01 — WHAT IS IT
What is SB 942?
California Senate Bill 942, formally titled the California AI Transparency Act, is a state law signed into effect that requires large AI providers to make their AI-generated content identifiable, verifiable, and traceable. It took effect January 1, 2026.
The law targets a specific problem: the explosive growth of AI-generated images, video, and audio has made it nearly impossible for consumers to distinguish real content from synthetic content. SB 942 aims to fix this by requiring every piece of AI-generated content to carry invisible proof of its AI origin — embedded at the moment of generation, before the content ever leaves the provider's platform.
Unlike the EU AI Act, which creates a broad regulatory framework across risk tiers, SB 942 is narrow and surgical. It doesn't restrict what AI can generate. It doesn't require risk assessments or conformity certifications. It requires three specific things: embed a watermark, show a disclosure, and provide a free way to verify. Simple in principle — operationally significant in practice.
Key distinction: SB 942 applies to the generator, not the publisher. If your platform creates the AI content, compliance is your responsibility — even if a downstream user distributes it.
02 — SCOPE
Who needs to comply with SB 942?
SB 942 defines a "covered provider" as any company or individual that trains, fine-tunes, or hosts a large generative AI system and has at least 1,000,000 monthly users. The law is expressly designed to capture the largest platforms — the ones producing AI content at scale.
If your platform falls into any of these categories and serves users in California, you are in scope:
AI Image Generators
Tools that generate images from text or other inputs (Stable Diffusion APIs, Midjourney-style platforms, DALL-E integrations)
AI Video Generators
Platforms that generate or meaningfully alter video content using AI models
AI Audio & Voice Generators
Text-to-speech, voice cloning, AI music generation, and synthetic audio platforms
Multimodal AI Platforms
Products that combine AI text, image, video, or audio generation in a single output
The 1M user threshold is a floor, not a safe harbor. Companies approaching 1 million monthly users should implement compliance infrastructure now — reaching the threshold while non-compliant is a day-one violation exposure.
03 — REQUIREMENTS
SB 942 Key Requirements Checklist
SB 942 establishes three core technical and operational requirements. Every covered provider must satisfy all three. Partial compliance is not compliance.
Latent Watermark Embedding
Every AI-generated image, audio, and video must carry an invisible, durable latent watermark embedded at generation time. The watermark must survive basic editing operations (cropping, resizing, compression) and encode provider identity, model ID, and generation timestamp. The C2PA standard is the recommended implementation framework.
REQUIRED
Manifest Disclosure
AI-generated content displayed to end users must be accompanied by a clear, visible label stating the content is AI-generated and identifying the provider. The disclosure must be shown in the same view as the content — not buried in settings, tooltips, or legal documents.
REQUIRED
Free Public Detection Tool
Covered providers must operate a publicly accessible, free detection tool that allows anyone to upload content and receive a determination of whether it was generated by the provider's AI. No account creation required. The tool must identify the provider, model, and generation date where available.
REQUIRED
Watermark Durability Standards
Watermarks must remain detectable after JPEG compression (quality 75+), cropping (up to 25%), resizing (up to 50%), and brightness/contrast adjustments within normal editing ranges. Providers must document durability testing methodology.
REQUIRED
API & Third-Party Distribution
If you provide an API that third parties use to generate content, watermarking requirements flow downstream. Your API output must already contain the watermark — you cannot shift responsibility to API consumers to add it later.
REQUIRED
Compliance Documentation
Maintain written records of your watermarking implementation, disclosure mechanisms, and detection tool operation. While not explicitly required by the statute, AG investigations will request this documentation as evidence of good-faith compliance efforts.
RECOMMENDED
04 — PENALTIES
SB 942 Fines & Enforcement
SB 942 enforcement is handled by the California Attorney General's office. The AG has civil enforcement authority — there is no private right of action (individuals cannot sue you directly under SB 942). However, the AG can seek penalties and injunctive relief.
$5,000
Per Violation
Each piece of non-watermarked AI content distributed to users counts as a separate violation. High-volume platforms generating thousands of images daily face compounding exposure.
CA AG
Enforcer
The California Attorney General has exclusive civil enforcement authority. The AG can also seek injunctive relief, which can effectively shut down your AI generation features while compliance issues are resolved.
Jan 1, 2026
Effective Date
No grace period. Violations that occurred before your compliance implementation are within the statute of limitations. There is no retroactive safe harbor for pre-compliance violations.
No Cap
Per-Violation Model
Unlike GDPR (which caps at % of global revenue), SB 942 uses a per-violation model with no aggregate cap. A platform serving 10,000 non-compliant images faces up to $50,000,000 in theoretical exposure.
