California AI Transparency Act Duties Phase In From August | TLY

AI Regulation Tracker  /  Legislation

California's AI Transparency Act Starts Going Operative August 2, With Platform Duties Staggered Into 2027 and 2028

AB 853, signed in October 2025, amends the California AI Transparency Act and sets a phased schedule. The core chapter becomes operative August 2, 2026. Large online platform and GenAI hosting duties follow on January 1, 2027, and capture device rules on January 1, 2028. Here is what each piece requires and when it actually bites.

The Leveraged Years AI Regulation News

California passed the AI Transparency Act to do something plain. If a machine made a piece of content, a person should be able to find that out. The original law leaned on covered providers, the companies that run large generative AI systems, to embed disclosures into what their systems produce and to give the public a free tool to check content. AB 853 keeps that spine and extends the duty outward, to the platforms that distribute the content and to the devices that capture it. Governor Newsom signed it on October 13, 2025, and it was chaptered as Chapter 674 of the 2025 statutes.

The reason to write about it now is timing. The Act was not immediately live when it was signed, and the amendment did not make everything operative at once. It laid out a schedule, and the first date on that schedule is almost here.

The dates, in plain order

Start with the core chapter. The bill text is direct about it. In the operative section it states, "This chapter shall become operative on August 2, 2026." That is the covered provider layer, the part aimed at the large AI systems themselves. On that date the base obligations of the Act, including the disclosure and detection tool duties on covered providers, become live.

Next comes the platform layer, on January 1, 2027. Two separate new sections carry that date. The large online platform provenance duty says, "This section shall become operative on January 1, 2027." The GenAI system hosting platform duty carries the same operative date. So the entities that move AI content around, or that host the systems producing it, get a longer runway than the providers do.

Last is the hardware layer, on January 1, 2028. The capture device manufacturer section states, "This section shall become operative on January 1, 2028." That gives camera, phone, and device makers the most time, which makes sense given that hardware production cycles are long and the duty attaches to devices produced for sale.

I want to be precise about this because it is easy to compress a staggered law into a single headline and get it wrong. On July 16, 2026, none of these duties are in force yet. The August 2 date is the first to arrive, and it covers the providers, not the platforms and not the device makers.

What the platform duty actually asks for

The large online platform obligation is the piece with the widest reach, so it is worth understanding on its own terms. The law defines a large online platform as, in its words, "A public-facing social media platform, file-sharing platform, mass messaging platform, or stand-alone search engine that distributes content to users who did not create or collaborate in creating the content that exceeded 2,000,000 unique monthly users during the preceding 12 months." Telecommunications and broadband access services are carved out.

Once you are inside that definition, the January 1, 2027 duty is a detection duty. The platform has to detect whether provenance data, meaning the machine-readable markings that follow widely adopted industry specifications, is embedded in or attached to the content it distributes. It then has to give users a way to see that provenance information. Think of provenance data as a chain of custody record traveling with a file. The platform is not being told to author the record. It is being told to look for one and to surface what it finds.

The GenAI hosting platform duty on the same date works alongside it. A platform that makes GenAI systems available to the public cannot knowingly offer a system that fails to place the required disclosures into its output. That pushes the disclosure obligation down the distribution chain, so a hosting marketplace cannot simply list a non-compliant model and wash its hands of it.

Why a US company outside California should care

The instinct is to file this under state law and move on. That is a mistake here, and the reason is the threshold. A platform does not become a large online platform because it is headquartered in California. It becomes one because it distributes content to more than two million unique monthly users. A national social product, a widely used file-sharing service, or a general search engine clears that bar without trying, no matter where the company sits. California is writing a rule that in practice reaches products used across the country.

The covered provider layer works the same way. The Act reaches large generative AI systems by their user footprint, not by their zip code. If your system is broadly accessible, the California duties are your duties, and the first of them arrives on August 2.

There is also a penalty attached, which is what turns a schedule into a deadline. Violations carry a civil penalty of five thousand dollars per violation, enforced by the Attorney General, a city attorney, or a county counsel. That is a per violation figure on content and systems that operate at scale, which is how a transparency rule gets teeth.

What to do now

Sort yourself into the right bucket first, because the deadline depends on it. If you run a large generative AI system, your date is August 2, 2026, and you should already be able to show that your outputs carry the required disclosures and that your public detection path works. If you run a platform that distributes content or hosts GenAI systems, your date is January 1, 2027, and the work is a detection and display capability for provenance data that follows recognized standards. If you make capture devices sold in California, your date is January 1, 2028, and the duty attaches to devices produced for sale from that date.

Then map your user numbers honestly against the two million unique monthly users line, because that single number decides whether the platform duty is yours at all. And read the operative dates as what they are. This is a phased law. Build to the date that applies to you, confirm the current statutory text before you lock any control, and do not assume that because one tranche is live, all of them are.

Questions professionals are asking

Is the whole California AI Transparency Act in force now?

No. AB 853 sets a staggered schedule. The core chapter becomes operative on August 2, 2026. The large online platform and GenAI hosting duties become operative on January 1, 2027. The capture device manufacturer duties become operative on January 1, 2028. As of July 16, 2026, none of these are yet in force, and the first to arrive is the August 2 core chapter.

What does AB 853 add to the original Act?

It extends the transparency duty beyond the AI providers themselves. It adds obligations for large online platforms to detect and surface provenance data, for platforms that host GenAI systems to make available only systems that place the required disclosures, and for makers of capture devices to give users a disclosure option. The provider layer from the original Act remains.

What counts as a large online platform?

The Act defines it as a public-facing social media platform, file-sharing platform, mass messaging platform, or stand-alone search engine that distributes content its users did not create, and that exceeded 2,000,000 unique monthly users during the preceding 12 months. Broadband and telecommunications services are excluded.

Does this reach companies outside California?

In practice, yes. The large online platform and covered provider duties attach to user footprint, not to where a company is based. A national platform above two million unique monthly users falls inside the definition regardless of its headquarters, which is why the law has national compliance reach.

What is the penalty for a violation?

A civil penalty of five thousand dollars per violation, enforceable by the California Attorney General, a city attorney, or a county counsel. Because the figure is per violation and the covered entities operate at scale, the exposure can add up quickly.

RELATED BRIEFINGS

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any statute or requirement applies to your situation with qualified counsel in the relevant jurisdiction, and check the live statutory text before relying on any date or provision.