>INTRODUCED</ns0:ActionText>
<ns0:ActionDate>2025-01-07</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_SENATE</ns0:ActionText>
<ns0:ActionDate>2025-02-27</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_SENATE</ns0:ActionText>
<ns0:ActionDate>2025-03-27</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_SENATE</ns0:ActionText>
<ns0:ActionDate>2025-05-23</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_ASSEMBLY</ns0:ActionText>
<ns0:ActionDate>2025-07-08</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_ASSEMBLY</ns0:ActionText>
<ns0:ActionDate>2025-07-17</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_ASSEMBLY</ns0:ActionText>
<ns0:ActionDate>2025-09-02</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>AMENDED_ASSEMBLY</ns0:ActionText>
<ns0:ActionDate>2025-09-05</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>PASSED_ASSEMBLY</ns0:ActionText>
<ns0:ActionDate>2025-09-12</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>PASSED_SENATE</ns0:ActionText>
<ns0:ActionDate>2025-09-13</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>ENROLLED</ns0:ActionText>
<ns0:ActionDate>2025-09-17</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>CHAPTERED</ns0:ActionText>
<ns0:ActionDate>2025-09-29</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>APPROVED</ns0:ActionText>
<ns0:ActionDate>2025-09-29</ns0:ActionDate>
</ns0:Action>
<ns0:Action>
<ns0:ActionText>FILED</ns0:ActionText>
<ns0:ActionDate>2025-09-29</ns0:ActionDate>
</ns0:Action>
</ns0:History>
<ns0:LegislativeInfo>
<ns0:SessionYear>2025</ns0:SessionYear>
<ns0:SessionNum>0</ns0:SessionNum>
<ns0:MeasureType>SB</ns0:MeasureType>
<ns0:MeasureNum>53</ns0:MeasureNum>
<ns0:MeasureState>CHP</ns0:MeasureState>
<ns0:ChapterYear>2025</ns0:ChapterYear>
<ns0:ChapterType>CHP</ns0:ChapterType>
<ns0:ChapterSessionNum>0</ns0:ChapterSessionNum>
<ns0:ChapterNum>138</ns0:ChapterNum>
</ns0:LegislativeInfo>
<ns0:AuthorText authorType="LEAD_AUTHOR">Introduced by Senator Wiener</ns0:AuthorText>
<ns0:AuthorText authorType="COAUTHOR_ORIGINATING">(Coauthor: Senator Rubio)</ns0:AuthorText>
<ns0:Authors>
<ns0:Legislator>
<ns0:Contribution>LEAD_AUTHOR</ns0:Contribution>
<ns0:House>SENATE</ns0:House>
<ns0:Name>Wiener</ns0:Name>
</ns0:Legislator>
<ns0:Legislator>
<ns0:Contribution>COAUTHOR</ns0:Contribution>
<ns0:House>SENATE</ns0:House>
<ns0:Name>Rubio</ns0:Name>
</ns0:Legislator>
</ns0:Authors>
<ns0:Title>An act to add Chapter 25.1 (commencing with Section 22757.10) to Division 8 of the Business and Professions Code, to add Section 11546.8 to the Government Code, and to add Chapter 5.1 (commencing with Section 1107) to Part 3 of Division 2 of the Labor Code, relating to artificial intelligence.</ns0:Title>
<ns0:RelatingClause>artificial intelligence</ns0:RelatingClause>
<ns0:GeneralSubject>
<ns0:Subject>Artificial intelligence models: large developers.</ns0:Subject>
</ns0:GeneralSubject>
<ns0:DigestText>
<html:p>
(1)
<html:span class="EnSpace"/>
Existing law generally regulates artificial intelligence, including by requiring, on or before January 1, 2026, and before each time thereafter, that a generative artificial intelligence system or service, or a substantial modification to a generative artificial intelligence system or service, released on or after January 1, 2022, is made publicly available to Californians for use, the developer of the system or service to post on the developer’s internet website documentation regarding the data used by the developer to train the generative artificial intelligence system or service, as prescribed.
</html:p>
<html:p>This bill would enact the Transparency in Frontier Artificial Intelligence Act (TFAIA) that would, among other things related to ensuring the safety of a foundation
model, as defined, developed by a
frontier developer, require a large frontier
developer to write, implement, and clearly and conspicuously publish on its internet website a frontier AI framework that applies to the large frontier developer’s frontier models and describes how the large frontier developer approaches, among other things, incorporating national standards, international standards, and industry-consensus best practices into its frontier AI framework. The TFAIA would also require a large frontier developer to transmit to the Office of Emergency Services a summary of any assessment of catastrophic risk, as defined, resulting from internal use of its frontier models, as specified. The TFAIA would require the Office of Emergency Services to establish a mechanism to be used by a frontier developer or a member of
the public to report, as prescribed, a critical safety incident, as
defined, and would also require the Office of Emergency Services to establish a mechanism to be used by a large frontier developer to confidentially submit summaries of any assessments of the potential for catastrophic risk resulting from internal use of its frontier models, as prescribed.</html:p>
<html:p>The TFAIA would exempt from the California Public Records Act a report of a critical safety incident submitted to the Office of Emergency Services, a report of assessments of catastrophic risk from internet use, and a covered employee report made
pursuant to the whistleblower protections described below.</html:p>
<html:p> The TFAIA would impose a civil penalty for noncompliance with the TFAIA to be enforced by the Attorney General, as prescribed.</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Existing law establishes the Department of Technology within the Government Operations Agency. Existing law requires the department to conduct, in coordination with other interagency bodies as it deems appropriate, a comprehensive inventory of all high-risk automated decision systems that have been proposed for use, development, or procurement by, or are being used, developed, or procured by, any state agency.
