California’s New AI Law Misses the Mark on Whistleblower Protections

California Gov. Gavin Newsom (D) late last month signed into law the Transparency in Frontier Artificial Intelligence Act (TFAIA), or SB 53, which requires large AI companies to publicly report their safety and security protocols and the potential risks of their technologies.

SB 53 marks a step forward by recognizing the need to provide employees with a secure channel to report concerns, permit and protect internal reporting and require the posting of rights in workplaces. Critically, it recognizes the importance of whistleblowing in AI and that employees need to be educated and reminded of their rights, with numerous other useful features. The text itself explains the importance of including such provisions, stating: “Whistleblower protections and public-facing information sharing are key instruments to increase transparency.”

However, other provisions are limited in scope in ways that may have a further chilling effect on employees with reasonable concerns.

Regrettably, the bill limits the range of developing this technology that are covered under the law, as well as the types of employees covered and what you can blow the whistle on based on material harm. All these caveats and qualifications will make litigation expensive and prolonged. Additionally, there are ambiguities in the remedies outlined in the statute, and the lack of compensatory and punitive damages will likely lead to further litigation on the types of relief available. A proper statute of limitations, set of remedies, and comprehensive definitions of employee, employer and protected disclosure are not featured in this law.

Whistleblower protections

The bill contains whistleblower protections for covered employees who warn the public about the dangers the technology may pose. The definition of “Covered employee,” however, is quite narrow, limited to mean an employee responsible for assessing, managing or addressing risk of “critical safety incidents.” “Critical safety incidents” are specified to mean:

1. Unauthorized access to, modification of, or exfiltration of the model weights of a foundation model that results in death, bodily injury, or damage to, or loss of, property.
2. Harm resulting from the materialization of a catastrophic risk.
3. Loss of control of a foundation model causing death or bodily injury.

Such a definition is both unprecedented and a high bar for employees to meet. Concerns of harm impacting the public interest should not need to result in these dramatic occurrences to be worthy of whistleblowing.

Potential whistleblowers at AI companies, no matter their role or responsibilities, must have comprehensive avenues to report even potential violations, instances of misconduct and safety issues occurring throughout the field. The definition does not cover all employees within AI companies — numerous highly qualified whistleblowers are excluded, such as contractors, consultants, external auditors, and company employees whose work does not directly address the risk of critical safety incidents.

The law defines “Catastrophic risk” as a foreseeable and material risk that a frontier developer’s development, storage, use or deployment of a foundation model will materially contribute to the death of, or serious injury to, more than 50 people or more than one billion dollars in damage to, or loss of, property arising from a single incident involving a foundation model doing any of the following:

1. Providing expert-level assistance in the creation or release of a chemical, biological, radiological, or nuclear weapon.
2. Engaging in conduct with no meaningful human oversight, intervention, or supervision that is either a cyberattack or, if committed by a human, would constitute the crime of murder, assault, extortion, or theft, including theft by false pretense.
3. Evading the control of its frontier developer or user.

Under this definition, whistleblowers would have to show risk is foreseeable, material and more than a good faith belief or concern, departing from standard whistleblower law. The standard of materially contributing to the death of or serious injury to more than 50 people or more than one billion in damages from a single incident is too high a standard to meet. It is difficult to prove, arbitrary and ambiguous — will this apply to human error? The result of design vulnerability? In whistleblower cases, this is what often gets litigated. Companies look to these phrases and qualifications in legislation and interpret them in ways that narrow the scope of the law.

The catastrophic risk definition in SB 53 also excludes lawful activity of the federal government. Yet things that are lawful to the federal government can still be dangerous to human health. Testing atomic bombs in Nevada, for example, was lawful federal activity, but resulted in the death and significant harm to people’s health that are still felt today. People need the ability to blow the whistle to explain the risks of lawful federal activity that may still have catastrophic risks.

Reporting internally

Under the law, frontier developers cannot prevent covered employees from reporting to internal or external authorities on dangers to the public health or safety from a catastrophic risk or that the developer has violated the TFAIA.

Covered frontier developers must provide a “reasonable” internal process for covered employees to anonymously disclose. When an internal disclosure is made, the developer must update the whistleblower monthly regarding the status of the internal investigation of the matter and the actions they have taken in response to the disclosure. The disclosures and responses of the process required must be shared with officers and directors of the developer at least quarterly. However, if a covered employee has alleged wrongdoing by an officer or director in their disclosure, this will not apply with respect to that officer or director.

