AIUC-1 × California SB 53: Detailed crosswalk
See the high-level crosswalk to California SB 53 sections here.
This crosswalk is provided for informational purposes only and does not constitute legal advice. Sections with no operative analog to AIUC-1 (e.g. addressing definitions, enforcement mechanisms, regulatory infrastructure, and legislative safe harbors) have been omitted from crosswalk mappings. Organizations should consult qualified legal counsel to determine their specific compliance obligations under California SB 53.
California SB 53 detailed crosswalk by subsection
22757.12(a)(1)–(10) Frontier AI Framework (large frontier developers only)
Large frontier developers must publicly post a Frontier AI Framework covering all ten elements: (1) incorporating national/international standards and best practices; (2) defining and assessing catastrophic risk capability thresholds; (3) applying mitigations based on assessment results; (4) reviewing adequacy of mitigations before deployment or extensive internal use; (5) using third parties to assess catastrophic risks and mitigation effectiveness; (6) criteria for revisiting and updating the framework; (7) cybersecurity practices to secure unreleased model weights; (8) identifying and responding to critical safety incidents; (9) instituting internal governance practices; (10) assessing and managing catastrophic risk resulting from the internal use of its frontier models.
22757.12(b) Frontier AI Framework — review & update cadence (large frontier developers only)
The Frontier AI Framework must be reviewed and updated at least annually. If material modifications are made, an updated framework and justification must be published within 30 days.
22757.12(c) Transparency report (all frontier developers)
All frontier developers must publish a transparency report before or simultaneously with launching a new or substantially modified frontier model, covering: internet website, mechanism for communication, release date, supported modalities and languages, intended uses, and applicable restrictions. Model cards satisfying equivalent content are deemed compliant. Note: a transparency report is not required before granting access to third-party evaluators (per §22757.11(e)(2)).
22757.12(d)–(e) Quarterly catastrophic risk reporting to OES & false-statement prohibition
Large frontier developers must transmit summaries of any internal catastrophic risk assessments from internal model use to the California Office of Emergency Services at least quarterly. Must additionally include in their transparency report: (d) summaries of catastrophic risk assessments, involvement of any third-party evaluators, and steps taken to address identified risks. (e) Materially false or misleading statements about catastrophic risk or compliance with the Frontier AI Framework are expressly prohibited.
22757.13(c)–(g) Critical safety incident reporting (all frontier developers)
All frontier developers must report critical safety incidents to OES within 15 days of discovery. (c) any critical safety incident has a 15-day reporting window requirement to OES; incidents posing imminent risk of death or serious injury must be reported to law enforcement/public safety within 24 hours. (d)–(f) Reports are exempt from the California Public Records Act; AG and OES may transmit reports to legislature, Governor, or federal government, with consideration of trade secret, cybersecurity, and national security risks. (g) Beginning January 2027 and annually thereafter, OES must publish an annual anonymised aggregate incident report to the legislature and Governor.
The Security, Safety, and Reliability standard for AI agents
Stay up to date with AIUC-1
