California

State of play.

• Newsom has shifted California's AI posture from government risk management to labor-market intervention. The May 21 executive order directs four state agencies to study AI-driven layoffs and skills gaps, develop WARN Act amendment recommendations, and examine worker-ownership models — signaling that employment-side AI regulation is the next legislative frontier (→ Newsom Orders California Agencies to Plan for AI Job Disruption).
• CCPA compliance obligations are expanding into routine operational practices. The CPPA's updated regulations require written risk assessments for processing activities posing "significant risk" to consumer privacy, with obligations for new covered processing beginning in 2026 — and call recording combined with analytics, AI tools, or profiling now falls within scope .
• The Musk v. OpenAI jury has returned a verdict rejecting the founding-agreement claims, signaling judicial reluctance to enforce informal nonprofit governance commitments against organizational evolution toward commercial structures .
• Cal/OSHA successor liability doctrine is clarified but incompletely defined. The "substantial continuity" test binds acquirers to predecessor citation history — including repeat-violation penalty exposure — but courts have not resolved how strictly the standard applies across different restructuring types .
• For counsel advising employers, technology companies, entertainment IP clients, or healthcare operators with California operations, the practical baseline is a multi-front compliance environment: CCPA risk-assessment obligations for call recording and employee data, AI workforce disruption rulemaking, Cal/OSHA successor liability in M&A, CIPA litigation exposure, and active AI copyright and hiring-tool litigation are all simultaneously live.

Where things stand.

• CCPA risk-assessment obligations now reach call recording. The CPPA's phased regulations require documented risk assessments for processing posing "significant risk"; call recordings combined with analytics, AI, or profiling trigger the requirement, but the agency has not yet issued specific guidance on which practices cross the threshold — leaving businesses to apply a balancing test without a clear safe harbor .
• CCPA employee data protections are in active rulemaking. The CPPA solicited public comments on potential updates to employee privacy notice requirements; the employment exemption expired January 1, 2023, and a 2023 AG enforcement sweep established baseline compliance expectations .
• CIPA digital wiretapping litigation has reached a structural inflection point. More than 4,000 lawsuits and arbitrations target website tracking technologies; federal courts are split on whether CIPA's pen register framework applies; the California Court of Appeal's forthcoming ruling in Variety Media will determine whether CIPA or the CCPA framework governs — a binary outcome with major exposure implications for any company running standard web analytics .
• Cal/OSHA successor liability follows the "substantial continuity" test. A corporate reorganization, name change, or asset sale does not automatically shield a new entity from inheriting predecessor citation history; Cal/OSHA bears the burden of proof, and misidentification of the employer entity remains a viable appellate defense; repeat-violation penalties make the determination high-stakes in M&A and facility consolidations .
• The AG's CPOM enforcement posture has hardened. AG Bonta's unsolicited amicus brief in Art Center Holdings argues that MSO succession agreements granting unilateral physician-replacement rights violate CPOM even when unexercised; expanded injunctive enforcement authority against PE-backed platforms remains active .
• The Federal Circuit has reinforced the patent-trade secret boundary under California's UTSA. Patent disclosures irrevocably place information in the public domain, foreclosing trade secret claims on the same subject matter; a surgical instrument list sent by email without confidentiality markings also failed for insufficient secrecy measures .
• Right of publicity and false endorsement claims are an active litigation category in California. The Dua Lipa v. Samsung complaint layers copyright ownership, California right of publicity, and Lanham Act false endorsement over a single manipulated backstage photograph used on consumer product packaging — testing consent, licensing chain, and damages allocation across multiple theories simultaneously (→ Dua Lipa sues Samsung for $15M over unauthorized TV ad image use).
• AI copyright doctrine is being shaped in California federal courts. Anthropic's transformative fair use argument for Claude training data is pending; the Bartz v. Anthropic $1.5 billion settlement with over 100,000 authors and rights holders has a fairness hearing scheduled in San Francisco federal court (→ Anthropic argues Claude's copyright use is transformative fair use in CA court).
• AI hiring tool vendor liability is in active litigation. Mobley v. Workday has a certified ADEA class with viable disparate impact claims against the tool vendor; how indemnification provisions in vendor contracts allocate exposure between platform developers and deploying employers remains unresolved .
• California's absolute noncompete ban applies extraterritorially. Business and Professional Code § 16600.5 voids noncompetes regardless of where signed or which state's law the agreement selects; choice-of-law provisions have not reliably resolved the conflict in litigation .
• SB 553 workplace violence prevention enforcement is entering its active phase. The two-year anniversary of the law's effective date arrives July 2026; mandatory annual retraining and plan reviews are now required, and Cal/OSHA inspections are increasingly likely .

