Companies that create or produce a generative AI system with more than 1 million monthly users face new contracting requirements intended to help California users identify AI-generated content.
On September 1, 2024, California adopted the California AI Transparency Act (SB 942). This legislation is the first law to include specific contractual requirements related to watermarking AI-generated content. Given California’s influence, similar laws could soon emerge in other states, making it crucial for businesses to understand and adapt to these new regulations.
Scope of the Act
The California AI Transparency Act will take effect on January 1, 2026. It targets “Covered Providers,” defined as entities that create or produce a Generative AI (GenAI) system that has over 1,000,000 monthly users and is publicly accessible in California. GenAI systems are those capable of generating synthetic content. The Act excludes providers of nonuser-generated video game, television, streaming, movie, or interactive experiences. Additionally, the Act’s requirements only apply to image, video, or audio content, and do not apply to text.
Businesses that fail to comply can face a fine of up to $5,000 for each day they are in violation.
Key Requirements
- AI Detection: Providers must make available a free, publicly accessible AI detection tool.
- The tool must allow users to verify if content was AI-generated, return available provenance data (excluding personal data), and support various content formats.
- Providers must collect ongoing user feedback regarding the tool and implement relevant improvements.
- Absent further guidance from lawmakers, covered providers are not explicitly prevented from outsourcing these obligations to a third party. Business may look to third parties to help develop AI detection tools to meet these requirements.
- Latent and Manifest Disclosures: AI-generated content must include certain disclosures.
- In all cases, so-called “latent” or hidden disclosures must be embedded in AI-generated content, containing the provider’s name, AI system details, creation time and date, and a unique identifier.
- Latent disclosures must also be permanent and detectable by the provider’s AI detection tool.
- Additionally, providers must give users the option to include so-called “manifest” or visible disclosures in AI-generated content, indicating its AI origin. These disclosures must be conspicuous and difficult to remove.
- Contractual Obligations for Licensees: Providers of GenAI systems must include certain terms in their license agreements.
- If a GenAI system is licensed to a third party, the provider must contractually ensure licensees maintain the latent disclosure capabilities.
- Licenses must be revoked within 96 hours if a covered provider discovers that the licensee has altered a licensed GenAI system so that it can no longer include the required latent disclosures.
- If the licensee does not stop using the GenAI system during the 96-hour period, a civil action may be brought against the licensee for injunctive relief and reasonable attorney fees.
- The Act does not make clear whether the provider will also be in violation of the Act if the licensee does cease use after 96 hours.
Contracting Implications
- Explicit Contract Requirements:
- The Act explicitly requires that covered providers include a contractual obligation for third-party licensees of its GenAI system to maintain the latent disclosure capabilities.
- Covered providers should include a contractual right to revoke the third-party license within 96 hours if the latent disclosure capabilities are compromised. (While the Act specifies an obligation to revoke the license, it does not include an explicit obligation to reflect that contractually.)
- The Act does not give an explicit answer if these contracting obligations apply to contracts that are entered into prior to Jan 1, 2026 and continue to be in effect thereafter.
- Providers should consider updating their contracts to include these requirements by January 1, 2026.
- Additional Contracting Considerations:
- Under the law, the covered provider is responsible if a GenAI system does not meet any of the Act’s requirements, including the detection tool and providing both manifest and latent disclosures.
- Licensing the GenAI system to a third party does not excuse the covered provider’s obligations under the Act, including the obligation to make the AI detection tool available. However, the licensee may be separately subject to enforcement actions for injunctive relief if it does not stop using the GenAI system within 96 hours after a license is revoked.
- Therefore, covered providers may consider revisiting other contractual provisions in license agreements to ensure compliance with the Act and reallocate who bears the risk for noncompliance.
- The following are examples of other contractual provisions that may be renegotiated in light of the Act (however these will vary on a case-by-case basis):
- Explicit obligations to meet the Act’s technical requirements.
- Indemnification for any claims or damages arising from use of the GenAI system.
- Adjusted scope of liability for damages arising from failure to comply with the Act.
- Audit rights, potentially including implementation of tools to track and verify compliance.
- Restrictions on modifications.
- Notification requirements regarding any issues or noncompliance.
Looking Ahead
Currently, the Act applies to audio, image, and video content and not text. However, future legislation may introduce similar requirements for text-based content.
Additional guidance from state legislators and the Attorney General may be released prior to the Act’s effective date. Staying informed and proactive will help businesses navigate the evolving landscape of AI regulation.
The California AI Transparency Act is a key component of the expanding AI regulatory landscape in California, and companies should incorporate it into their compliance framework to stay ahead of requirements.
If you have questions, please reach out to the authors (Sarah Schaedler and Haley Flora).