</html:p>
<html:p>This bill would establish within the Government Operations Agency a
consortium required to develop a framework for the creation of a public cloud computing cluster to be known as “CalCompute” that advances the development and deployment of artificial intelligence that is safe, ethical, equitable, and sustainable by, among other things, fostering research and innovation that benefits the public, as prescribed. The bill would require the Government Operations Agency to, on or before January 1, 2027, submit a report from the consortium to the Legislature with that framework and would dissolve the consortium upon submission of that report. The bill would make those provisions operative only upon an appropriation in a budget act, or other measure, for its purposes.</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Existing law prohibits employers and their agents from making, adopting, or enforcing a rule, regulation, or policy preventing an employee from disclosing information to certain entities or from providing information to, or testifying before, any
public body conducting an investigation, hearing, or inquiry if the employee has reasonable cause to believe that the information discloses a violation of a law, as specified, and prohibits retaliation against an employee for, among other things, exercising these rights.
</html:p>
<html:p>This bill would, among other things related to protecting whistleblowers working with foundation models, prohibit a frontier developer from making, adopting, enforcing, or entering into a rule, regulation, policy, or contract that prevents a covered employee, as defined,
from disclosing, or retaliates against a covered employee for disclosing, information to the Attorney General, a federal authority, a person with authority over the covered employee, or another covered employee who has authority to investigate, discover, or correct the reported issue, if the covered employee has reasonable cause to believe that the information discloses that the
frontier developer’s activities pose a specific and substantial danger to the public health or safety resulting from a catastrophic risk or that the frontier developer has violated the TFAIA.</html:p>
<html:p> This bill would require a large frontier developer to provide a certain internal process through which a covered employee may anonymously
disclose information to the large frontier developer if the covered employee believes in good faith that the information indicates that the large frontier developer’s activities present a specific and substantial danger to the public health or safety resulting from a catastrophic risk or that the large
frontier
developer violated the TFAIA. The bill would specify provisions particular to the enforcement of those whistleblower protections and would authorize attorney’s fees to a plaintiff who brings a successful action for a violation.</html:p>
<html:p>This bill would preempt any rule, regulation, code, ordinance, or other law adopted by a city, county, city and county, municipality, or local agency on or after January 1, 2025, specifically related to the regulation of frontier developers with respect to their management of catastrophic risk.</html:p>
<html:p>Existing
constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.</html:p>
<html:p>This bill would make legislative findings to that effect.</html:p>
</ns0:DigestText>
<ns0:DigestKey>
<ns0:VoteRequired>MAJORITY</ns0:VoteRequired>
<ns0:Appropriation>NO</ns0:Appropriation>
<ns0:FiscalCommittee>YES</ns0:FiscalCommittee>
<ns0:LocalProgram>NO</ns0:LocalProgram>
</ns0:DigestKey>
<ns0:MeasureIndicators>
<ns0:ImmediateEffect>NO</ns0:ImmediateEffect>
<ns0:ImmediateEffectFlags>
<ns0:Urgency>NO</ns0:Urgency>
<ns0:TaxLevy>NO</ns0:TaxLevy>
<ns0:Election>NO</ns0:Election>
<ns0:UsualCurrentExpenses>NO</ns0:UsualCurrentExpenses>
<ns0:BudgetBill>NO</ns0:BudgetBill>
<ns0:Prop25TrailerBill>NO</ns0:Prop25TrailerBill>
</ns0:ImmediateEffectFlags>
</ns0:MeasureIndicators>
</ns0:Description>
<ns0:Bill id="bill">
<ns0:Preamble>The people of the State of California do enact as follows:</ns0:Preamble>
<ns0:BillSection id="id_B59A99A3-C987-437E-94F9-114A4D15BD5B">
<ns0:Num>SECTION 1.</ns0:Num>
<ns0:Content>
<html:p>The Legislature finds and declares all of the following:</html:p>
<html:p>
(a)
<html:span class="EnSpace"/>
California is leading the world in artificial intelligence innovation and research through companies large and small and through the state’s remarkable public and private universities.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
Artificial intelligence, including new advances in foundation models, has the potential to catalyze innovation and the rapid
development of a wide range of benefits for Californians and the California economy, including advances in medicine, wildfire forecasting and prevention, and climate science, and to push the bounds of human creativity and capacity.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
The Joint California Policy Working Group on AI Frontier Models has recommended sound principles for policy in artificial intelligence.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
Targeted interventions to support effective artificial intelligence governance should balance the technology’s benefits and the potential for material risks.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
In building a robust and transparent evidence environment, policymakers can align incentives to simultaneously protect consumers, leverage industry expertise, and recognize leading safety practices.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
As industry actors conduct internal research on their technologies’ impacts,
public trust in these technologies would significantly benefit from access to information regarding, and increased awareness of, frontier AI capabilities.
</html:p>
<html:p>
(g)
<html:span class="EnSpace"/>
Greater
transparency can also advance accountability, competition, and public trust.
</html:p>
<html:p>
(h)
<html:span class="EnSpace"/>
Whistleblower protections and public-facing information sharing are key instruments to increase transparency.
</html:p>
<html:p>
(i)
<html:span class="EnSpace"/>
Incident reporting systems enable monitoring of the post-deployment impacts of artificial intelligence.
</html:p>
<html:p>
(j)
<html:span class="EnSpace"/>
Unless they are developed with careful diligence and reasonable precaution,
there is concern that advanced artificial intelligence systems could have capabilities that pose catastrophic risks from both malicious uses and malfunctions, including artificial intelligence-enabled hacking, biological attacks, and loss of control.
</html:p>
<html:p>
(k)
<html:span class="EnSpace"/>
With the frontier of artificial intelligence rapidly evolving, there is a need for legislation to track the frontier of artificial intelligence research and alert policymakers and the public to
serious risks and harms from the very most advanced artificial intelligence systems, while avoiding burdening smaller companies behind the frontier.
</html:p>
<html:p>
(l)
<html:span class="EnSpace"/>
While the major artificial intelligence developers have already voluntarily established the creation, use, and publication of frontier AI frameworks as an industry best practice, not all developers are providing reporting that is consistent and sufficient to ensure necessary transparency and protection of the public. Mandatory, standardized, and objective reporting by frontier developers is required to provide the government and the public with timely and accurate information.
</html:p>
<html:p>
(m)
<html:span class="EnSpace"/>
Timely reporting of critical safety incidents to the government is essential to ensure that public authorities
are promptly informed of ongoing and emerging risks to public safety. This reporting enables the government to monitor, assess, and respond effectively in the event that advanced capabilities emerge in frontier artificial intelligence models that may pose a threat to the public.