Latest developments.

• Newsom signs executive order directing four state agencies to assess AI-driven labor-market disruption and develop recommendations on WARN Act amendments, severance, workforce training, and worker-ownership models (→ Newsom Orders California Agencies to Plan for AI Job Disruption).
• CPPA clarifies that call recording combined with AI, analytics, or profiling may require a formal written risk assessment under updated CCPA regulations, with obligations for new covered processing beginning in 2026 .
• Musk v. OpenAI jury rejects founding-agreement claims, finding no breach of the early nonprofit governance commitments by Altman and Brockman following OpenAI's conversion to a for-profit structure .
• Cal/OSHA successor liability under the "substantial continuity" test can bind acquirers to predecessor citation history, with repeat-violation penalty exposure contingent on agency proof of continuity .

Active questions and open splits.

• What WARN Act and severance obligations will California impose on AI-driven workforce reductions? Newsom's executive order directs agencies to examine WARN Act amendments and severance requirements, but no specific thresholds, timelines, or enforcement mechanisms have been defined — employers cannot yet calibrate compliance posture for AI-driven headcount decisions (→ Newsom Orders California Agencies to Plan for AI Job Disruption).
• Which call-recording practices cross the CCPA "significant risk" threshold? The CPPA has not issued specific guidance on when call recordings trigger the risk-assessment obligation; businesses must apply a balancing test without a clear safe harbor, creating material compliance risk for contact centers, healthcare, and financial services operations .
• CIPA scope: pen register statute or CCPA compliance pathway? The California Court of Appeal's ruling in Variety Media will resolve whether cookies and tracking pixels trigger CIPA's warrant requirement or fall under the CCPA's clearer compliance framework — a binary outcome affecting every company with a California-facing website .
• CPOM enforcement: categorical ban on succession rights vs. fact-specific control analysis. AG Bonta's position in Art Center Holdings — that any unexercised MSO replacement right violates CPOM — conflicts with calls for an actual-control analysis; the Court of Appeal's resolution will determine whether existing MSO agreements across California require immediate restructuring .
• Cal/OSHA successor liability: how strictly does "substantial continuity" apply across restructuring types? Courts have not resolved the standard's application to different corporate restructurings, acquisitions, and contract transitions — leaving acquirers uncertain about inherited citation exposure and repeat-violation penalty risk until the agency or courts provide clearer guidance .
• AI training data fair use doctrine. Anthropic's transformative fair use argument in California federal court, alongside the Bartz settlement, will shape whether large-scale ingestion of copyrighted works for model training is defensible without licensing — a question with industry-wide implications regardless of which company prevails (→ Anthropic argues Claude's copyright use is transformative fair use in CA court).
• AI hiring tool liability: vendor vs. employer exposure allocation. Mobley v. Workday has a certified ADEA class with viable disparate impact claims against the tool vendor; how indemnification provisions in vendor contracts allocate exposure between platform developers and deploying employers is unresolved .

What to watch.

• Agency recommendations from Newsom's AI workforce executive order — the first agency outputs will define the scope of potential WARN Act amendments and severance requirements, setting the compliance baseline for employers using AI-driven workforce tools (→ Newsom Orders California Agencies to Plan for AI Job Disruption).
• CPPA guidance on call-recording risk-assessment thresholds — specific agency direction on which practices cross into "significant risk" territory will determine whether contact center, healthcare, and financial services operations require immediate compliance restructuring .
• California Court of Appeal ruling in Variety Media CIPA case — outcome determines whether businesses face CIPA's warrant-requirement exposure or the CCPA compliance pathway for standard web analytics, with immediate implications for the 4,000+ pending suits .
• Bartz v. Anthropic fairness hearing outcome in San Francisco federal court — approval or rejection sets the damages benchmark for AI copyright disputes and signals how courts will treat training data acquisition going forward (→ Anthropic argues Claude's copyright use is transformative fair use in CA court).
• California Court of Appeal decision in Art Center Holdings — the ruling on MSO succession agreements will either validate or require restructuring of PE-backed physician practice platforms statewide .
• Post-verdict proceedings in Musk v. OpenAI — any post-trial filings, regulatory follow-on, or shareholder challenges will clarify whether the jury verdict fully insulates OpenAI's governance structure or leaves residual exposure .