TL;DR: California SB 942 (AI Transparency Act) requires generative AI providers with 1 million or more monthly California users to label AI-generated content, publish a transparency disclosure page, and ensure chatbots identify themselves as AI. Full enforcement begins August 2, 2026, with penalties of $5,000 per day per violation enforced by the California Attorney General. A 30-day cure period applies after written notice.
California's SB 942, the AI Transparency Act, was signed by Governor Newsom in September 2024. It is one of the first state laws in the United States to impose concrete disclosure obligations directly on generative AI providers rather than on downstream deployers. The core idea is simple: users have a right to know when they are looking at AI-generated content.
The August 2, 2026 enforcement date is now 65 days away. For any organisation that operates or builds on large-scale generative AI systems reaching California audiences, that deadline is not theoretical. The California Attorney General has signalled that AI transparency is an enforcement priority. The $5,000-per-day penalty structure means that even a modest compliance gap can result in six-figure exposure within weeks.
Who SB 942 Covers
SB 942 applies to "providers" of generative AI systems that serve one million or more monthly users in California. A provider is any person or entity that develops, owns, or operates a generative AI system made available to California residents, whether as a standalone product or as part of a larger platform.
The one-million-user threshold applies to California users specifically, not to global monthly active users. An organisation with five million global users but fewer than one million in California does not meet the threshold. However, California represents roughly 12 percent of the US population, so any nationally distributed AI product with more than eight million US monthly active users is likely to cross the California threshold.
Covered generative AI systems include those capable of producing:
- Text (including summaries, translations, completions, and code)
- Images, illustrations, or graphic content
- Audio, including synthetic voice
- Video, including deepfakes and synthetic media
SB 942 does not cover AI that merely classifies, recommends, or filters existing content. It applies to systems that generate new content.
Who is probably not covered directly: Small startups using a covered provider's API to build a niche B2B tool will not reach one million California users and are not direct obligors under SB 942. That said, your vendor (OpenAI, Google, Anthropic, Adobe, and others of that scale) will be covered, and their compliance flows through to the API you use. It is worth checking your vendor's disclosure practices before August 2.
What SB 942 Requires
SB 942 imposes three distinct obligations on covered providers.
1. Label AI-generated content
When a generative AI system produces content, the provider must disclose that the content is AI-generated. The statute permits multiple methods: visible on-screen labels, metadata embedded in the file (such as C2PA provenance data), or watermarks that are detectable by reasonable technical means. The key requirement is that users can determine, without special expertise, that the content was produced by AI.
The exemption to watch: content generated for personal use that is not distributed publicly does not need to be labelled. This covers a user asking a chatbot to draft a personal email they keep to themselves. It does not cover a business using AI to generate marketing copy, product images, or customer-facing text.
2. Maintain a public AI transparency disclosure page
Covered providers must maintain a publicly accessible page, linked clearly from their main product or website, that lists:
- Each generative AI system the organisation operates and makes available to California users
- A description of the types of content each system can produce
- Known material limitations of each system, including categories of content it may generate inaccurately
- A contact method or process for users to report concerns about AI-generated content
The page must be kept current. Adding a new AI model or capability requires updating the disclosure page before California users can access the new system.
3. Chatbots must identify themselves as AI
Any conversational AI system, meaning a system that engages in back-and-forth dialogue with users in natural language, must identify itself as an AI at the start of each interaction. The identification must be clear and unambiguous. A chatbot cannot claim to be human or adopt a persona that obscures its AI nature.
This obligation applies regardless of whether the chatbot has a human-sounding name or persona. Naming a chatbot "Alex" and giving it a profile picture does not satisfy the requirement. The system must affirmatively state, at the outset of each conversation, that the user is interacting with an AI.
6-Step Compliance Checklist
Work through these steps before August 2, 2026.
-
Determine whether you are a covered provider. Count your monthly active users in California across all generative AI products and features. If you are below one million, document your calculation and retain it. If you are above, proceed immediately to step 2.