</html:p>
<html:p>
(n)
<html:span class="EnSpace"/>
In the future, foundation models developed by smaller companies or that are behind the frontier may pose significant catastrophic risk, and additional legislation may be needed at that time.
</html:p>
<html:p>
(o)
<html:span class="EnSpace"/>
The recent release of the Governor’s California Report on Frontier AI Policy and testimony from legislative hearings on artificial intelligence before the Legislature reflect the advances in AI model capabilities that could pose potential catastrophic risk in frontier artificial intelligence, which this act aims to address.
</html:p>
<html:p>
(p)
<html:span class="EnSpace"/>
It is the intent of the Legislature to create more transparency, but collective safety will depend in part on
frontier developers taking due care in their development and deployment of frontier models proportional to the scale of the foreseeable risks.
</html:p>
</ns0:Content>
</ns0:BillSection>
<ns0:BillSection id="id_532DC5A3-DEFB-4AC3-BD86-04E399C7DA98">
<ns0:Num>SEC. 2.</ns0:Num>
<ns0:ActionLine action="IS_ADDED" ns3:href="urn:caml:codes:BPC:caml#xpointer(%2Fcaml%3ALawDoc%2Fcaml%3ACode%2Fcaml%3ALawHeading%5B%40type%3D'DIVISION'%20and%20caml%3ANum%3D'8.'%5D%2Fcaml%3ALawHeading%5B%40type%3D'CHAPTER'%20and%20caml%3ANum%3D'25.1.'%5D)" ns3:label="fractionType: LAW_SPREAD||commencingWith: 22757.10" ns3:type="locator">
Chapter 25.1 (commencing with Section 22757.10) is added to Division 8 of the
<ns0:DocName>Business and Professions Code</ns0:DocName>
, to read:
</ns0:ActionLine>
<ns0:Fragment>
<ns0:LawHeading id="id_FEE8C067-55B6-4077-8830-DB78C2C40DCF" type="CHAPTER">
<ns0:Num>25.1.</ns0:Num>
<ns0:LawHeadingVersion id="id_22714447-3F03-42F2-9031-CF0DD367A9A5">
<ns0:LawHeadingText>Transparency in Frontier Artificial Intelligence Act</ns0:LawHeadingText>
</ns0:LawHeadingVersion>
<ns0:LawSection id="id_F93489BA-D69D-458D-8D2D-239947F92AFF">
<ns0:Num>22757.10.</ns0:Num>
<ns0:LawSectionVersion id="id_11CD1E10-DEA3-43FB-B171-8E56B724DFDD">
<ns0:Content>
<html:p>This chapter shall be known as the Transparency in Frontier Artificial Intelligence Act.</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_A2B0D26E-131B-4CA0-A1CD-3E37F0D3BA89">
<ns0:Num>22757.11.</ns0:Num>
<ns0:LawSectionVersion id="id_F81477C5-3C0D-463A-9703-2551445E1BF9">
<ns0:Content>
<html:p>For purposes of this chapter:</html:p>
<html:p>
(a)
<html:span class="EnSpace"/>
“Affiliate” means a person controlling, controlled by, or under common control with a specified person, directly or indirectly, through one or more intermediaries.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
“Artificial intelligence model” means an engineered or machine-based system that varies in its level
of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
“Catastrophic risk” means a foreseeable and material risk that a
frontier developer’s development, storage, use, or deployment of a frontier model will materially contribute to the death of, or serious injury to, more than 50 people or more than one billion dollars ($1,000,000,000) in damage to, or loss of, property arising from a single incident involving a frontier model
doing any of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
Providing expert-level assistance in the creation or release of a chemical, biological, radiological, or nuclear weapon.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
Engaging in conduct with no meaningful human oversight, intervention, or supervision that is either a cyberattack or, if the conduct had been committed by a human, would constitute the crime of murder, assault, extortion, or theft, including theft by false pretense.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
Evading the control of its frontier developer or user.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
“Catastrophic risk” does not include a foreseeable and material risk from any of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
Information that a frontier model outputs if the information is otherwise publicly accessible in a substantially similar form from a source other than a foundation model.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
Lawful activity of the federal government.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
Harm caused by a frontier model in combination with other software if the frontier model did not materially contribute to the harm.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
“Critical safety incident” means any of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Unauthorized access to, modification of, or exfiltration of, the model weights of a frontier model that results in death or bodily injury.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Harm resulting from the materialization of a catastrophic risk.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Loss of control of a frontier model causing
death or bodily injury.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
A frontier model that uses deceptive techniques against the frontier developer to subvert the controls or monitoring of its frontier developer outside of the context of an evaluation designed to elicit this
behavior and in a manner that demonstrates materially increased catastrophic risk.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
“Deploy” means to make a frontier model available to a third party for use, modification, copying, or combination with
other software.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
“Deploy” does not include making a frontier model available to a third party for the primary purpose of developing or evaluating the frontier model.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
“Foundation model” means an artificial intelligence model that is all of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Trained on a broad data set.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Designed for generality of output.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Adaptable to a wide range of distinctive tasks.
</html:p>
<html:p>
(g)
<html:span class="EnSpace"/>
“Frontier AI framework” means documented technical and organizational protocols to manage, assess, and mitigate catastrophic risks.
</html:p>
<html:p>
(h)
<html:span class="EnSpace"/>
“Frontier developer” means a person who has trained, or initiated the training of, a frontier model, with respect to which the person has used, or intends to use, at least as much computing power to train the frontier model as would meet the technical specifications found in subdivision (i).
</html:p>
<html:p>
(i)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
“Frontier model” means a foundation model that was trained using a quantity of computing power greater than 10^26 integer or floating-point operations.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The quantity of computing power described in paragraph (1) shall include computing for the original training run and for any subsequent fine-tuning, reinforcement learning, or other material modifications the developer applies to a preceding foundation model.
