CCPA/CPRA Automated Decision-Making Technology Regulations
In effect since January 1, 2026
Overview
Grants California consumers the right to opt out of automated decision-making, request access to information about algorithmic profiling, and obtain human review of automated decisions.
This is a privacy law with automated decision-making provisions.
Who this applies to
This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.
AI categories covered
- Consumer-facing AI
- Employment and hiring
- Automated decision-making
- Algorithmic profiling
Specific AI use cases:
- Customer profiling and segmentation
- Credit scoring and risk assessment
- CRM with AI features
What this requires you to do
Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
ADM impact assessment required
Conduct an ADM impact assessment. Evaluate how your automated decision-making affects consumers.
Profiling disclosure required
Disclose profiling activities. Inform consumers when you use their data for profiling purposes.
Right to human review
Offer human review. Consumers have the right to request a human review of automated decisions.
Data access rights
Provide data access. Consumers can request access to data collected and used by your AI systems.
Enforcement and penalties
Up to $7,988 per intentional violation. Enforced by California Privacy Protection Agency. Compounds rapidly across affected consumers.
Source
Read the full text
https://cppa.ca.gov/regulations/admt.html
Always verify current language and amendments at the official source.
Other California regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.