Over the course of September, more than 30 bills were introduced in California aimed at regulating the development and use of artificial intelligence (“AI”), in particular by imposing specific requirements on generative AI systems. Although Governor Gavin Newsom vetoed some of the proposals that reached his desk, the state has enacted several AI-related bills, including SB 942 California AI Transparency Act (“SB 942”) and AB 2013 Generative Artificial Intelligence: Training Data Transparency (“AB 2013”).
This article summarizes the key points of SB 942 and AB 2013.
SB 942
SB 942 will take effect on January 1, 2026, and establishes new transparency requirements for providers of generative AI systems. Specifically, it requires covered providers to:
- Make an AI detection tool available at no cost to users of their AI system;
- Include a latent disclosure (defined below) in AI-generated content;
- Provide AI users with the option to include a manifest disclosure indicating that the content is AI-generated; and
- Contractually require licensees to maintain the capability of the AI system to include such a latent disclosure in the content that the system creates or alters.
Key terms and definitions in SB 942
SB 942 defines the following key terms:
“Covered provider” means a person that creates, codes, or otherwise produces a generative artificial intelligence system that has over 1,000,000 monthly visitors or users and is publicly accessible within the geographic boundaries of the state (emphasis added).
“Generative artificial intelligence system” or “GenAI system” means an artificial intelligence that can generate derived synthetic content, including text, images, video, and audio, that emulates the structure and characteristics of the system’s training data.
“Artificial intelligence” or “AI” means an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.
Requirements for covered providers
AI detection tool
Covered providers will be required to make tools available at no cost to users of AI systems to determine whether image, video or audio content has been created or altered by an AI system.
Disclosure of AI-generated content
For any content (image, video, audio, or any combination thereof) created by a generative AI system, covered providers must provide latent disclosure and an option for manifest disclosure.
LATENT DISCLOSURE
Under SB 942, “latent means present but not manifest.” This definition refers to metadata associated with AI-generated content. The bill defines metadata as “structural or descriptive information about data.” While undetectable to the naked eye, metadata can be accessed with specialized tools to reveal information about the structure and nature of the data used to create the content, thereby facilitating greater traceability of generative AI content.
To this end, and insofar as technically feasible and reasonable, covered providers must disclose the name of the covered provider, the name and version number of the GenAI system, the time and date the content was created or altered, and a unique identifier.
This information must be provided either directly or by linking to a permanent website.
Latent disclosures must also be detectable by the AI detection tool, in line with widely accepted industry standards, and must be either permanent or extraordinarily difficult to remove to the extent it is technically feasible.
MANIFEST DISCLOSURE
Covered providers must provide users with the ability to disclose to a natural person, in a clear and conspicuous manner appropriate to the medium of the content and understandable to a reasonable person, that the content was created by an AI. Manifest disclosures must be permanent or extraordinarily difficult to remove, to the extent it is technically feasible.
Responsibility of covered providers in relation to licensing
Finally, covered providers that license their GenAI system to third parties will be required to ensure that licensees comply with these disclosure requirements. If covered providers become aware that a third party licensee is no longer able to make these disclosures, they will be required to revoke the licence within 96 hours.
Penalties
A covered provider that violates the requirements set out in the bill will be liable to a fine of $5,000 per violation.
AB 2013
AB 2013 also goes into effect on January 1, 2026, and imposes new transparency requirements on developers of generative AI systems. Specifically, it requires developers of these technologies to post documentation on their website about the data used to train their generative AI systems. This requirement must be met before the system is made available to the public in California.
Key terms and definitions in AB 2013
AB 2013 defines the following key terms:
“Developer” means a person, partnership, state or local government agency, or corporation that designs, codes, produces, or substantially modifies an artificial intelligence system or service for use by members of the public.
“Substantially modifies” or “substantial modification” means a new version, new release, or other update to a generative artificial intelligence system or service that materially changes its functionality or performance, including the results of retraining or fine tuning.
Application of AB 2013
Like several other new pieces of AI legislation, AB 2013 includes a grandfathering provision that exempts generative AI systems that were released before January 1, 2022. However, the provisions apply to substantial modifications made to generative AI systems after January 1, 2022.
Requirements for AI developers
Documentation about the data used by a developer to train the generative artificial intelligence system or service must include:
- The sources or owners of the datasets;
- A description of how the datasets further the intended purpose of the artificial intelligence system or service;
- The number of data points included in the datasets;
- A description of the types of data points, i.e., whether they are classified or not;
- Whether the datasets include any data protected by copyright, trademark or patent, or whether the datasets are entirely in the public domain;
- Whether the datasets were purchased or licensed by the developer;
- Whether the datasets include personal information;
- Whether the datasets include aggregate consumer information;
- Whether there was any cleaning, processing, or other modification to the datasets by the developer, including the intended purpose of those efforts in relation to the artificial intelligence system or service;
- The time period during which the data in the datasets were collected, including a notice if the data collection is ongoing;
- The dates the datasets were first used during the development of the artificial intelligence system or service;
- Whether the generative artificial intelligence system or service used or continuously uses synthetic data generation in its development.
Exceptions
Developers are not required to post documentation in the following cases:
- A generative AI system whose sole purpose is to help ensure the security and integrity of networks or information systems or the physical safety of natural persons. The California Civil Code defines “security and integrity” as 1) the ability of networks or information systems to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information; 2) the ability of businesses to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions, and to help prosecute those responsible for those actions; and 3) the ability of businesses to ensure the physical safety of natural persons.
- A generative artificial intelligence system or service whose sole purpose is the operation of aircraft in the national airspace.
- A generative artificial intelligence system or service developed for national security, military, or defense purposes that is made available only to a federal entity.
Why is this important?
The rapid growth of AI-generated content poses numerous challenges, including the increasing difficulty for consumers to distinguish this type of content from human-created content. California aims to promote greater transparency from companies working in this field so that users can knowingly interact with AI-generated content and make informed choices.
Companies whose activities are subject to these laws, including some Canadian companies, may therefore need to review their practices by December 31, 2025, to ensure compliance with the new legal requirements.
Veto of Bill 1047
Finally, it should be noted that on September 29, the Governor of California vetoed Bill 1047, SB 1047 Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, which sought to impose significant obligations on developers and operators of large-scale AI models, such as mandatory security measures, annual audits and incident disclosure requirements. The governor’s rationale for rejecting this legislation was that it could create a false sense of security by focusing only on large-scale AI models, when other models could prove equally or more dangerous. The governor pledged to continue to work with relevant stakeholders to find the best way to protect the public.
CONCLUSION
In Canada, the consideration of Bill C-27, which would, among other things, introduce the Artificial Intelligence and Data Act, has been suspended since September 26. Although its future in its current form is uncertain, we should expect Canada to adopt a regulatory framework for AI sooner rather than later. These new developments in California reflect a growing concern among lawmakers about AI transparency and compliance. It seems increasingly important for companies and public bodies to develop and implement artificial intelligence governance practices starting today.