Official name: California AB 979 (California Cybersecurity Integration Center: artificial intelligence)
Establishes the California AI Cybersecurity Collaboration Playbook by January 1, 2027, to enhance cybersecurity through information sharing on AI threats. Requires state protection of sensitive information, with mandatory and voluntary participation mechanisms, while safeguarding individual privacy and business confidentiality.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding California state statute (AB 979) that amends the Government Code with mandatory requirements for state agencies. It uses mandatory language ('shall') throughout and establishes legally enforceable obligations for the California Cybersecurity Integration Center and state contractors/vendors.
The document primarily addresses cybersecurity risks related to AI systems, with good coverage of AI system security vulnerabilities (2.2), cyberattacks and weapons development (4.2), and governance structures (6.5). It has minimal coverage of privacy compromise (2.1) and competitive dynamics (6.4). The focus is on information sharing mechanisms to defend against cyber threats rather than broader AI risk domains.
This document primarily governs Public Administration (excluding National Security) through mandatory requirements for state agencies and the California Cybersecurity Integration Center. It also has good coverage of Information sector (AI providers, developers, telecommunications), Educational Services (schools, universities), Health Care (California Health and Human Services Agency), and Utilities (California Utilities Emergency Association). The governance extends to state contractors and vendors across multiple sectors providing AI services to government.
The document does not focus on specific AI development lifecycle stages but rather on operational monitoring and information sharing about AI-related cybersecurity threats. It primarily addresses the 'Operate and Monitor' stage through ongoing threat detection, reporting, and response mechanisms. There is implicit coverage of deployment through requirements for state contractors/vendors.
The document explicitly mentions 'artificial intelligence (AI)' and 'AI services' multiple times but does not define AI models, AI systems, or provide technical specifications. It references AI providers, developers, and adopters without distinguishing between frontier AI, general purpose AI, or other AI categories. No compute thresholds or model architecture specifications are mentioned.
California State Legislature; The people of the State of California
This is a California state bill (AB 979) enacted by the California Legislature, as indicated by the opening phrase 'The people of the State of California do enact as follows' which is standard legislative language.
California Cybersecurity Integration Center; Office of Emergency Services; Director of Emergency Services; Government Operations Agency; Office of Information Security
The California Cybersecurity Integration Center, led by the Office of Emergency Services, is designated as the primary enforcement and coordination body. The Director of Emergency Services has authority to designate additional members, and the Government Operations Agency and Office of Information Security have consultation roles.
California Cybersecurity Integration Center; Cyber Incident Response Team; Office of Emergency Services; California State Threat Assessment System; United States Department of Homeland Security — National Cybersecurity and Communications Integration Center
The California Cybersecurity Integration Center serves as the monitoring hub, with a dedicated Cyber Incident Response Team for threat detection and response. It operates in coordination with federal monitoring entities and is required to submit reports to the Legislature.
California Cybersecurity Integration Center; Office of Emergency Services; state contractors and vendors providing artificial intelligence services; AI providers; AI developers; AI adopters; utilities and other service providers; academic institutions; nongovernmental organizations
The document targets state agencies (particularly the California Cybersecurity Integration Center and Office of Emergency Services) with mandatory obligations, and state contractors/vendors providing AI services with mandatory information sharing requirements. It also creates voluntary mechanisms for AI providers, developers, and adopters.
5 subdomains (3 Good, 2 Minimal)