</html:p>
<html:p>
(j)
<html:span class="EnSpace"/>
“Large
frontier developer” means a frontier developer that together with its affiliates collectively had annual gross revenues in excess of five hundred million dollars ($500,000,000) in the preceding calendar year.
</html:p>
<html:p>
(k)
<html:span class="EnSpace"/>
“Model weight” means a numerical parameter in a frontier model that is adjusted through training and that helps determine how inputs are transformed into outputs.
</html:p>
<html:p>
(l)
<html:span class="EnSpace"/>
“Property” means tangible or intangible property.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_A212BE0D-47AA-4F56-8EAE-2D59C968EEA4">
<ns0:Num>22757.12.</ns0:Num>
<ns0:LawSectionVersion id="id_37DB8AA1-461E-4161-8D95-4D10F4F88E4A">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
A large frontier developer shall write, implement, comply with, and clearly and conspicuously publish on its internet website a frontier AI framework that applies to the large frontier developer’s frontier models and describes how the large frontier developer approaches
all of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Incorporating national standards, international standards, and industry-consensus best practices into its frontier AI framework.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Defining and assessing thresholds used by the large frontier developer to identify and assess whether a frontier model has capabilities that could pose a catastrophic risk, which may include multiple-tiered thresholds.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Applying mitigations to address the potential for catastrophic risks based on the results of assessments undertaken pursuant to paragraph (2).
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
Reviewing assessments and adequacy of mitigations as part of the decision to deploy a frontier model or use it extensively internally.
</html:p>
<html:p>
(5)
<html:span class="EnSpace"/>
Using third parties to assess the potential for catastrophic risks and the effectiveness of mitigations of catastrophic risks.
</html:p>
<html:p>
(6)
<html:span class="EnSpace"/>
Revisiting and updating the frontier AI framework,
including any criteria that trigger updates and how the large frontier developer determines when its frontier models are substantially modified enough to require disclosures pursuant to subdivision (c).
</html:p>
<html:p>
(7)
<html:span class="EnSpace"/>
Cybersecurity practices to secure unreleased model weights from unauthorized modification or transfer by internal or external parties.
</html:p>
<html:p>
(8)
<html:span class="EnSpace"/>
Identifying and responding to critical safety incidents.
</html:p>
<html:p>
(9)
<html:span class="EnSpace"/>
Instituting internal governance practices to ensure implementation of these processes.
</html:p>
<html:p>
(10)
<html:span class="EnSpace"/>
Assessing and managing catastrophic risk resulting from the internal use of its frontier models, including risks resulting from a frontier model circumventing oversight mechanisms.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
A large frontier developer shall review and, as appropriate, update its frontier AI framework at least once per year.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
If a large frontier developer makes a material modification to its
frontier AI framework, the large frontier developer shall clearly and conspicuously publish the modified frontier AI framework and a justification for that modification within 30 days.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
Before, or concurrently with, deploying a new
frontier model or a substantially modified version of an existing frontier model, a frontier developer shall clearly and conspicuously publish on its internet website a transparency report containing all of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
The internet website of the frontier developer.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
A mechanism that enables a natural person to communicate with the frontier developer.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
The release date of the frontier model.
</html:p>
<html:p>
(D)
<html:span class="EnSpace"/>
The languages supported by the frontier model.
</html:p>
<html:p>
(E)
<html:span class="EnSpace"/>
The modalities of output supported by the frontier model.
</html:p>
<html:p>
(F)
<html:span class="EnSpace"/>
The intended uses of the frontier model.
</html:p>
<html:p>
(G)
<html:span class="EnSpace"/>
Any generally applicable restrictions or conditions on uses of the frontier model.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Before, or concurrently with, deploying a new frontier model or a
substantially modified version of an existing frontier model, a large frontier developer shall include in the transparency report required by paragraph (1) summaries of all of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
Assessments of catastrophic risks from the frontier model conducted pursuant to the large frontier developer’s frontier AI framework.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
The results of those assessments.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
The extent to which third-party evaluators were involved.
</html:p>
<html:p>
(D)
<html:span class="EnSpace"/>
Other steps taken to fulfill the requirements of the frontier AI framework with respect to the frontier model.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
A frontier developer that publishes the information described in paragraph (1) or (2) as part of a larger document, including a system card or model
card, shall be deemed in compliance with the applicable paragraph.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
A frontier developer is encouraged, but not required, to make disclosures described in this subdivision that are consistent with, or superior to, industry best practices.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
A large
frontier developer shall transmit to the Office of Emergency Services a summary of any assessment of catastrophic risk resulting from internal use of its frontier models
every three months or pursuant to another reasonable schedule specified by the large frontier developer and communicated in writing to the Office of Emergency Services with written updates, as appropriate.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
(A)
<html:span class="EnSpace"/>
A frontier
developer shall not make a materially false or misleading statement about catastrophic risk from its frontier models or its management of catastrophic risk.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
A large frontier developer shall not make a materially false or misleading statement about its implementation of, or compliance with, its frontier AI framework.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
This subdivision does not apply to a statement that was made
in good faith and was reasonable under the circumstances.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
When a frontier developer publishes documents to comply with this section, the frontier developer may make redactions to those documents that are necessary to protect the frontier developer’s trade secrets, the
frontier developer’s cybersecurity, public safety, or the national security of the United States or to comply with any federal or state law.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
If a frontier developer redacts information in a document pursuant to this subdivision, the frontier developer shall describe the character and justification of the redaction in any published version of the document to the extent permitted by the concerns that justify redaction and shall retain the unredacted
information for five years.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_C1C3B07A-1119-43C0-A1E9-BCA9A96DCEC9">
<ns0:Num>22757.13.</ns0:Num>
<ns0:LawSectionVersion id="id_FD63FDD9-C6DD-486D-B144-195A6933353E">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
The Office of Emergency Services shall establish a mechanism to be used by a frontier developer or a member of the public to report a critical safety incident that includes all of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
The date of the critical safety incident.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The reasons the incident qualifies as a critical safety incident.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
A short and plain statement describing the critical safety incident.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
Whether the incident was associated with internal use of a frontier model.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