Compounding math: A mid-size AI image platform generating 50,000 images per day that was non-compliant from January 1, 2026 through March 25, 2026 (84 days) has theoretical exposure of 50,000 × 84 × $5,000 = $21 billion. The AG won't seek that in practice, but it illustrates why early resolution matters.
05 — TIMELINE
SB 942 Timeline
Unlike regulations with long implementation runways, SB 942 went from signed to enforceable in under a year. Here is where we stand today.
SIG
SEPTEMBER 2024
SB 942 Signed by Governor Newsom
California Governor signs the AI Transparency Act into law. Covered providers have approximately 15 months to implement before enforcement.
EFF
JANUARY 1, 2026
SB 942 Takes Effect — Fines Begin
The law becomes enforceable on day one. All covered providers must have watermarking, disclosures, and detection tools operational. No grace period.
NOW
LIVE
MARCH 2026
You Are Here — Enforcement Active
The California AG is actively investigating non-compliant platforms. Companies that have not yet implemented SB 942 requirements are accumulating violations in real time.
EXP
UPCOMING
2026–2027
First AG Enforcement Actions Expected
Legal analysts expect the first formal AG enforcement actions against non-compliant covered providers to be filed in 2026, with high-profile targets chosen to establish precedent.
06 — SOLUTION
How AuditGen Helps You Comply
Manual SB 942 compliance means auditing every AI content generation endpoint in your codebase, implementing C2PA watermarking, adding disclosure headers, and building a detection endpoint — without missing anything. AuditGen automates this.
Connect your GitHub repository. AuditGen scans every AI generation call, API endpoint, and content delivery path for SB 942 compliance gaps. You get a prioritized report showing exactly what's missing, where it is in your code, and what it will take to fix it.
- Detects all AI model calls (OpenAI, Anthropic, Stability, Replicate, and more)
- Identifies content delivery endpoints missing watermark injection
- Flags UI components without manifest disclosure labels
- Checks for existing detection endpoint and flags if absent
- Generates a compliance risk score with remediation priority order
Run Free Compliance Scan →
07 — FAQ
Frequently Asked Questions
Does SB 942 apply to text-only AI outputs like chatbots?
⌄
SB 942 primarily targets AI-generated images, audio, and video. Text-only outputs are not subject to the latent watermarking requirement. However, chatbot responses that include AI-generated images, voice, or video within them trigger full compliance obligations for those media components. Pure text generation (e.g., LLM-based chatbots without media output) falls outside the watermarking mandate but may be subject to separate California AI disclosure bills.
What is C2PA and do I have to use it for SB 942 compliance?
⌄
C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard for embedding provenance metadata in media files. SB 942 does not mandate C2PA specifically — it requires a "latent watermark" standard. However, C2PA is the industry-dominant implementation and the most defensible choice if your methodology is ever scrutinized by the AG. Proprietary watermarking schemes that meet the durability and metadata requirements are theoretically compliant but carry more regulatory risk.
Our API is used by third parties to generate content. Who is responsible?
⌄
You are. SB 942 places compliance responsibility on the "covered provider" — the entity operating the underlying AI model. If you provide an API that generates AI content, your API output must already contain the latent watermark. You cannot contractually shift this obligation to your API customers. A third-party developer using your API to build a product is not the covered provider under SB 942 — you are.
Can the manifest disclosure be in a tooltip or hover state?
⌄
The law requires the disclosure to be "clear and conspicuous" and visible when the content is presented to the user. Hiding it in a tooltip, hover state, settings menu, or terms of service likely does not satisfy this requirement. The safest implementation is a persistent visible label — either an overlay badge on media or a dedicated disclosure line shown alongside the content. Legal counsel should confirm your specific UI implementation.
We have fewer than 1M users now. Should we still prepare?
⌄
Yes. Building compliance infrastructure into your generation pipeline now costs a fraction of retrofitting it later. Companies that reach 1 million users without compliance in place face immediate violation exposure from the moment they cross the threshold. Given typical SaaS growth trajectories, building now is cheaper, less risky, and signals maturity to enterprise customers who increasingly have their own SB 942 compliance vendor requirements.
What does the free detection tool actually need to do?
⌄
The free public detection tool must: (1) accept file uploads without requiring account creation, (2) analyze the content for your AI's watermark signature, (3) return a clear result indicating whether the content was generated by your AI, (4) identify the provider and model where detectable, and (5) be accessible without any cost to the user. It does not need to detect other providers' AI content — only your own. The tool must be publicly linked and discoverable (typically from your main website).
Know your gaps before the AG does.
AuditGen scans your codebase for SB 942 compliance violations in under 60 seconds. See exactly what's missing, where it is, and how to fix it.