On September 29, 2025, Governor Newsom signed into law Senate Bill 53 (“SB 53” or the “Act”), officially titled the “Transparency in Frontier Artificial Intelligence Act”.  This legislation is the first U.S. state statute to impose broad transparency, reporting, and whistleblower protections for developers of advanced frontier AI models.  In doing so, once again, California strengthens its position as a regulatory leader in artificial intelligence by placing new obligations on large-scale developers while providing a blueprint for national and international AI oversight.

The Act targets large frontier developers including specifically any company with annual gross revenues exceeding $500 million that trains, fine-tunes, or deploys a frontier model.  Under SB 53, a “frontier model” is essentially a very large, general-purpose AI engine trained on vast amounts of data so it can do many things and requires massive computer-power (i.e. more than 10²⁶ operations) to build and refine.  Once an AI model crosses that scale, the developer must meet stricter transparency, safety, and governance obligations under in order to avoid creating a potentially catastrophic risk including loss of human control, bioweapon assistance, or large-scale damage.  SB 53 applies specifically to large frontier developers and their models focusing on a narrow group of high-performing AI systems rather than the entire AI industry.

SB 53 requires that large frontier model developers create, implement, and publish on their websites a “frontier AI framework.”  This framework must describe how the developer adheres to national and international standards, industry best practices, governance controls, risk assessment protocols, third-party evaluations, and cybersecurity measures.  Moreover, before deploying a new frontier model, developers must publish a transparency report that includes:  the release date, intended uses, supported languages, and conditions of use of the model; summaries of any catastrophic-risk assessments; The identity and role of third-party evaluators; and steps taken to fulfill the obligations of the frontier AI framework.  The aforementioned notwithstanding, developers may redact trade secrets, cybersecurity, or national security information but must explain and retain the redacted content for at least five years.

Large frontier developers must also protect employees who disclose concerns that their employer’s activities pose potentially catastrophic risk or otherwise violate SB 53.  To that end, frontier model developers may not retaliate against any employees who report concerns to internal channels, the California Attorney General, or federal authorities.  The statute also (i) mandates reporting mechanisms through the California Office of Emergency Services for critical safety incidents, such as loss of model control, unauthorized access, or deceptive behavior; and (ii) establishes a consortium within the California Government Operations Agency tasked with creating a framework for CalCompute, a public computing cluster intended to promote safe and equitable AI research.

There are several steps that large frontier developers themselves should take in order to comply with SB 53 including: (i) Publishing a compliant frontier AI framework; (ii) Establishing governance, risk-assessment, and third-party evaluation protocols; (iii) Updating their frameworks annually and disclosing material changes; (iv) Maintaining internal reporting channels for employees and ensuring protection for whistleblowers; (v) Publishing transparency reports for each covered model; (vi) Retain redacted materials for five years; and (vii) Monitoring ongoing legislative and regulatory developments to ensure consistent compliance moving forward.

Legal, compliance, and product development teams should work collaboratively to review whether a company constitutes a “large frontier developer” and/or is developing a “frontier model.”  In addition, covered entities should evaluate disclosure workflows, website design, and version control; map data flows from model training to deployment and documenting audit trails; revise internal whistleblower and non-retaliation policies; update contracts with third-party evaluators to ensure audit access; create governance dashboards that track model releases, incident reports, redactions, and transparency updates; train staff on AI risk management and regulatory obligations; and integrate AI compliance into broader privacy and governance programs under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”).

SB 53 does not specify per-instance civil penalties but does authorize state enforcement mechanisms and public transparency obligations that carry reputational and regulatory risk. Non-compliance by a covered entity could trigger investigations, whistleblower actions, or conflicts with federal AI regulations.  The law also aims to strike a balance between promoting innovation and protecting the public, and showcases California’s leadership in AI research while acknowledging the need to mitigate potential harm from large, advanced models. By emphasizing transparency instead of overly prescriptive regulation, SB 53 establishes a compliance baseline that encourages responsible innovation.   Passage of this law is a clear indication that AI governance has entered a new era of accountability in California with compliance and transparency at the forefront of doing business in the AI sector.

Developers and deployers of high-compute AI models should promptly assess whether they fall under SB 53.  Moreover, businesses using frontier AI should review their contracts and audit rights with vendors and partners.  And companies with a global footprint should evaluate how SB 53 interacts with the EU AI Act and other emerging international legal and regulatory frameworks.  Executives of large frontier developers should treat AI governance as a core regulatory and risk management issue, and in-house counsel should prepare for new compliance challenges, ongoing oversight, and potential disputes arising from transparency and whistleblower provisions.

Ultimately, SB 53 marks a turning point in artificial intelligence regulation in California. By prioritizing transparency and safety, and providing explicit whistleblower protections, the law places accountability at the center of the AI development process.  Frontier developers must align their internal frameworks with these new statutory requirements and recognize that AI risk is no longer only a technological matter.  Rather, it is a legal, regulatory, and enterprise governance issue as well.