The Office of Emergency Services shall establish a mechanism to be used by a large frontier developer to confidentially submit summaries of any assessments of the potential for catastrophic risk resulting from internal use of its frontier models.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The Office of Emergency Services shall
take all necessary precautions to limit access to any reports related to internal use of frontier models to only personnel with a specific need to know the information and to protect the reports from unauthorized access.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
Subject to paragraph (2), a
frontier developer shall report any critical safety incident pertaining to one or more of its frontier models to the Office of Emergency Services within 15 days of discovering the critical safety incident.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
If a frontier developer discovers that a critical
safety incident poses an imminent risk of death or serious physical injury, the frontier
developer shall disclose that incident within 24 hours to an authority, including any law enforcement agency or public safety agency with jurisdiction, that is appropriate based on the nature of that incident and as required by law.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
A frontier developer that discovers information about a critical safety incident after filing the initial report required by this subdivision may file an amended report.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
A frontier developer is encouraged, but not required, to report critical safety incidents pertaining to foundation models that are not frontier models.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
The
Office of Emergency Services shall review critical safety incident reports submitted by frontier developers and may review reports submitted by members of the public.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
The Attorney General
or the Office of Emergency Services
may transmit reports of critical safety incidents and reports from covered employees made pursuant to Chapter 5.1 (commencing with Section 1107) of Part 3 of Division 2 of the Labor Code to the Legislature, the Governor, the federal government, or appropriate state agencies.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The Attorney General or the Office of Emergency Services shall strongly consider any risks related to trade secrets, public safety, cybersecurity of a frontier developer, or national security when transmitting reports.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
A report of a critical safety incident submitted to the
Office of Emergency Services pursuant to this section, a report of assessments of catastrophic risk from internal use pursuant to Section 22757.12, and a covered employee report made pursuant to Chapter 5.1 (commencing with Section 1107) of Part 3 of Division 2 of the Labor
Code are exempt from the California Public Records Act (Division 10 (commencing with Section 7920.000) of Title 1 of the Government Code).
</html:p>
<html:p>
(g)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
Beginning January 1, 2027, and annually thereafter, the Office of Emergency Services shall produce a report with anonymized and aggregated information about critical safety incidents that have been reviewed by the Office of Emergency Services since the preceding report.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The Office of Emergency Services shall not include information in a report pursuant to this subdivision that would compromise the trade secrets or cybersecurity of a frontier developer, public safety, or
the national security of the United States or that would be prohibited by any federal or state law.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
The Office of Emergency Services shall transmit a report pursuant to this subdivision to the Legislature, pursuant to Section 9795, and to the Governor.
</html:p>
<html:p>
(h)
<html:span class="EnSpace"/>
The Office of Emergency Services may adopt regulations designating one or more federal laws, regulations, or guidance documents that meet all of the following conditions for the purposes of subdivision (i):
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
(A)
<html:span class="EnSpace"/>
The
law, regulation, or guidance document imposes or states standards or requirements for critical safety incident reporting that are substantially equivalent to, or stricter than, those required by this section.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
The law, regulation, or guidance document described in subparagraph (A) does not need to require critical safety incident reporting to the State of California.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The law, regulation, or guidance document is intended to assess, detect, or mitigate the catastrophic risk.
</html:p>
<html:p>
(i)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
A frontier developer that intends to comply with this section by complying with the requirements of, or meeting the standards stated by, a federal law, regulation, or guidance document designated pursuant to subdivision (h) shall declare its intent to do so to the Office of Emergency Services.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
After a frontier developer has declared its intent pursuant to paragraph (1), both of the following apply:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
The frontier developer shall be deemed in compliance with this section to the extent that the frontier developer meets the standards of, or complies with the requirements imposed or stated by, the designated federal law, regulation, or guidance document until the frontier developer declares the revocation of that intent to the Office of Emergency Services or the Office of Emergency Services revokes a relevant regulation pursuant to subdivision (j).
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
The failure by a frontier developer to meet the standards of, or comply with the requirements stated by, the federal law, regulation, or guidance document designated pursuant to subdivision (h) shall constitute a violation of this chapter.
</html:p>
<html:p>
(j)
<html:span class="EnSpace"/>
The Office of Emergency Services shall revoke a regulation adopted under subdivision (h) if the requirements of subdivision (h) are no longer met.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_FF2EB1D4-7887-442D-9100-81D4BFB1610E">
<ns0:Num>22757.14.</ns0:Num>
<ns0:LawSectionVersion id="id_75B9F0A1-DFE9-494B-8EC0-690C1E781389">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
On or before January 1, 2027, and annually thereafter, the Department of Technology shall assess recent evidence and developments relevant to the purposes of this chapter and shall make recommendations about whether and how to update
any of the following definitions
for the purposes of this chapter to ensure that they accurately reflect
technological developments, scientific literature, and widely accepted national and international standards:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
“Frontier model” so that it applies to foundation models at the frontier of artificial intelligence development.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
“Frontier developer” so that it applies to developers of frontier models who are themselves at the frontier of artificial intelligence development.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
“Large frontier developer” so that it applies to well-resourced frontier developers.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
In making recommendations pursuant to this section, the Department of Technology shall take into account all of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Similar thresholds used in international standards or federal
law, guidance, or regulations for the management of catastrophic risk and shall align with a definition adopted in a federal law or regulation to the extent that it is consistent with the purposes of this chapter.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Input from stakeholders, including academics, industry, the open-source community, and governmental entities.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
The extent to which a person will be able to determine, before beginning to train or deploy a foundation model, whether that person will be subject to the
definition as a
frontier developer or as a
large frontier developer with an aim toward allowing earlier determinations if possible.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
The complexity of determining whether a person or foundation model is covered, with an aim toward allowing simpler determinations if possible.
