Do CCPA ADMT rules require a risk assessment?

The CCPA regulations on automated decision-making technology (ADMT) and risk assessments, finalized by the California Privacy Protection Agency, require businesses to conduct risk assessments for certain high-risk processing and give consumers rights around…

register 09 · Compliance pins· California AI Transparency
01 ·

Answer.

Named jurisdictional law · California AI Transparency.

The CCPA regulations on automated decision-making technology (ADMT) and risk assessments, finalized by the California Privacy Protection Agency, require businesses to conduct risk assessments for certain high-risk processing and give consumers rights around ADMT, with compliance phasing in (key obligations by 2027-01-01). So yes, a risk assessment is required for covered uses. Planisphere supplies behaviour evidence that can feed such an assessment; it does not perform the legal risk assessment or provide legal advice.

Cite-anchor: California AI transparency stack (AB 2013, SB 53/TFAIA, SB 942, CCPA ADMT regs) · Cal. AB 2013 (2024); SB 53 (2025); SB 942 (delayed by AB 853 to 2026-08-02); CPPA ADMT regs (final Sep. 2025)

02 ·

The mark behind the answer.

California AI Transparency is enacted (or near-enacted) law in a specific jurisdiction, with a specific obligation and a…

SB 942 + AB 2013 + SB 53 + CCPA ADMT — the CA frontier/transparency stack.

→ Full reference for California AI Transparency

Prepare evidence for California AI Transparency review.

First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.