{"id":7686,"date":"2025-09-11T05:59:00","date_gmt":"2025-09-11T10:59:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&p=7686"},"modified":"2025-09-15T09:50:31","modified_gmt":"2025-09-15T14:50:31","slug":"california-ai-transparency-laws-sb942-ab2013","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/california-ai-transparency-laws-sb942-ab2013\/","title":{"rendered":"California\u2019s AI Transparency Laws: How SB 942 and AB 2013 Will Reshape AI Data Practices"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tArticle<\/strong>\n\t\t\t\t\t\t\t\t\t\t

California\u2019s AI Transparency Laws: How SB 942 and AB 2013 Will Reshape AI Data Practices<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Setting the stage for AI transparency<\/h2>\n

If 2023 and 2024 were the teaser trailers for U.S. AI regulation, 2025 is the blockbuster release. And California (never shy about a starring role in tech policy) has premiered two headline acts: the California AI Transparency Act (SB 942)<\/a> and Assembly Bill 2013 on Generative AI Training Data Transparency<\/a>.<\/p>\n

Both laws take effect January 1, 2026, and together they create a one-two punch of accountability. SB 942 focuses on outputs: how AI-generated content is labeled, detected, and disclosed. AB 2013 focuses on inputs: how the data used to train generative AI systems<\/a> is documented and made public.<\/p>\n

For privacy and compliance professionals, these laws are more than legislative updates. They are operational mandates with real penalties for noncompliance. And they\u2019re arriving at a moment when public trust in AI is fragile, regulators are sharpening their teeth, and stakeholders are asking, \u201cHow do we prove<\/em><\/strong> our AI is playing fair?\u201d<\/p>\n

Understanding California\u2019s AI Transparency Act (SB 942)<\/h2>\n

The California AI Transparency Act is a consumer protection law with a simple premise: if you make AI that generates or alters content, you must tell people clearly, consistently, and in a way that can\u2019t be easily stripped out.<\/p>\n

However, the law\u2019s scope is narrower than \u201call AI\u201d.<\/strong> It applies only to covered providers<\/em> (developers of a GenAI system with over 1,000,000 monthly visitors or users that are publicly accessible within California). It does not apply to certain exclusively non-user-generated experiences, such as video games, television, streaming, movies, or interactive content that is not created or modified by users. These exemptions mean some large AI content producers are outside the Act\u2019s reach.<\/p>\n

Core requirements include:<\/h4>\n
AI detection tools, free to the public<\/h5>\n

Covered providers must offer a publicly accessible detection tool to identify whether their generative AI system created or altered an image, video, or audio file. The tool must work via a web interface and an API, support content uploads or URLs, and output system provenance data<\/em> (such as the system version and creation date) without exposing personal provenance data<\/em>. The detection tool must be free to use, though providers may impose reasonable limitations to address security or integrity risks to their GenAI system.<\/p>\n

Manifest disclosures (visible labels)<\/h5>\n

Users must be able to add a visible label: \u201cmanifest disclosure,\u201d that identifies content as AI-generated. Labels must be clear, conspicuous, permanent (or nearly so), and appropriate for the medium.<\/p>\n

Latent disclosures (embedded metadata)<\/h5>\n

All AI-generated content must include embedded information: provider name, GenAI system name and version, creation timestamp, and a unique identifier. This must be detectable by the provider\u2019s AI detection tool and aligned with industry standards.<\/p>\n

License enforcement<\/h5>\n

If a licensed third party disables disclosure capabilities, the provider must revoke their license within 96 hours. Licensees must cease using the system once a license is revoked.<\/p>\n

Penalties<\/h5>\n

Civil penalties of $5,000 per violation, per day, plus possible injunctive relief, make this a law with real teeth.<\/p>\n

California\u2019s AI Transparency Act moves labeling and provenance from a \u201cnice to have\u201d to a \u201cnon-negotiable\u201d but only for covered providers and only for content within its defined scope. If your AI touches California consumers and isn\u2019t in an exempt category, transparency must be woven into your design and delivery pipelines.<\/p>\n

How mature is your AI risk management?<\/strong><\/p>\nTake the quiz<\/span><\/a>

Breaking down California AB 2013 Generative AI Training Data Transparency<\/h2>\n

If SB 942 answers \u201cHow do we show people what\u2019s AI-made?\u201d, AB 2013 asks \u201cWhat\u2019s in the AI\u2019s brain?\u201d<\/em><\/p>\n

By January 1, 2026, any developer releasing a new or substantially modified GenAI system (or a significant update) in California must publish training data documentation on their website<\/strong>. This must include:<\/p>\n