</html:p>
<html:p>
(5)
<html:span class="EnSpace"/>
The external verifiability of determining whether a person or foundation model is covered, with an aim toward definitions that are verifiable by parties other than the
frontier developer.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
Upon developing recommendations pursuant to this section, the Department of Technology shall submit a report to the Legislature, pursuant to Section 9795 of the Government Code, with those recommendations.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
Beginning January 1, 2027, and annually thereafter, the Attorney General shall produce a report with anonymized and aggregated information about reports from covered employees made pursuant to Chapter 5.1 (commencing with Section 1107) of Part 3 of Division 2 of the Labor Code that have been reviewed by the Attorney General since the preceding report.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The Attorney General shall not include information in a report pursuant to this subdivision that would compromise the trade secrets or cybersecurity of a frontier developer, confidentiality of a covered employee, public safety, or the national security of the United States or that
would be prohibited by any federal or state law.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
The Attorney General shall transmit a report pursuant to this subdivision to the Legislature, pursuant to Section 9795 of the Government Code, and to the Governor.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_C24F007E-888D-4272-B6D5-EF5CF1FDBE39">
<ns0:Num>22757.15.</ns0:Num>
<ns0:LawSectionVersion id="id_20610634-91F5-402F-9A25-CFAC7707D972">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
A large frontier developer that fails to publish or transmit a compliant document required to be published or transmitted under this chapter, makes a statement in violation of subdivision (e) of Section 22757.12, fails to report an incident as required by Section 22757.13, or fails to comply with its own frontier AI framework shall be subject to a civil penalty
in an amount dependent upon the severity of the violation that does not exceed one million dollars ($1,000,000) per violation.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
A civil penalty described in this section shall be recovered in a civil action brought only by the Attorney General.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_4728C0D5-02BD-4159-A2C0-49BE36D9CB6F">
<ns0:Num>22757.16.</ns0:Num>
<ns0:LawSectionVersion id="id_0F0C881E-5512-41AF-BB20-45ACE44D5BE9">
<ns0:Content>
<html:p>The loss of value of equity does not count as damage to or loss of property for the purposes of this chapter.</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
</ns0:LawHeading>
</ns0:Fragment>
</ns0:BillSection>
<ns0:BillSection id="id_EB490EA6-9443-469A-B6EC-3AD9C2A56A14">
<ns0:Num>SEC. 3.</ns0:Num>
<ns0:ActionLine action="IS_ADDED" ns3:href="urn:caml:codes:GOV:caml#xpointer(%2Fcaml%3ALawDoc%2Fcaml%3ACode%2F%2Fcaml%3ALawSection%5Bcaml%3ANum%3D'11546.8'%5D)" ns3:label="fractionType: LAW_SECTION" ns3:type="locator">
Section 11546.8 is added to the
<ns0:DocName>Government Code</ns0:DocName>
, to read:
</ns0:ActionLine>
<ns0:Fragment>
<ns0:LawSection id="id_4E75985D-B8D4-47FA-AF04-0DBCE37658EA">
<ns0:Num>11546.8.</ns0:Num>
<ns0:LawSectionVersion id="id_A8337B08-D628-4C88-91EE-DC35895CD393">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
There is hereby established within the Government Operations Agency a consortium that shall develop, pursuant to this section, a framework for the creation of a public cloud computing cluster to be known as “CalCompute.”
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
The consortium shall develop a framework for the creation of CalCompute that advances the development and deployment of artificial intelligence that is safe, ethical, equitable, and sustainable by doing, at a minimum, both of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Fostering research and innovation that benefits the public.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Enabling
equitable innovation by expanding access to computational resources.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
The consortium shall make reasonable efforts to ensure that CalCompute is established within the University of California to the extent possible.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
CalCompute shall include, but not be limited to, all of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
A fully owned and hosted cloud platform.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Necessary human expertise to operate and maintain the platform.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Necessary human expertise to support, train, and facilitate the use of CalCompute.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
The consortium shall operate in
accordance with all relevant labor and workforce laws and standards.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
On or before January 1, 2027, the Government Operations Agency shall submit, pursuant to Section 9795, a report from the consortium to the Legislature with the framework developed pursuant to subdivision (b) for the creation and operation of CalCompute.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The report required by this subdivision shall include all of the following elements:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
A landscape analysis of California’s current public, private, and nonprofit cloud computing platform infrastructure.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
An analysis of the cost to the state to build and maintain CalCompute and recommendations for
potential funding sources.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
Recommendations for the governance structure and ongoing operation of CalCompute.
</html:p>
<html:p>
(D)
<html:span class="EnSpace"/>
Recommendations for the parameters for use of CalCompute, including, but not limited to, a process for determining which users and projects will be supported by CalCompute.
</html:p>
<html:p>
(E)
<html:span class="EnSpace"/>
An analysis of the state’s technology workforce and recommendations for equitable pathways to strengthen the workforce, including the role of CalCompute.
</html:p>
<html:p>
(F)
<html:span class="EnSpace"/>
A detailed description of any proposed partnerships, contracts, or licensing agreements with nongovernmental entities, including, but not limited to, technology-based companies, that demonstrates compliance with
the requirements of subdivisions (c) and (d).
</html:p>
<html:p>
(G)
<html:span class="EnSpace"/>
Recommendations regarding how the creation and ongoing management of CalCompute can prioritize the use of the current public sector workforce.
</html:p>
<html:p>
(g)
<html:span class="EnSpace"/>
The consortium shall, consistent with state constitutional law, consist of 14 members as follows:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Four representatives of the University of California and other public and private academic research institutions and national laboratories appointed by the Secretary of Government Operations.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Three representatives of impacted workforce labor organizations appointed by the Speaker of the Assembly.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Three representatives of stakeholder groups with relevant expertise and experience, including, but not limited to, ethicists, consumer rights advocates, and other public interest advocates appointed by the Senate Rules Committee.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
Four experts in technology and artificial intelligence to provide technical assistance appointed by the Secretary of Government Operations.
</html:p>
<html:p>
(h)
<html:span class="EnSpace"/>
The members of the consortium shall serve without compensation, but shall be reimbursed for all necessary expenses actually incurred in the performance of their duties.
</html:p>
<html:p>
(i)
<html:span class="EnSpace"/>
The consortium shall be dissolved upon submission of the report required by paragraph (1) of subdivision (f) to the Legislature.
</html:p>
<html:p>
(j)
<html:span class="EnSpace"/>
If CalCompute is established within the University of California, the University of California may receive private donations for the purposes of implementing CalCompute.
