California's frontier AI law (SB 53): the first US transparency statute for the largest models

While Washington debates whether to regulate AI at all, the state that hosts most of the world's frontier laboratories has already done it. California's Transparency in Frontier Artificial Intelligence Act (SB 53), signed on 29 September 2025 as Chapter 138 of the Statutes of 2025, took effect on 1 January 2026. It is the first US statute written specifically for the companies training the most capable models — and because those companies supply the systems used across Europe and the rest of the world, it is not a development that organisations outside the United States can treat as purely domestic.

Who the law reaches

SB 53 does not regulate AI in general. It targets a narrow tier defined by raw training compute. A frontier model is a foundation model trained using a quantity of computing power greater than 10²⁶ integer or floating-point operations — counting fine-tuning, reinforcement learning and other material modifications. A frontier developer is anyone who trained, or initiated the training of, such a model. The heaviest duties fall on the large frontier developer: a frontier developer whose annual gross revenues (including affiliates) exceeded 500 million dollars in the preceding calendar year.

California's 10²⁶ threshold sits one order of magnitude above the 10²⁵ FLOP line the EU draws for general-purpose AI models with systemic risk: both jurisdictions reach for the very largest models, but California's net is the narrower of the two. What matters is the shared logic — a training-compute threshold as the trigger for the heaviest duties — even where the exact figures differ.

What it requires: framework, report, incident

The statute rests on three disclosure duties.

First, a frontier AI framework. Large frontier developers must publish, and keep current, a written framework describing how they identify, assess and mitigate catastrophic risk — covering how they incorporate national and international standards, the thresholds they use to judge risk, their deployment review process, third-party assessments, cybersecurity practices, governance and the risks of their own internal use of the model.

Second, a transparency report before deployment. Before releasing a new or substantially modified frontier model, developers must publish a report identifying the model, its release date, supported languages and output modalities, intended uses and any restrictions. Large developers must add summaries of the catastrophic-risk assessments they carried out and the results.

Third, critical safety incident reporting. Developers must report critical safety incidents to the California Office of Emergency Services within 15 days of discovery — or within 24 hours where the incident poses an imminent risk of death or serious physical injury.

What "catastrophic risk" means

The law's centre of gravity is its definition of catastrophic risk: a foreseeable and material risk that a developer's frontier model will materially contribute to the death of, or serious injury to, more than 50 people, or more than one billion dollars in damage to property, arising from a single incident. The qualifying harms are narrow and specific — a model providing expert-level assistance in creating a chemical, biological, radiological or nuclear weapon; acting without meaningful human oversight in a way that is a cyberattack or, if a human had done it, would be murder, assault, extortion or theft; or evading the control of its developer or user.

This is a different regulatory object from the one Colorado and Texas address. The Colorado and Texas state laws govern everyday algorithmic decisions — hiring, credit, deepfakes, manipulation. SB 53 reaches past ordinary harm to the tail risks of the most powerful systems, the same register as the AI Act's systemic-risk tier.

Whistleblowers and enforcement

SB 53 bars frontier developers from preventing covered employees — those responsible for assessing or managing catastrophic risk — from disclosing information about such risk or about violations of the Act to the Attorney General, regulators or internal auditors. Large developers must also run a reasonable, anonymous internal channel for raising concerns. Enforcement sits with the California Attorney General, who may seek civil penalties of up to one million dollars per violation. Separately, the Act directs a consortium to design CalCompute, a public cloud-computing cluster within the University of California, with a framework due by 1 January 2027.

The federal shadow over the law

SB 53 enters force at the precise moment the federal government is moving to contain laws like it. On 20 March 2026 the White House published A National Policy Framework for Artificial Intelligence, a set of legislative recommendations to Congress. Its seventh and final section urges Congress to preempt state AI laws that impose undue burdens in favour of a single, "minimally burdensome" national standard, and states plainly that "states should not be permitted to regulate AI development." The Framework is not law — it binds no one and creates no obligation — but it sets the federal direction, and a frontier-developer transparency mandate enacted by a single state is exactly the kind of measure it is aimed at. For now SB 53 applies in full; whether it survives a future federal statute is the open question.

Why it matters beyond California

The practical reading for a European or other non-US organisation is twofold. The frontier laboratories that most AI deployment ultimately depends on are now disclosing, in public, the safety frameworks and incident histories of their largest models — a transparency baseline that did not exist a year ago and that feeds directly into supplier due diligence. And the shared use of a training-compute threshold — even at different levels — alongside the EU's GPAI regime confirms the pattern traced in our analysis of international AI governance: on the question of the most capable models, jurisdictions are settling on a shared yardstick, even as the rest of their AI law diverges.