Governor Gavin Newsom's Executive Order N-6-26 directs California agencies to study how artificial intelligence (AI) impacts workers, with specific focus on hiring, layoffs, and workforce displacement. While the May 21, 2026 order creates no immediate obligations, it maps exactly where state regulators will aim next—and most employers using AI tools for hiring or performance reviews already face binding privacy requirements they're not meeting.
What does California's AI executive order require from employers?
The executive order does not create any rights or benefits to employees, nor does it impose any new legal obligations on employers. Instead, it launches a series of studies and policy reviews with deadlines running through November 2026. The Labor and Workforce Development Agency must review California Worker Adjustment and Retraining Notification (WARN) Act changes, analyze severance practices, and examine how collective bargaining addresses AI adoption.
The Employment Development Department will publish a dashboard tracking AI's employment impact and collect business feedback on how technology affects hiring decisions—twice yearly through 2027. Translation: California is building an evidence base for future legislation.
Separate from this executive order, the California Worker Technological Displacement Act (SB 951) is currently pending in the Legislature. SB 951 would require at least a 90-day advanced written notice before any technological displacement affecting 25 or more workers or 25 percent of the workforce, whichever is less. The bill is still being amended, but if passed, the bill imposes a $500 civil penalty for each day an employer is in violation.
How does this connect to existing California AI privacy rules?
Here's what employers miss: while the executive order studies future policy, the California Consumer Privacy Act (CCPA) already regulates automated decision-making technology (ADMT) in employment—and effective January 1, 2027, many California employers must comply with a challenging and detailed set of new requirements before using automated decisionmaking technology for certain employment actions.
The California Privacy Protection Agency finalized these regulations in September 2025. Employers subject to the CCPA who use automated decisionmaking technology for employment-related decisions, without meaningful human involvement, must now conduct detailed risk assessments, provide pre-use notices, and honor certain opt-out and access rights.
ADMT is defined broadly: any technology that processes personal information and uses computation to replace human decision-making or substantially replace human decision-making. That includes resume screening tools, scheduling algorithms, performance scoring systems, compensation calculators, and promotion recommendation engines. If computation drives the decision and a human just clicks "approve," you're covered.
What are the compliance requirements for AI in hiring?
For California residents' data, employers using ADMT for hiring, promotion, compensation, work allocation, suspension, or termination must:
- Conduct risk assessments before deployment, updated every three years or within 45 days of material changes
- Provide pre-use notices explaining how the ADMT works, what data it uses, outputs it generates, and employee rights to opt out or appeal
- Honor opt-out requests unless you provide meaningful human review with authority to overturn the decision
- Respond to access requests detailing what ADMT was used and how it affected the individual
- Retain records of inputs and outputs for four years under California Fair Employment and Housing Act requirements
These obligations apply to CCPA-covered businesses: those with over $25 million in annual revenue (adjusted for inflation), or those processing large volumes of California resident data.
What are the penalties for ADMT noncompliance?
Noncompliance can result in fines of up to $2,500 per violation and $7,500 per intentional violation, enforced by the California Privacy Protection Agency and Attorney General. There's no private right of action for ADMT violations specifically, but the per-violation structure means exposure scales with the number of affected workers.
A company that fails to provide pre-use notices to 500 California job applicants has 500 violations. At $2,500 each, that's $1.25 million before anyone even alleges discrimination. The CCPA gives you a 30-day cure window after notice—but only if you can actually fix systemic ADMT practices in a month.
Why does the executive order matter if the rules already exist?
The executive order signals enforcement priority. When state agencies publish dashboards tracking AI displacement, collect employer feedback on technology adoption, and recommend WARN Act changes specifically tied to AI layoffs, they're building the political and evidentiary case for stricter rules. The studies and recommendations it directs will likely inform future legislation and rulemaking.
Meanwhile, many employers don't realize they're already non-compliant with January 2027 ADMT requirements. If you're using an applicant tracking system with auto-reject thresholds, an AI interview scoring tool, or algorithmic shift assignment for California workers, you have seven months to implement risk assessments, revise privacy policies, build opt-out workflows, and train HR teams—or face the first enforcement wave in a newly spotlighted policy area.
The SB 951 legislative track runs parallel: if passed, 90-day notice requirements for AI-driven layoffs would force employers to document and disclose which specific AI system caused the displacement and who built it. That's a much higher bar than generic reduction-in-force communications.
What should employers do now?
- Inventory your AI tools. List every system that scores, ranks, filters, or recommends employment decisions—including vendor products marketed as "decision support."
- Map California exposure. How many California applicants, employees, or contractors does each tool touch?
- Assess ADMT applicability. Does a human with authority review and potentially override the output using additional context? If not, it's likely covered.
- Draft or update notices. Your employee privacy policy needs ADMT-specific disclosures before January 1, 2027.
- Build opt-out procedures. Decide what your alternative non-automated process looks like and document it.
- Conduct risk assessments. These must be in writing and available for CPPA inspection during audits.
If you're also deploying third-party AI tools, revisit our analysis of AI code generators and hidden tracking—the data-sharing obligations stack. And if you're processing data through Microsoft Azure AI services, note the recent 30-day subprocessor notice period change that shortens your reaction window.
You can scan your site to identify tracking and consent issues before enforcement catches them.
The timeline collision
Timeline showing California AI regulation convergence in 2027
Executive Order N-6-26 directs policy recommendations by mid-November 2026. CCPA ADMT rules take effect January 1, 2027. SB 951 could pass later in 2026. Employers face a narrow window where they're operating under January 2027 compliance mandates while the legislative groundwork for even stricter rules is being laid in real time.
California isn't waiting for federal AI legislation. The state is moving on three tracks simultaneously: immediate privacy compliance (ADMT), near-term workforce protection (SB 951), and medium-term policy development (the executive order studies). Companies betting they can delay AI governance until federal clarity arrives will spend 2027 retrofitting compliance programs under active enforcement.
The executive order doesn't regulate you. But it tells you exactly where the regulator is looking.
Frequently Asked Questions
Does California's AI executive order ban AI in hiring? No. The executive order directs state agencies to study AI's workforce impact and recommend policies—it creates no immediate restrictions on employers' use of AI tools.
When do California ADMT privacy rules take effect? January 1, 2027. Employers already using ADMT for employment decisions must comply by that date; those adopting ADMT after must comply immediately upon deployment.
What counts as automated decision-making technology under CCPA? Any technology that processes personal information and uses computation to replace or substantially replace human decision-making, including AI resume screeners, interview scoring tools, performance algorithms, and scheduling systems.
What are the penalties for violating California's ADMT rules? Up to $2,500 per unintentional violation and $7,500 per intentional violation, with no cap on total fines. Penalties are assessed per affected individual.
Does SB 951 require 90-day notice for all layoffs? No—only for technological displacement (job elimination caused primarily by AI or automation) affecting 25 or more workers or 25% of the workforce, whichever is less. SB 951 is still pending and subject to amendments.
Do small businesses need to comply with CCPA ADMT rules? Only if they meet CCPA thresholds: over $25 million in annual revenue (inflation-adjusted) or process large volumes of California resident data. Nonprofits and businesses without California workers are generally exempt.