California’s AI Advisory: Key Legal Risks for Developers and Businesses (Part 1)

On January 29, 2025, the California Attorney General’s Office issued one of the most comprehensive advisories to date on how state laws apply to artificial intelligence. The guidance covers a wide range of legal issues—from consumer fraud and discrimination to privacy, election integrity, and antitrust. Whether you’re advising a tech startup, enforcing compliance, or litigating AI misuse, here are the critical takeaways every lawyer and developer must understand.

At this link you can find the California Attorney General’s Office Advisory on AI. I have summarized the key points below.

General Overview

• The advisory outlines how California’s existing laws apply to AI, emphasizing consumer protection, civil rights, competition, and data privacy.

• AI’s potential for innovation comes with risks such as bias, discrimination, fraud, disinformation, and environmental harm.

Legal Obligations for AI Developers and Users

• Transparency: Disclose how AI impacts consumers’ lives and whether consumer data is used for training.

• Accountability: Ensure systems are validated, tested, audited, and comply with laws.

• Risk Mitigation: Prevent harm to individuals, businesses, and the environment.

Key Areas of Law

1. Consumer Protection and False Advertising

• Misleading claims about AI capabilities, accuracy, or performance are prohibited under the Unfair Competition Law (UCL) and False Advertising Law.

• Businesses are liable for deceptive uses of AI, such as deepfakes, impersonations, or misrepresentation of AI-generated content.

• AI tools must not foster fraud or harm competition.

2. Civil Rights

• Discrimination by AI systems violates laws like the Unruh Civil Rights Act and Fair Employment and Housing Act (FEHA).

• Developers and users must prevent bias or discriminatory outcomes, including indirect effects on protected classes.

3. Data Privacy

• California Consumer Privacy Act (CCPA): Regulates the use, sale, and retention of consumer data.

• Special protections apply to sensitive data (e.g., health, education, neural data).

• The California Invasion of Privacy Act (CIPA) prohibits the unauthorized use of communication data and biometric identifiers.

4. Election Integrity

• Prohibits AI-generated deceptive election materials, undeclared chatbots, and impersonation of candidates or initiatives.

• Platforms must label and remove AI-generated election disinformation.

5. Competition Law

• AI systems must not facilitate anticompetitive practices (e.g., price-fixing, market manipulation).

• Large AI companies face scrutiny under antitrust laws for actions harming competition.

New AI-Specific Laws (Effective January 1, 2025)

• Disclosure and Labeling:

• AI training data must be disclosed (AB 2013, SB 942).

• AI-generated content must include visible markers (SB 942).

• Telemarketing calls using AI must disclose AI involvement (AB 2905).

• Unauthorized Use of Likeness:

• Requires consent for digital replicas in entertainment (AB 2602).

• Prohibits nonconsensual use of deceased personalities’ likenesses (AB 1836).

• Healthcare:

• Licensed physicians must supervise AI tools used in medical decision-making (SB 1120).

• AI and Criminal Acts:

• Expands prohibitions on AI-generated child exploitation content (AB 1831, SB 1381).

• Criminalizes nonconsensual deepfake pornography (SB 926).

General Guidance

• Entities must ensure compliance with all relevant laws, including tort, public nuisance, and environmental regulations.

• Use of AI does not exempt businesses from liability under existing laws.