The California 2025-2026 legislative session was adjourned for 2025, with 12 Oct. 2025 marking the final day for Governor Gavin Newsom to sign or veto bills. Lawmakers introduced at least 33 bills related to privacy and AI and passed 16 of them. Newsom signed four privacy bills and seven artificial intelligence bills into law, while vetoing five others.    

During the first half of the current session, California continued to follow some of the privacy trends from 2023 and 2024. The state focused on amending the California Consumer Privacy Act, implementing protections for children's privacy and age verification, reinforcing protections for location data privacy and adding new requirements for data brokers. Lawmakers prioritized transparency as they adopted the first frontier AI law and companion chatbots legislation in the country. They also introduced disclosure requirements for service providers to consumers, reflecting the legislature's specific interest in making other areas of the law AI-compatible.

Overall, the bills passed in 2025 further reinforce California as a leader in privacy and AI regulation and may foreshadow similar trends in lawmaking in other states. The updated California Privacy and AI Legislation Tracker presents a comprehensive list of bills that have become law as well as those that are still in the works for the remainder of the 2025-2026 legislative session.

ADVERTISEMENT

Radarfirst- Looking for clarity and confidence in every decision? You found it.

New privacy requirements in California

Three privacy-focused bills were signed into law by Newsom on 8 Oct. The California Opt Me Out Act introduces a mandate requiring companies that develop or maintain a web browser to provide consumers with a universal opt-out preference signal that applies to all websites they visit. Onlookers opine the web browsing industry will likely face a "flood of opt out requests ... sent to businesses that drastically impact their web marketing efforts" as a consequence of the adoption of this bill. Nevertheless, the bill shields browser companies from liability regarding the conduct of the businesses that do not follow these opt-out requests. It remains unclear what implementation mechanisms must be utilized by browser developers to meet the new law's requirements.  

Children's privacy remains a priority to California legislators. Assembly Bill 1043 embraces an alternate model for children's safety by shifting compliance obligations from operating system providers to application developers. Under this law, OS providers are only required to provide an interface that allows users to input their age-verification information during account setup. Application developers must have "clear and convincing" information about the user's age. Otherwise, they should rely on the age signal, such as the date of birth or age of the user supplied by the operating systems providers, as the primary indicator of the user's age to determine access to their services. 

Once the age signal has been provided, the developer is on notice as they have actual knowledge of the user's age, which extends to all the access points within the application. By imputing liability to the developers and excluding operating system providers and app stores from liability, the scheme adopted in California diverges from the models adopted by other states, like Texas and Utah.

The oversight of data brokers was also expanded through the adoption of the Senate Bill 361. Disclosure obligations were broadened for brokers; they will need to disclose whether they collect personal information falling within a long list of categories that include sexual orientation, citizenship status, biometric information and government identification numbers. Additionally, the bill requires brokers to disclose if they have sold or shared data with foreign actors; federal or state agencies, including law enforcement; or generative AI system developers to the California Privacy Protection Agency. Enforcement tools under the DELETE Act have also been strengthened with daily fines doubled and failure to process consumer deletion requests now classified as a sanctionable offense.

Newsom signed Assembly Bill 45 into law 26 Sept. This bill seeks to reinforce protections for health and location data by introducing specific prohibitions on geofencing and data handling in relation to health care services. First, the bill extends an existing prohibition to include the collection, use, disclosure, sale, sharing or retention of personal information of an individual located at or within the precise geolocation of clinics or reproductive health care service centers. Second, entities that provide in-person health care services are prohibited from geofencing for purposes of identification and advertising. 

Furthermore, the bill introduces a prohibition on disclosing research records with law enforcement if the data is personally identifiable and if the purpose of the research relates to seeking or obtaining health care services. It does provide a series of exceptions mainly for performance of requested goods and services by the individual and entity-level exceptions for those covered under Health Insurance Portability and Accountability Act. Finally, this bill introduces a private right of action for those individuals that are aggrieved by a violation of the new prohibition.

