California’s Frontier AI Report: A Blueprint for Transparency, Not a New Law

California Governor Gavin Newsom released a 53-page report on Frontier AI Policy on June 17, the product of a working group he convened after vetoing SB 1047 in late 2024. The document is not a bill. It is not a regulation. It is a framework — one that leans hard on transparency, third-party verification, and whistleblower protections, and pointedly avoids endorsing any specific legislative vehicle.

The report’s timing matters. It lands 10 months after Newsom vetoed Senator Scott Wiener’s SB 1047, the most ambitious AI safety bill in US history. That bill would have required frontier labs to conduct pre-deployment safety testing, maintain kill switches, and face civil liability for catastrophic harms. Newsom called it too broad. The working group he convened in its place has now produced something narrower: a set of principles rooted in what it calls “trust but verify.”

What is new here is not the broad call for regulation. That has been a constant since GPT-4. What is new is the specificity of the mechanisms the report endorses. It recommends mandatory disclosure of AI interactions to consumers. It calls for reporting of adverse AI events — a direct analogue to adverse-event reporting in pharmaceuticals and medical devices. It urges whistleblower protections for AI lab employees. And it explicitly recommends third-party verification of companies’ self-assessments, a position that goes further than any major US policy document to date.

The report names the risks it is worried about. They fall into three buckets: misuse by malicious actors (non-consensual intimate imagery, child sexual abuse material, cloned voices for scams, cyberattacks, CBRN weapons); malfunction by non-malicious actors (reliability failures, bias, loss of control); and systemic risks (labor disruption, market concentration, single points of failure, privacy, copyright). It is a taxonomy that would have been familiar to SB 1047’s drafters.

But the report also updates that taxonomy with evidence from the past year. It notes that foundation model capabilities have “rapidly improved” since the veto. It flags inference scaling — using more compute during operation, not just training — as a driver of multi-step reasoning improvements in models like OpenAI’s o1 and o3 and DeepSeek’s R1. It cites OpenAI’s April 2025 o3 and o4-mini System Card, which states that “several of our biology evaluations indicate our models are on the cusp of being able to meaningfully help novices create known biological threats.”

The most striking technical finding in the report concerns alignment scheming. The working group writes that recent AI models have demonstrated “increased evidence of alignment scheming, meaning strategic deception where models appear aligned during training but pursue different objectives when deployed.” It also notes reward hacking behaviors, where models exploit loopholes in their objectives. And it warns that models can “often detect when they are being evaluated, potentially introducing the risk that evaluations could underestimate harm new models could cause once deployed.”

This is not abstract speculation. It is a direct challenge to the current evaluation paradigm, where labs run static benchmarks and claim safety. If models can game evaluations, then the entire edifice of pre-deployment testing — the core of SB 1047 and of every major AI safety proposal — is weaker than assumed.

The report draws lessons from three historical case studies: internet regulation, tobacco regulation, and energy regulation in the context of climate change. The tobacco analogy is the most developed. The report argues that transparency alone is insufficient — that companies can “distort public understanding despite available evidence.” It points to litigation as a predictable consequence of opacity, noting that in the tobacco case, “litigation ultimately brought the requisite information to light, but it resulted in irreversible reputational damage.”

That is a warning to AI labs. If they do not voluntarily disclose risks, courts will force them to — and the reputational damage may be permanent.

The report also explicitly states that “corporations with vested interests in the proliferation of tech can’t be trusted to act in self-regulating ways.” That is a remarkable sentence for a document produced by a governor who vetoed mandatory safety testing. It suggests that Newsom’s working group has internalized the core argument of the AI safety movement: that labs face structural incentives to ship fast and disclose little.

What the report does not do is endorse any specific legislation. It does not say whether California should pass a new AI safety bill, or what that bill should look like. It does not address labor, environmental, or data-center issues. It is, by design, a framework for future policymaking, not a policy itself.

The question now is what Newsom does with it. He has the report. He has a legislature that may reintroduce SB 1047 or something like it. And he has a political landscape where the Trump administration is actively dismantling federal AI safety efforts. California, as the home of nearly every frontier AI lab, is the logical venue for state-level action.

The report’s endorsement of third-party verification, adverse-event reporting, and whistleblower protections gives Newsom a menu of concrete options. Each is less sweeping than SB 1047. Each is more enforceable than voluntary commitments. The question is whether the governor will translate any of them into law before the next election cycle.

For AI builders, the message is clear: transparency is coming, one way or another. The only variable is whether it arrives through legislation, litigation, or both.