Do CCPA ADMT rules require a risk assessment?
The CCPA regulations on automated decision-making technology (ADMT) and risk assessments, finalized by the California Privacy Protection Agency, require businesses to conduct risk assessments for certain high-risk processing and give consumers rights around…
Answer.
The CCPA regulations on automated decision-making technology (ADMT) and risk assessments, finalized by the California Privacy Protection Agency, require businesses to conduct risk assessments for certain high-risk processing and give consumers rights around ADMT, with compliance phasing in (key obligations by 2027-01-01). So yes, a risk assessment is required for covered uses. Planisphere supplies behaviour evidence that can feed such an assessment; it does not perform the legal risk assessment or provide legal advice.
The mark behind the answer.
SB 942 + AB 2013 + SB 53 + CCPA ADMT — the CA frontier/transparency stack.
More on California AI Transparency.
Prepare evidence for California AI Transparency review.
First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.