The statute prohibits restrictive agreements, a documented practice in the industry, though this section also only highlights those that prevent covered employees from making a disclosure.

It’s not clear if you can blow the whistle to a member of Congress as a federal authority, nor if the law’s references to the attorney general mean California’s or the United States AG. Also, the agencies that covered employees may report to are not specified.

Remedies

In the injunctive relief process outlined in the law, employees can seek immediate court orders to stop ongoing violations, being able to file in the county where the violation occurred, where they live or where the employer does business. Courts can grant temporary injunctions quickly after the employer is notified. An injunction can be issued if there's "reasonable cause" to believe a violation occurred. Temporary relief stays in effect until the case is resolved or reviewed; employers can still discipline employees for unrelated misconduct. Injunctions remain in effect even if the employer appeals, meaning they can't automatically pause the court order.

The courts must consider whether denying relief would discourage other employees from asserting their rights and have a further chilling effect on industry employees.

The law does not outline what permanent relief would look like, nor does it clarify what limited damages are available.

These protections will not affect other existing whistleblower provisions, including for employees not covered by this specific law. It is not clear what is intended and meant here, and by outlining that, the bill seemingly admits that many AI employees and potential whistleblowers are in fact not covered. It could be interpreted that this doesn’t mean that others can’t raise concerns, but that if they did, they would not have the rights afforded by SB 53. The remedies are cumulative to each other and other remedies and penalties available under other California laws, meaning that employees can pursue multiple legal cures at the same time.

It is not clear in the text, however, if this includes common law. California already has a good public policy exception to the common law cause of action for wrongful discharge torte claims when firings are counter to public policy. Under this exception, AI employees in California are covered and have significant rights without facing the near impossible burdens imposed by the statute.

The court is authorized to award reasonable attorney’s fees to a plaintiff who brings a successful action for a violation. Coverage of attorney's fees is good and whistleblowers can get regular injunction, but punitive and compensatory damages, backpay and restoration of all benefits, typical in whistleblower law, is not spelled out.

Are they comprehensive?

These stringent limitations may have a chilling effect on anyone considering coming forward who believes that their concerns do not meet this high standard. The definitions outlined in SB 53 are unprecedented in whistleblower law. In the Dodd-Frank Act, for example, there is no monetary threshold to receive anti-retaliation protection, only reporting in good faith.

The Sarbanes-Oxley Act protects disclosure to members of Congress and committees and federal regulatory or law enforcement agencies. Its remedies include compensatory damages, reinstatement of seniority level (and the position they would be in but for the discrimination), backpay with interest, and special damages. Arbitration agreements are voided under the AIWPA, but are permitted under SB 53.

The California law requires anonymity in internal disclosure processes for employees, but confidentiality is only outlined in the context of developers reporting to the state’s Office of Emergency Services. The only time confidentiality is mentioned in relation to covered employees is that the attorney general may not include in a report information that would “compromise the trade secrets or cybersecurity of a frontier developer, confidentiality of a covered employee, public safety, or the national security of the United States or that would be prohibited by any federal or state law.” Explicit anonymity and confidentiality protections are necessary for potential whistleblowers to feel safe coming forward with information, a process that can impact their career, finances and wellbeing.

Recommendations

SB 53 gives more force to the need for comprehensive federal whistleblower protections.

The AI Whistleblower Protection Act (AIWPA), proposed by Sen. Charles Grassley (R-IA) in May, lays out full remedies for whistleblowers, covers all employees in the sector, without a monetary threshold or death required, following the standards set by numerous respected and bipartisan whistleblower laws. The bipartisan bill protects individuals who disclose information regarding a potential AI security vulnerability or violation. Under the bill, these whistleblowers can be current or former employees and independent contractors, and like other measures protecting against whistleblower retaliation, it does not require that they prove laws have been broken to be covered, only that they act in good faith in flagging a possible violation.

Vagueness in the definitions of SB 53 leaves room for interpretation and narrow qualifications. This has damaging limitations that will give rise to endless litigation, limiting the law’s effectiveness and rendering it all but unusable for whistleblowers. The qualifications outlined in SB 53 make it so difficult to file a successful claim, and many valid cases will be dismissed.