Client Insight: California AI Transparency Act
On September 19, 2024, California Governor Gavin Newsom signed SB 942, the California Artificial Intelligence Transparency Act (“CAITA”)[1], into law. As previewed in our Client Insight: Artificial Intelligence Insights the Current Regulatory Landscape, CAITA is one of several laws passed in California to increase transparency with respect to the use and deployment of artificial intelligence (“AI”) systems and technology and the creation of synthetic and “deepfake” content. CAITA will become effective on January 1, 2026 and will impact both providers of generative AI systems and companies that license and integrate generative AI technology into their offerings. Please read on to learn more about whether CAITA may apply to your business and applicable requirements.
What is CAITA?
CAITA is a forthcoming regulation that will require certain Covered Providers of Generative AI Systems accessible in California to incorporate AI detection and disclosure features on their websites and mobile applications. The Covered Providers will be required to offer tools to users to help them access Provenance Data and determine whether content is generated or altered through the use of AI technology. Third-party licensees of these Generative AI Systems will be required to preserve these disclosures and tools, and be restricted from making changes to Generative AI Systems that remove disclosure tools made available by Covered Providers.
What is the Key Compliance Deadline Under CAITA?
CAITA will go into effect on January 1, 2026.
What is a Generative Artificial Intelligence System?
CAITA defines a “generative artificial intelligence system” or “GenAI system” as an artificial intelligence that can generate derived synthetic content, including text, images, video, and audio, that emulates the structure and characteristics of the
system’s training data.
“Artificial intelligence” or “AI” is defined as an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.
In practice this definition is expected to cover AI-powered systems that can be used to produce synthetic content as an output based on an input, including, for example, systems like Dall-E, Llama, Copilot and Midjourney.
What is a Covered Provider?
A “Covered Provider” is a person that meets all of the following requirements:
-
- The person creates, codes, or otherwise produces a GenAI System;
- The GenAI System has over 1,000,000 monthly visitors or users; and
- The GenAI System is publicly accessible within the geographic boundaries of the state of California.
What is Provenance Data?
“Provenance Data” is data that is embedded into digital content, or that is included in the digital content’s metadata, for the purpose of verifying the digital content’s authenticity, origin, or history of modification.
Are there any Carve Outs?
Yes, CAITA does not apply to any product, service, internet website or application that provides exclusively non-usergenerated video game, television, streaming, movie or interactive experiences.
What is a Third-Party Licensee?
A third-party licensee is a person who licenses a GenAI System from a Covered Provider. Examples of third-party licensees include, for example, companies that integrate features of GenAI Systems that allow customers or end users to generate output.
Could I Still Be Subject If I'm Outside of California?
Yes, Covered Providers and third-party licensees located outside of California may still be subject to CAITA if an applicable GenAI System is publicly accessible from within the state of California. The 1,000,000 monthly visitor or user count is based on all visitors and users, even if located outside of California.
Click to expand the below for next steps based on whether your company is a Covered Provider or Third-Party Licensee.
What are Next Steps if I am a Covered Provider?
What are Next Steps if I am a Third-Party Licensee?
What Are the Potential Penalties Under CAITA?
Covered Providers that violate CAITA may be fined $5,000 per violation and attorneys’ costs and fees. Each day that a Covered Provider is in violation of CAITA is considered a discrete violation.
Third-party licensees who violate CAITA may be subject to claims for breaches of applicable contracts with Covered Providers and may also be subject to claims for injunctive relief and attorneys’ costs and fees.
Civil actions against Covered Providers and third-party licensees can be brought by the California Attorney General and city and county-level prosecutors.
How Can GD Help?
Gunderson Dettmer is committed to fostering AI education for the innovation economy and we will continue to monitor and report on issues relating to CAITA that may impact your business, so please stay tuned for further updates. Please refer to the Gunderson Dettmer Generative AI Resources page for additional educational materials and insights.
If you have any questions regarding this client alert, or if your company needs assistance evaluating its obligations under CAITA, please reach out to your Gunderson Dettmer attorney.
-
- [1] https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB942
- [2] https://c2pa.org/specifications/specifications/1.3/explainer/Explainer.html
- [3] https://c2pa.org/about/about/
- [4] https://c2pa.org/membership/
- [5] https://contentcredentials.org/
- [6] https://partnershiponai.org/wp-content/uploads/2024/03/pai-synthetic-media-case-study-openai.pdf
-
[7] https://openai.com/index/understanding-the-source-of-what-we-see-and-hear-online/
- [8] https://contentauthenticity.org/blog/durable-content-credentials
- [9] https://help.openai.com/en/articles/8912793-c2pa-in-dall-e-3
- [10] https://openai.com/index/understanding-the-source-of-what-we-see-and-hear-online/
- [11] https://openai.com/index/understanding-the-source-of-what-we-see-and-hear-online/