AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Not sure where to start? Answer 3 questions and get a tailored compliance action plan.

What applies to me? →
Must ComplyRegulationUSHigh risk

California Transparency in Frontier AI Act

Issued by

State of California

liveEffective 2026-01-01CA-TFIAVerified July 2026

The California Transparency in Frontier AI Act requires large frontier AI model developers operating in or serving California to publish safety and security frameworks for their most capable AI systems. It mandates disclosure of risk assessments and transparency reporting to the public and relevant authorities. Organizations must also report qualifying safety incidents within defined timeframes.

Applies To

Large enterpriseAI developer

Overview

Enacted by the State of California and effective January 1, 2026 for most provisions, this statute targets developers of large-scale frontier AI models and imposes affirmative transparency and safety obligations. Covered developers must publish and maintain AI safety and security frameworks that address how significant risks are identified, assessed, and mitigated. The law requires transparency disclosures tied to risk assessment methodologies and intended use cases, enabling downstream deployers and the public to make informed decisions. Incident reporting requirements obligate covered developers to notify relevant California authorities when specified safety events occur. Enforcement is expected to be administered through California state mechanisms, with potential civil liability for non-compliant developers. The statute represents a targeted, threshold-based approach focused on frontier model developers rather than the broader AI supply chain.

Key Requirements

  • Publish a documented AI safety and security framework covering risk identification, assessment, and mitigation for covered frontier models.
  • Provide public transparency disclosures describing risk assessment processes and the known intended and foreseeable uses of covered models.
  • Report qualifying safety incidents to designated California authorities within required timeframes.
  • Maintain and update safety and security documentation as model capabilities or deployment contexts materially change.
  • Thresholds for coverage are tied to model scale or capability criteria consistent with the definition of frontier AI under the statute.

What Your Organization Must Do

  • Audit all AI models in development and deployment to determine whether any meet the statutory definition of a frontier AI model subject to the Act.
  • Draft and publish a compliant AI safety and security framework for each covered model, ensuring it addresses risk identification, assessment, and mitigation processes.
  • Establish an incident response protocol that identifies qualifying safety events, assigns internal reporting ownership, and meets California notification timelines.
  • Update public-facing model documentation and disclosures to include risk assessment summaries and use-case transparency information as required.
  • Assign legal or compliance ownership for ongoing monitoring of California guidance, implementing regulations, or enforcement actions that may clarify threshold definitions or reporting requirements.
  • Review contracts with enterprise customers and API users to ensure downstream use cases are documented and do not create undisclosed risk exposure under the transparency provisions.