-
Audit every generative AI feature in your product. List every place your product generates text, images, audio, video, or code and surfaces it to users. Include AI features embedded in secondary workflows, such as AI-assisted support replies, AI-generated summaries in dashboards, or AI-produced onboarding copy.
-
Implement content labelling. For each feature identified in step 2, design and deploy a disclosure mechanism. For on-screen content, a label such as "Generated by AI" attached to the output is sufficient. For downloadable files, embed C2PA-compatible metadata. Test that labels appear consistently across all device types and interfaces.
-
Publish your AI transparency disclosure page. Draft entries for every covered generative AI system. Include the system name, output types, and known limitations. Link the page clearly from your product's main navigation, settings, or footer. Assign an owner to keep it updated whenever new AI capabilities launch.
-
Update chatbot identification flows. Review every conversational AI entry point. Add an explicit AI identification statement at the start of each session. Do not rely on a user inferring AI nature from a product name. Test the disclosure across web, mobile, and API-access paths.
-
Set up a post-notification cure process. SB 942 gives providers 30 days to cure a violation after written notice from the AG. Assign a named individual or team to receive regulatory correspondence and implement a 30-day response SLA. Document your compliance posture so that, if a notice arrives, you can respond with evidence of your programme rather than starting from scratch.
SB 942 vs EU AI Act Article 50
Both SB 942 and EU AI Act Article 50 impose AI content disclosure obligations, but they differ in scope, mechanism, and timing. If you operate in both markets, a single compliance programme can satisfy both, but the technical requirements are not identical.
| Obligation | California SB 942 | EU AI Act Article 50 | Notes |
|---|---|---|---|
| Content labelling | Visible disclosure or embedded metadata/watermark | Machine-detectable watermark (C2PA or equivalent) required for images, audio, video | EU requires machine-detectable marking; SB 942 allows visible labels for text |
| Disclosure page | Required: public page listing systems, output types, limitations | Not a direct equivalent; Article 50 requires system-level transparency but no prescribed page format | SB 942 is more prescriptive about the disclosure page |
| Chatbot identification | Required at start of each interaction | Required at start of each interaction; exception for law enforcement with authorisation | Requirements are substantively identical |
| Who is covered | Generative AI providers, 1M+ monthly California users | Providers of AI systems deployed in the EU; no minimum user threshold | EU AI Act has broader geographic reach but no size threshold |
| Enforcement | California AG; $5,000/day per violation | National market surveillance authorities; fines up to EUR 15M or 3% of global turnover | EU penalties are proportional to turnover; SB 942 is flat daily rate |
| Cure period | 30 days after written notice | No equivalent cure period | SB 942 cure period gives more lead time after notice |
| Effective date | August 2, 2026 | August 2, 2026 (same date for Article 50 obligations) | Both deadlines fall on the same date |
For teams already building to EU AI Act Article 50 requirements, the C2PA watermarking you implement for EU compliance will satisfy SB 942's metadata option for images, audio, and video. The main gap is the disclosure page, which is SB 942-specific, and ensuring chatbot identification language works in both jurisdictions.
See the EU AI Act Article 50 watermarking and deepfake disclosure checklist for the full EU-side requirements.
Penalties
The California Attorney General enforces SB 942. There is no private right of action, meaning individual California users cannot bring their own lawsuits under the statute.
Penalties are $5,000 per day for each violation. The "per violation" language is significant. If your product has three distinct AI-generated content features, each operating without required disclosures, a court could treat those as three separate violations running in parallel, which would be $15,000 per day.
Before filing an enforcement action, the AG must provide written notice to the provider and allow 30 days to cure. A cure means bringing the specific violation into compliance, not merely acknowledging it. If you receive a notice and fix the labelling issue within 30 days, the AG cannot pursue penalties for that violation.
There is no published guidance yet on how the AG will prioritise enforcement. Given California's track record on CCPA enforcement, initial actions are likely to target large, visible providers rather than smaller operators who cross the threshold. That said, waiting for an enforcement action to trigger your compliance programme is a poor strategy given the daily penalty structure.
