Find a lawyerOur capabilitiesYour career
Locations
Our capabilities
News

Select language:

Locations
Our capabilities
News

Select language:

hamburger menu showcase image
  1. Our thinking
  3. Blogs
  5. Technology Quotient
  7. Compliance in a Global AI Market: Examining the Overlaps Between California’s SB 53 and the EU AI Act
3MIN

Compliance in a Global AI Market: Examining the Overlaps Between California’s SB 53 and the EU AI Act

Oct 2 2025

On September 29, Governor Gavin Newsom here. What follows is a summary of the key points.

Covered Entities and Models

The TFAIA defines a “frontier model” as one trained using computing power greater than 10^26 operations, and a “large frontier developer” as a company with annual revenues exceeding $500 million. This dual threshold for various TFAIA requirements reflect California’s intent to direct obligations at a small number of powerful developers, in contrast with the EU AI Act’s broader reach. When triggered, the TFAIA imposes a number of obligations, described hereafter briefly, and in more detail here.

Core Obligations

Large frontier developers must:

  • publish a Frontier AI Framework setting out their standards, governance practices, and risk mitigation strategies; 
  • issue transparency reports when deploying new or substantially updated models, including summaries of catastrophic risk assessments;
  • update reports when they make substantial modifications to existing models;
  • report certain defined critical safety incidents; and,
  • develop certain anonymized whistleblower processes; 

In addition, developers must report “critical safety incidents” to the California Office of Emergency Services within 15 days, or within 24 hours if imminent risk of serious harm is discovered. These requirements mirror, but do not replicate, the EU AI Act’s obligations on incident reporting, where providers of high-risk systems must notify regulators of “serious incidents” within a similar timeframe.

Penalties and Enforcement

Failure to meet these obligations can result in civil penalties of up to $1 million per violation, enforceable solely by the California Attorney General. The TFAIA also includes whistleblower protections for employees engaged in AI safety functions, requiring companies to maintain internal processes for anonymous reporting.

Key Takeaway

The TFAIA represents California’s most direct move yet to regulate advanced AI models. While narrower in scope than the EU AI Act, it imposes overlapping requirements in areas such as transparency, governance, and incident reporting. Companies subject to both regimes will need to develop compliance strategies that address distinctions between the two while recognizing their shared emphasis on safety and accountability.

Read the full briefing for a detailed comparison of the TFAIA and EU AI Act.

 

 

 

Tags

aiartificialintelligencecybersecuritydata protectioncomplianceregulatory frameworkcorporate governanceuseurope

Authors

San Francisco

Beth George

Partner
Washington, DC, Redwood City (Silicon Valley)

Brock Dahl

Partner
San Francisco

Christine Chong

Senior Associate
San Francisco

Vera Ibes

Principal Associate
Washington, DC

Madeline Cimino

Associate
Latest Insights

Latest Insights

NAVIGATE TO
About usLocations and officesYour careerOur thinkingOur capabilitiesNews
CONNECT
Find a lawyerAlumniContact us
NEED HELP
Fraud and scamsComplaintsTerms and conditions
LEGAL
AccessibilityCookiesLegal noticesTransparency in supply chains statementResponsible procurementPrivacy

Select language:
Select language:
© 2026 Freshfields. Attorney Advertising: prior results do not guarantee a similar outcome