</html:p>
<html:p>
(k)
<html:span class="EnSpace"/>
This section shall become operative only upon an appropriation in a budget act, or other measure, for the purposes of this section.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
</ns0:Fragment>
</ns0:BillSection>
<ns0:BillSection id="id_ADD31BDB-8CB0-46E1-968D-20B42ED40F94">
<ns0:Num>SEC. 4.</ns0:Num>
<ns0:ActionLine action="IS_ADDED" ns3:href="urn:caml:codes:LAB:caml#xpointer(%2Fcaml%3ALawDoc%2Fcaml%3ACode%2Fcaml%3ALawHeading%5B%40type%3D'DIVISION'%20and%20caml%3ANum%3D'2.'%5D%2Fcaml%3ALawHeading%5B%40type%3D'PART'%20and%20caml%3ANum%3D'3.'%5D%2Fcaml%3ALawHeading%5B%40type%3D'CHAPTER'%20and%20caml%3ANum%3D'5.1.'%5D)" ns3:label="fractionType: LAW_SPREAD||commencingWith: 1107" ns3:type="locator">
Chapter 5.1 (commencing with Section 1107) is added to Part 3 of Division 2 of the
<ns0:DocName>Labor Code</ns0:DocName>
, to read:
</ns0:ActionLine>
<ns0:Fragment>
<ns0:LawHeading id="id_89F2945D-CDD7-47AA-A345-993CA8BADECA" type="CHAPTER">
<ns0:Num>5.1.</ns0:Num>
<ns0:LawHeadingVersion id="id_FB6C998C-60A3-4AB1-A9A6-FF53BB05A88B">
<ns0:LawHeadingText>Whistleblower Protections: Catastrophic Risks in AI Foundation Models</ns0:LawHeadingText>
</ns0:LawHeadingVersion>
<ns0:LawSection id="id_EE6993CE-3996-40DA-99B4-D56884C29966">
<ns0:Num>1107.</ns0:Num>
<ns0:LawSectionVersion id="id_295F42A3-EC54-466F-BFAB-8EFA32B57B47">
<ns0:Content>
<html:p>For purposes of this chapter:</html:p>
<html:p>
(a)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
“Catastrophic risk” means a foreseeable and material risk that a frontier developer’s development, storage, use, or deployment of a foundation model will materially contribute to the death of, or serious injury to, more than 50 people or more than one billion dollars ($1,000,000,000) in damage to, or loss of, property arising from a single incident involving a foundation model doing any of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
Providing expert-level assistance in the creation or release of a chemical, biological, radiological, or nuclear weapon.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
Engaging in conduct with no meaningful human oversight, intervention, or supervision that is either a cyberattack or, if committed by a human, would constitute the crime of murder, assault, extortion, or theft, including theft by false pretense.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
Evading the control of its frontier developer or user.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
“Catastrophic risk” does not include a foreseeable and material risk from any of the following:
</html:p>
<html:p>
(A)
<html:span class="EnSpace"/>
Information that a foundation model outputs if the information is otherwise publicly accessible in a substantially similar form from a source other than a foundation model.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
Lawful activity of the federal government.
</html:p>
<html:p>
(C)
<html:span class="EnSpace"/>
Harm caused by a foundation model in combination with other software where the foundation model did not materially contribute to the harm.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
“Covered employee” means an employee responsible for assessing, managing, or addressing risk of critical
safety incidents.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
“Critical safety incident” means any of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
Unauthorized access to, modification of, or exfiltration of the model weights of a foundation model that results in death, bodily injury, or damage to, or loss of, property.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Harm resulting from the materialization of a catastrophic risk.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
Loss of control of a foundation model causing death or bodily injury.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
A foundation model that uses deceptive techniques against the frontier developer to subvert the controls or monitoring of its frontier developer outside of the context of an evaluation designed to elicit this behavior and in a manner that demonstrates materially increased catastrophic risk.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
“Foundation model” has the meaning defined in Section 22757.11 of the Business and Professions Code.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
“Frontier developer” has the meaning defined in Section 22757.11 of the Business and Professions Code.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
“Large frontier developer” has the meaning defined in Section 22757.11 of the Business and Professions Code.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_E0C2D655-31A2-404F-AB73-ECAA59734B88">
<ns0:Num>1107.1.</ns0:Num>
<ns0:LawSectionVersion id="id_3D4A11D2-C5B1-4F2B-B2C6-9049C1BA5FC7">
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
A frontier developer shall not make, adopt, enforce, or enter into a rule, regulation, policy, or contract that prevents a covered employee from disclosing, or retaliates against a covered employee for disclosing,
information to the Attorney General, a federal authority, a person with authority over the covered employee, or another covered employee who has authority to investigate, discover, or correct the reported issue, if the covered employee has reasonable cause to believe that the information discloses either of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
The
frontier developer’s activities pose a specific and substantial danger to the public health or safety resulting from a catastrophic risk.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The frontier developer has violated Chapter 25.1 (commencing
with Section 22757.10) of Division 8 of the Business and Professions Code.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
A frontier developer shall not enter into a contract that prevents a covered employee from making a disclosure protected under Section 1102.5.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
A covered employee may use the hotline described in Section 1102.7 to make reports described in subdivision (a).
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
A frontier developer shall provide a clear notice to all covered employees of their rights and responsibilities under this section, including by doing either of the following:
</html:p>
<html:p>
(1)
<html:span class="EnSpace"/>
At all times posting and displaying within any workplace maintained by the frontier
developer a notice to all covered employees of their rights under this section, ensuring that any new covered employee receives equivalent notice, and ensuring that any covered employee who works remotely periodically receives an equivalent notice.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
At least once each year, providing written notice to each covered employee of the covered
employee’s rights under this section and ensuring that the notice is received and acknowledged by all of those covered employees.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
A large frontier developer shall provide a reasonable internal process through which
a
covered employee may anonymously disclose information to the large
frontier developer if the covered employee believes in good faith that the information indicates that the large
frontier developer’s activities present a specific and substantial danger to the public health or safety resulting from a catastrophic risk or that the large frontier developer violated Chapter 25.1 (commencing with Section 22757.10) of Division 8 of the Business and Professions Code, including a monthly update to the person who made the disclosure regarding the status of the large frontier developer’s investigation of the disclosure and the actions taken by the large frontier developer in
response to the disclosure.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
(A)
<html:span class="EnSpace"/>
Except as provided in subparagraph (B), the disclosures and responses of the process required by this subdivision shall be shared with officers and directors of the large frontier developer at least once each quarter.
