On September 29, 2025, California Governor Gavin Newsom signed into law SB 53, also known as the Transparency in Frontier Artificial Intelligence Act (TFAIA). This law builds on the recent regulations on automated decision-making technology under the CCPA and other recent California AI legislation. While it is limited to "frontier models", the TFAIA hints at expanding these requirements to other models and small developers as technology evolves. Please find a high-level summary of the TFAIA below:

Effective date. Key provisions of SB 53 will likely take effect on January 1, 2026.

Who it affects

SB 53 affects foundational AI system developers that make a "frontier model" publicly available to Californians. Specifically, it affects "frontier developers" – any person who trains "frontier models", models trained by using a quantity of computing power greater than 10^26 integer or floating-point operations. SB 53 also imposes more requirements on "large frontier developers", developers of frontier models that, together with its affiliates, has a combined annual gross revenue exceeding $500 million in the preceding calendar year.

How it applies

SB 53 applies to four key categories:

1.      Developer disclosure requirements;

2.      Developer notification requirements;

3.      Enhanced whistleblower protections; and

4.      Creation of CalCompute.

Penalties for non-compliance. Noncompliant frontier developers are subject to civil penalties up to $1 million per violation, as enforced by the California Attorney General. The TFAIA also permits the award of attorneys' fees to a successful whistleblower plaintiff.

Developer Disclosure Requirements

Frontier developers

Transparency report. Frontier developers are required to publish a transparency report on their website before or at the same time as launching a new or substantially modified frontier model. This report must provide specific information, such as the frontier model release date, supported languages, and intended use. Frontier developers who adequately disclose this information through alternative channels – for example, through a model card, which typically include overlapping content like model date and intended use – will be compliant. Notwithstanding any reasonable statement made in good faith, transparency reports may not be materially false or misleading. Frontier developers may redact sensitive information, such as trade secrets, cybersecurity protections or matters of national security, provided they have a valid reason and retain the redacted information for at least five years.

Large frontier developers

Transparency report (cont.). Large frontier developers must follow the same transparency reporting requirements as frontier developers. Moreover, large frontier developers must adhere to additional requirements, such as disclosing assessments of "catastrophic risks," any foreseeable and material risk where a frontier model may seriously injure at least fifty people or incur more than $1 billion in damage.

Frontier AI framework. In addition to publishing a transparency report, large frontier developers are required to create and publish a “frontier AI framework” on their website, detailing the technical and organizational measures in place to assess, manage, and mitigate catastrophic risks associated with their frontier models. This framework must be reviewed and, as appropriate, updated at least annually. If any material changes are made, a justification for those changes must be published within thirty days. Finally, developers must not make materially false or misleading statements regarding their implementation of, or compliance with, this frontier AI framework.

Developer Notification Requirements

Frontier developers

Declare intent to comply. California's Office of Emergency Services (OES) may adopt federal laws and/or regulations on an ongoing basis; frontier developers must proactively declare their intent to comply with each new adoption.

Critical safety incidents. Frontier developers are required to report any critical safety incident – an incident involving a frontier model causing harm or loss of control – to the OES within fifteen days of discovery. If a critical safety incident poses an imminent risk of death or serious physical injury, the developer must notify the appropriate authorities, including law enforcement or public safety agencies, within twenty-four hours.

Large frontier developers

Declare intent to comply & critical safety incidents. Large frontier developers must comply with the same notification requirements as frontier developers (see above).

Catastrophic risks. Every three months, larger frontier developers must transmit a summary of any assessment of a catastrophic risk to the OES. The OES may also require large frontier developers to submit reports according to an alternative, reasonable schedule.

Enhanced Whistleblower Protections

SB 53 enhances whistleblower protections for covered employees – personnel responsible for overseeing critical safety incidents – by prohibiting frontier developers from preventing, or retaliating against, disclosure of significant safety concerns or violations of SB 53. Frontier developers must inform covered employees of these protections, and large frontier developers must provide an internal, anonymous reporting platform that provides monthly disclosure updates. If retaliation occurs, covered employees have the right to seek legal remedies, including injunctive relief and attorney’s fees, with the burden of proof by clear and convincing evidence shifting to the employer. Lastly, beginning in 2027, the California Attorney General will publish anonymized annual reports on whistleblower activity.

Creation of CalCompute

SB 53 will establish CalCompute – a state-supported cloud computing cluster that aspires to promote safe, ethical, and equitable AI research and development. A consortium of academic, labor, public interest, and technical experts will design the framework for CalCompute, with a comprehensive report on its design, governance, and funding due to the California Legislature by January 1, 2027.