(1) Existing law establishes the Department of Technology within the Government Operations Agency. Existing law requires the department to conduct, in coordination with other interagency bodies as it deems appropriate, a comprehensive inventory of all high-risk automated decision systems that have been proposed for use, development, or procurement by, or are being used, developed, or procured by, any state agency.
This bill would establish within the Government Operations Agency a consortium required to develop a framework for the creation of a public cloud computing cluster to be known as "CalCompute" that advances the development and deployment of artificial intelligence that is safe, ethical, equitable, and sustainable by, among other things, fostering research and innovation that benefits the public, as prescribed. The bill would require the Government Operations Agency to, on or before January 1, 2027, submit a report from the consortium to the Legislature with that framework. The bill would make those provisions operative only upon an appropriation in a budget act, or other measure, for its purposes.
(2) Existing law prohibits employers and their agents from making, adopting, or enforcing a rule, regulation, or policy preventing an employee from disclosing information to certain entities or from providing information to, or testifying before, any public body conducting an investigation, hearing, or inquiry if the employee has reasonable cause to believe that the information discloses a violation of a law, as specified, and prohibits retaliation against an employee for, among other things, exercising these rights.
This bill would, among other things related to protecting whistleblowers working with certain artificial intelligence models, prohibit a developer from making, adopting, or enforcing a rule, regulation, or policy that prevents an employee from disclosing, or retaliates against an employee for disclosing, information to the Attorney General, federal authorities, or another employee who has authority to investigate, discover, or correct the reported issue, if the employee has reasonable cause to believe that the information discloses that the developer's activities pose a critical risk or that the developer has made false or misleading statements about its management of critical risk. The bill would define "critical risk" to mean a foreseeable and material risk that a developer's development, storage, or deployment of a foundation model, as defined, will result in the death of, or serious injury to, more than 100 people, or more than $1 billion in damage to rights in money or property, as provided. The bill would also require a developer to provide a certain internal process through which an employee may anonymously disclose information to the developer if the employee believes in good faith that the information indicates that the developer's activities present a critical risk, as prescribed. The bill would specify provisions particular to enforcement and would authorize attorney's fees to a plaintiff who brings a successful action for a violation.