Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →California SB 53 Foundation Model Safety and Security Protocol
Issued by
California Legislature
California SB 53 would require developers of foundation models that present a critical risk to create, follow, and publicly disclose a safety and security protocol. The bill mandates catastrophic risk testing and establishes ongoing monitoring obligations for critical safety incidents. It applies to developers operating or offering foundation models deemed to meet a critical risk threshold.
Applies To
Overview
SB 53 is a pending California legislative measure targeting developers of large-scale foundation models that regulators or the bill's criteria identify as presenting critical risk. The bill's core obligation is the creation, implementation, and publication of a formal safety and security protocol tailored to the specific risks of the covered model. Developers would also be required to conduct testing for catastrophic risk scenarios prior to and potentially following deployment. An ongoing monitoring requirement would obligate covered developers to identify, track, and report critical safety incidents. The bill reflects California's continued effort to establish state-level AI safety standards in the absence of comprehensive federal legislation. Enforcement mechanisms and specific penalty structures had not been finalized as of the published date.
Key Requirements
- •Develop and implement a written safety and security protocol for any foundation model classified as presenting a critical risk
- •Publish the safety and security protocol, making it accessible to the public
- •Conduct catastrophic risk testing before and potentially after model deployment
- •Establish ongoing monitoring processes to detect and record critical safety incidents
- •Report or disclose critical safety incidents as required under the bill's incident monitoring provisions
- •Comply with requirements scoped to developers whose models meet the bill's critical risk threshold, with specific thresholds not yet finalized
What Your Organization Must Do
- →Assess all foundation models in development or deployment against the bill's critical risk criteria and document the classification rationale
- →Draft a safety and security protocol template that can be tailored per model and reviewed by legal and technical teams before the bill becomes operative
- →Implement a pre-deployment catastrophic risk testing process and retain records of test methodologies and results
- →Build or expand an incident monitoring program capable of identifying, logging, and escalating critical safety incidents in near real time
- →Prepare a public disclosure process for safety and security protocols, including review workflows to prevent inadvertent disclosure of proprietary information
- →Track the bill's legislative progress and engage California legislative counsel to monitor amendments that may alter risk thresholds or penalty structures