California continues to be at the forefront of AI transparency

The California legislature continued with its mission of ensuring transparency in AI by passing two first-in-the-nation bills. The Transparency in Frontier Artificial Intelligence Act seeks to make public the efforts by frontier AI developers with revenues of at least USD500 million to ensure the safety of their products. These disclosures to the Office of Emergency Services, along with mandatory third-party audits, must include which accepted standards were integrated into their frameworks. The bill requires the adoption of a clear safety framework that must be public on the developers' website. Commentators note this bill is the result of the report by the group appointed to study ethical AI guardrails and a spiritual successor of the vetoed SB 1047 from 2024, which aimed to address the rising harms presented by AI integration with other products.    

The legislature also enacted Senate Bill 243, which regulates companion chatbots, defined as AI systems designed to use human-like responses and capable of satisfying the user's social needs, including displaying human-like features and sustaining relationships. This bill mandates that companion chatbot developers disclose to the user in a "clear and conspicuous way" that they are engaging with an AI system, and not a human, if a reasonable person could be potentially misled. 

The bill also creates safeguards aimed at preventing chatbots from engaging with users if they lack a protocol that prevents harmful content from being produced and distributed to the user, including self-harm and suicide ideation-related outputs or sexual content if the user is a known minor. Transparency obligations include annually reporting to the Office of Suicide Prevention, crisis handling referrals, and protocols to detect and prevent engagement with suicidal ideation coming from users.

The legislature enacted other bills focused on AI transparency, such as Assembly Bill 723, which requires real estate brokers, salespersons or their agents to disclose the use of digitally altered images in sales. Assembly Bill 853 delays the implementation of the AI Transparency Act until August 2026, adds requirements for large online platforms — including social media, file-sharing platforms, search engines and mass messaging platforms — to provide their users with an interface that discloses system provenance, i.e., whether the content was created by generative AI.

California expands AI regulation across sectors

California legislators adopted other bills that expanded the regulation of AI. In health care, Assembly Bill 489 prohibits the use of certain terms that imply that developers or deployers of AI or generative AI systems are licensed to practice a health care profession. Antitrust legislation was supplemented by the enactment of Assembly Bill 325, which makes it unlawful to use or share common pricing algorithms in a contract if it restrains commerce. Lastly, through Assembly Bill 316, the legislature barred defendants that are developers, users or modifiers of AI systems to assert as a defense in a civil action that the AI system autonomously caused the harm.

Looking forward

The first half of the 2025-2026 legislative session in California resulted in numerous new privacy and AI laws. Despite Congress signaling interest in creating a federal framework and an executive order directing the Justice Department to challenge state-level AI legislation, California legislators show no intention of slowing down. The second half of the session, which begins 4 Jan. 2026, promises to be as prolific, if not more, for privacy and AI lawmaking. More than 22 bills will be carried over for consideration in the new year. Additional bills may be proposed before the 20 Feb. deadline for the introduction of new legislation.

In early 2026, the Senate and the Assembly will likely begin by voting on whether to override Newsom's vetoes on five bills addressing issues like social media liability, companion chatbots directed to children and AI transparency in multiple fields. 

Regarding privacy, bills tweaking existing legislation like the CCPA and the California Invasion of Privacy Act are currently in committee and waiting for votes to move toward enactment. Workplace and employment privacy are also topics that the legislature is focusing on as it considers two privacy bills preventing or limiting workplace surveillance. Data brokers are likely to be subject to new obligations as a bill protecting judges and elected officials from data brokers' archives is under consideration. Along with an insurance consumer privacy bill, lawmakers are also considering new reporting requirements for businesses that collect precise geolocation. 

Efforts to regulate AI also show no signs of stopping anytime soon with ten bills currently waiting for further action at the California State Capitol. Algorithmic pricing has sparked the interest of California legislators; five bills are currently in discussion in both the Senate and the Assembly. California lawmakers are likely to keep pushing for more transparency with users and agencies, as bills regarding AI bots and high-risk automated decision-making systems make their way through the legislative chambers in Sacramento. Topics like copyright and discrimination are also being discussed. The legislature had a busy year on privacy and AI, and it is likely that 2026 — the second year of this current session — will follow the same pattern with more bills being enacted, introduced and adopted as California lawmakers continue to seek innovative ways to regulate these challenging issues.  

David Botero is a Westin Fellow at the IAPP.

Â