California Enacts Landmark AI Transparency Law: The Transparency in Frontier Artificial Intelligence Act

On September 29, 2025, California Governor Gavin Newsom signed Senate Bill 53, the Transparency in Frontier Artificial Intelligence Act ("TFAIA") into law. With this historic legislation, California became the first state in the nation to establish a comprehensive legal framework to ensure transparency, safety, and accountability in the development and deployment of advanced artificial intelligence ("AI") models.

Scope and Key Definitions

The TFAIA sets out new transparency and governance requirements for organizations developing certain advanced AI systems, known as "frontier models." While the law applies broadly to all frontier developers, certain obligations are specifically targeted at "large frontier developers."

Key definitions under the TFAIA include:

• Frontier model: a foundation model that was trained using a quantity of computing power greater than 10^26 integer or floating-point operations.
• Frontier developer: a person who has trained, or initiated the training of, a frontier model.
• Large frontier developer: a frontier developer that, together with its affiliates, collectively had annual gross revenues in excess of US$500 million in the preceding calendar year.

Notably, the California Department of Technology is granted authority to update these statutory definitions as technology evolves, ensuring the law remains relevant as AI capabilities advance.

Key Obligations for Frontier Developers

Frontier AI Framework

Under the TFAIA, large frontier developers are required to implement and publish a comprehensive Frontier AI Framework. This framework must be updated and made public at least annually, and within 30 days of any material modification. The Frontier AI Framework must provide a detailed account of how catastrophic risks are identified, assessed, and mitigated throughout the lifecycle of a frontier model.

The framework must include documentation of governance structures, mitigation processes, cybersecurity practices, and alignment with standards (whether national or international) and industry-specific best practices.

The TFAIA defines "catastrophic risk" as a foreseeable and material risk that a frontier developer's development, storage, use or deployment of a frontier model will materially contribute to the death of, or serious injury to, more than 50 people or more than $1 billion in damage to, or loss of, property arising from a single incident involving a frontier model.

Transparency Reports

Before, or concurrently with, deploying a new frontier model, all frontier developers (not only large frontier developers) must publish a transparency report. This report must include:

• A mechanism for individuals to communicate directly with the frontier developer
• The release date of the frontier model
• The modalities of outputs the frontier model supports
• Intended uses of the frontier model, along with any restrictions or conditions on those uses

Large frontier developers face additional transparency obligations. Their transparency reports must also include an assessment of catastrophic risks associated with the frontier model, the results of this risk assessment, disclosure of any third-party involvement in the risk assessment process, and a description of other steps taken to comply with the Frontier AI Framework.

Critical Safety Incident Reporting

The TFAIA requires frontier developers to report any critical safety incidents to the Office of Emergency Services within 15 days of discovering the incident, or within 24 hours if there is imminent risk of death or serious physical injury. Reports are kept confidential and exempt from public records laws to protect trade secrets.

Whistleblower Protections

The TFAIA protects whistleblowers who report major health and safety risks related to frontier AI models. Frontier developers must clearly inform all employees about these whistleblower rights and their responsibilities. Large frontier developers must set up a reasonable internal system for anonymous reporting and must provide monthly updates to whistleblowers on the progress of their investigations.

Enforcement and Timeline

The TFAIA authorizes the California Attorney General to enforce the law, including penalties of up to $1 million for each violation. The law will take effect on January 1, 2026, giving organizations approximately two months to prepare for compliance.

Key Takeaways and Implications

With the TFAIA, California has shifted the AI transparency landscape from voluntary industry standards to a mandatory legal regime. Notably, Governor Newsom has presented the TFAIA as a blueprint for other states, particularly in the absence of a comprehensive federal framework for AI regulation.

While it remains too early to assess its nationwide impact, the TFAIA may contribute to a growing patchwork of state-level AI regulation, similar in some respects to the influence of the California Consumer Privacy Act on privacy laws. Its influence is already visible beyond California; for example, New York has advanced its own frontier AI legislation, the Responsible AI Safety and Education Act ("RAISE"), which has passed the state legislature and is awaiting the Governor's signature.

Organizations with AI governance programs aligned to the European Union's AI Act may have a head start in adapting to the TFAIA, given shared themes of transparency, governance, and incident management—although the detailed obligations under each regime are distinct.

How SiteTrust Helps Organizations Prepare

SiteTrust certification aligns with TFAIA requirements by providing independent verification of AI transparency practices. Our three-tier certification system helps organizations at every stage of compliance readiness, from basic transparency commitments to comprehensive governance frameworks.

For frontier developers and large frontier developers, SiteTrust's Tier 2 (Verified) and Tier 3 (Certified) certifications provide the documentation, governance structures, and transparency reporting capabilities needed to demonstrate compliance with TFAIA requirements. Our certification process helps organizations:

• Establish comprehensive AI transparency frameworks
• Document risk assessment and mitigation processes
• Create transparency reports that meet regulatory requirements
• Implement governance structures aligned with best practices
• Prepare for mandatory compliance before enforcement begins