California enacts first state frontier AI safety law
SB 53 requires large frontier AI developers to publish safety protocols, report serious incidents and protect whistleblowers, helping California fill part of the federal regulatory void.
California has approved the first U.S. state law specifically dedicated to the safety of the most advanced artificial intelligence models. Governor Gavin Newsom signed SB 53 today, requiring transparency around safety measures, mandating the reporting of critical incidents and protecting workers who raise the alarm about serious risks.
The law comes exactly one year after Newsom vetoed SB 1047, a more interventionist bill that divided the tech industry. The new law avoids pre-launch controls and focuses its obligations on transparency and accountability.
Which models are covered by SB 53
The Transparency in Frontier Artificial Intelligence Act applies to so-called frontier models—those whose training exceeds 10^26 computational operations. This measure, known as FLOPs, expresses the approximate amount of computing used to train a system; it is not equivalent to the number of parameters and does not, on its own, determine a model’s capabilities.
The threshold excludes most small and midsize models, including many enterprise tools and open-source systems. It is aimed at costly training runs that only a small group of companies can afford.
The main disclosure requirements apply to large frontier model developers, defined as companies that, together with their affiliates, exceed $500 million in annual gross revenue. As a result, SB 53 does not regulate a startup and companies such as OpenAI, Google, Anthropic or Meta in the same way.
Public protocols and reports on each model
Large developers will have to publish a frontier AI safety framework on their websites. The document must explain how they incorporate national and international standards, as well as industry-accepted practices, to identify, assess and reduce risks.
They will also have to provide information about the evaluations conducted on their models and the measures taken in response to capabilities that could cause serious harm. The law focuses on risks such as using AI to facilitate cyberattacks or chemical, biological, radiological and nuclear threats, as well as losing control of an advanced system.
The law does not require companies to obtain a license before launching a model or to prove to the state that a product is safe. Its logic is different: companies must publicly commit to a protocol and leave information that can later be used to determine whether they followed it.
Critical incidents must be reported
Frontier model developers will have to report critical incidents to the California Office of Emergency Services. The general deadline will be 15 days after discovery, but it drops to 24 hours when there is an imminent risk of death or serious physical injury.
The category includes events such as the theft of a model’s weights—the files containing what it learned during training—when that materially increases the risk of critical harm. It also covers certain deceptive behaviors used by a model to evade its developer’s controls.
The Office of Emergency Services will also establish a mechanism for companies and members of the public to report potential incidents. The California attorney general may seek civil penalties of up to $1 million per violation in cases of noncompliance.
Protection for internal whistleblowers
SB 53 prohibits retaliation against employees who disclose significant risks to health or safety. Covered companies will have to maintain internal channels for receiving such alerts.
This provision addresses a specific problem in the industry: much of the information about models’ capabilities, failures and safety testing remains inside the labs. Whistleblowers may be one of the few ways to uncover a danger that a company has failed to report adequately.
The protection does not turn every technical disagreement into a protected disclosure. It is intended for good-faith communications about significant risks or violations of the law itself.
A narrower version of the SB 1047 vetoed in 2024
SB 1047, also sponsored by Senator Scott Wiener, would have imposed a broader duty on developers to prevent catastrophic harm. Newsom vetoed it on September 29, 2024, saying its approach could impose excessive burdens and use the cost or size of training as an imperfect substitute for actual risk.
SB 53 retains the computing-capacity threshold but reduces the level of intervention. It does not create a preauthorization regime or automatically hold developers liable for any harmful use. Instead, it requires them to document their policies, report incidents and protect those who uncover problems.
That design explains why Anthropic publicly backed the final version, while other major tech companies had urged lawmakers to avoid a patchwork of state rules and pursue federal regulation instead.
California sets rules for the entire sector again
The law’s formal reach ends at California’s borders, but its impact could be much broader. The state is home to 32 of the world’s 50 leading AI companies, according to data cited by the California government. In 2024, it accounted for 15.7% of all AI-related job postings in the United States, according to Stanford’s 2025 AI Index.
When a company develops its models in California or sells its services there, maintaining two compliance systems is often more expensive than extending the California standard nationwide. It is the same regulatory effect the state has already had in privacy, vehicle emissions and consumer protection.
The law also orders the creation of CalCompute, a consortium within the Government Operations Agency that will design a framework for a future public computing cluster. The goal is to provide computing resources for research into safe, sustainable and public-interest AI; SB 53 creates the planning mechanism, not the supercomputer.
The California Department of Technology will have to review technical developments each year and recommend adjustments. That review will be crucial: a fixed threshold of 10^26 operations could become outdated if training methods improve or highly capable systems emerge that require less computation.
The first practical test will be how much detail companies include in their public frameworks. SB 53 could reveal real differences in their safety policies, but it could also produce vague documents if the attorney general does not require disclosures to be verifiable. Enforcement of the penalties and the quality of the reports will determine whether the law creates effective oversight or merely adds another layer of corporate compliance.