</html:p>
<html:p>
(B)
<html:span class="EnSpace"/>
If a covered employee has alleged wrongdoing by an officer or director of the large
frontier developer in a disclosure or response, subparagraph (A) shall not apply with respect to that officer or director.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
The court is authorized to award reasonable attorney’s fees to a plaintiff who brings a successful action for a violation of this section.
</html:p>
<html:p>
(g)
<html:span class="EnSpace"/>
In a civil action brought pursuant to this section, once it has been demonstrated by a preponderance of the evidence that an activity proscribed by this section was a contributing factor in the alleged prohibited action against the covered employee, the
frontier
developer shall have the burden of proof to demonstrate by clear and convincing evidence that the alleged action would have occurred for legitimate, independent reasons even if the covered employee had not engaged in activities protected by this section.
</html:p>
<html:p>
(h)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
In a civil action or administrative proceeding brought pursuant to this section,
a covered employee may petition the superior court in any county wherein the violation in question is alleged to have occurred, or wherein the person resides or transacts business, for appropriate temporary or preliminary injunctive relief.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
Upon the filing of the petition for injunctive relief, the petitioner shall cause notice thereof to be served upon the person, and thereupon the court shall have jurisdiction to grant temporary injunctive relief as the court deems just and proper.
</html:p>
<html:p>
(3)
<html:span class="EnSpace"/>
In addition to any harm resulting directly from a violation of this section, the court shall consider the chilling effect on other
covered employees asserting their rights under this section in determining whether temporary injunctive relief is just and proper.
</html:p>
<html:p>
(4)
<html:span class="EnSpace"/>
Appropriate injunctive relief shall be issued on a showing that reasonable cause exists to believe a violation has occurred.
</html:p>
<html:p>
(5)
<html:span class="EnSpace"/>
An order authorizing temporary injunctive relief shall remain in effect until an administrative or judicial determination or citation has been issued, or until the completion of a review pursuant to subdivision (b) of Section 98.74, whichever is longer, or at a certain time set by the court. Thereafter, a preliminary or permanent injunction may be issued if it is shown to be just and proper. Any temporary injunctive relief shall not prohibit a
frontier developer from disciplining or terminating a covered employee for conduct that is unrelated to the claim of the retaliation.
</html:p>
<html:p>
(i)
<html:span class="EnSpace"/>
Notwithstanding Section 916 of the Code of Civil Procedure, injunctive relief granted pursuant to this section shall not be stayed pending
appeal.
</html:p>
<html:p>
(j)
<html:span class="EnSpace"/>
(1)
<html:span class="EnSpace"/>
This section does not impair or limit the applicability of Section 1102.5, including with respect to the rights of employees who are not covered employees to report violations of this chapter or Chapter 25.1 (commencing with Section 22757.10) of Division 8 of the Business and Professions Code.
</html:p>
<html:p>
(2)
<html:span class="EnSpace"/>
The remedies provided by this section are cumulative to each other and the remedies or penalties available under all other laws of this state.
</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
<ns0:LawSection id="id_09582480-581C-4DD5-9B99-147DA5F5C6C4">
<ns0:Num>1107.2.</ns0:Num>
<ns0:LawSectionVersion id="id_2FD5FD7F-DB26-4D76-AB0E-CB4C31541B98">
<ns0:Content>
<html:p>The loss of value of equity does not count as damage to or loss of property for the purposes of this chapter.</html:p>
</ns0:Content>
</ns0:LawSectionVersion>
</ns0:LawSection>
</ns0:LawHeading>
</ns0:Fragment>
</ns0:BillSection>
<ns0:BillSection id="id_A6F328C5-65CC-42EA-9DAB-C7FF05A26C03">
<ns0:Num>SEC. 5.</ns0:Num>
<ns0:Content>
<html:p>
(a)
<html:span class="EnSpace"/>
The provisions of this act are severable. If any provision of this act or its application is held invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.
</html:p>
<html:p>
(b)
<html:span class="EnSpace"/>
This act shall be liberally construed to effectuate its purposes.
</html:p>
<html:p>
(c)
<html:span class="EnSpace"/>
The duties and obligations imposed by this act are cumulative with any other duties or obligations imposed under other law and shall not be construed to relieve any party from any duties or obligations imposed under other law and do not limit any rights or
remedies under existing law.
</html:p>
<html:p>
(d)
<html:span class="EnSpace"/>
This act shall not apply to the extent that it strictly conflicts with the terms of a contract between a federal government entity and a frontier developer.
</html:p>
<html:p>
(e)
<html:span class="EnSpace"/>
This act shall not apply to the extent that it is preempted by federal law.
</html:p>
<html:p>
(f)
<html:span class="EnSpace"/>
This act preempts any rule, regulation, code, ordinance, or other law adopted by a city, county, city and county, municipality, or local agency on or after January 1, 2025, specifically related to the regulation of frontier
developers with respect to their management of catastrophic risk.
</html:p>
</ns0:Content>
</ns0:BillSection>
<ns0:BillSection id="id_A9ACA5D4-EE07-428B-9DD1-67565312C60C">
<ns0:Num>SEC. 6.</ns0:Num>
<ns0:Content>
<html:p>The Legislature finds and declares that Section 2 of this act, which adds Chapter 25.1 (commencing with Section 22757.10) to Division 8 of the Business and Professions Code, imposes a limitation on the public’s right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:</html:p>
<html:p>Information in critical safety incident reports, assessments of risks from internal use, and reports from covered employees may contain information that could threaten public safety or compromise the response to an incident if disclosed to the public.</html:p>
</ns0:Content>
</ns0:BillSection>
</ns0:Bill>
</ns0:MeasureDoc>
|