- Governor Gavin Newsom signed an executive order creating a formal AI vendor certification and procurement framework for California state agencies.
- The order requires AI vendors to meet defined standards before state government entities can award procurement contracts for AI products or services.
- Legal analysts at Ropes & Gray LLP identify significant compliance obligations for companies with active California state contracts or bids in progress.
- The action extends California’s AI governance apparatus through executive procurement policy rather than the legislative process.
What Happened
California Governor Gavin Newsom signed an executive order establishing a certification and procurement framework for AI vendors seeking contracts with state agencies, according to a client alert published by Ropes & Gray LLP. The order formalizes requirements that AI vendors must satisfy prior to state procurement, establishing a compliance gatekeeping mechanism administered through California’s contracting infrastructure.
Why It Matters
California state government is one of the largest institutional technology buyers in the United States, and procurement mandates set in Sacramento can shape vendor compliance programs well beyond the state’s borders. The executive order follows Newsom’s September 2024 veto of SB 1047 — the AI safety bill authored by State Senator Scott Wiener — in which Newsom argued the legislation’s broad liability framework lacked targeted enforcement and risked displacing AI development without proportionate benefit.
The new order pursues similar governance objectives through a different mechanism: it uses the state’s contracting authority to impose binding obligations on vendors without requiring legislative majorities, and at a point when the federal government has largely retrenched from proactive AI regulation.
Technical Details
The executive order establishes a vendor certification framework under which AI companies must demonstrate compliance with defined standards before procurement contracts can be executed. Frameworks of this type typically require vendors to produce documentation such as model cards, data provenance disclosures, and bias evaluation results, with requirements tiered by risk classification — higher-risk applications such as those used in benefits determinations or law enforcement receiving heightened scrutiny compared to lower-stakes administrative tools.
California’s existing Automated Decision Systems accountability infrastructure, built through prior executive and legislative action, provides procedural precedent the new framework appears designed to extend. The Ropes & Gray analysis identifies the order as creating direct compliance obligations for vendors currently under active state contracts as well as those bidding for new state work.
Who’s Affected
AI software vendors, enterprise cloud providers offering AI-enabled services, and companies anywhere in the AI supply chain with California government exposure are subject to the new requirements. State agencies including the California Department of Technology and major service-delivery departments will be required to incorporate vendor certification steps into existing procurement workflows before executing new AI-related contracts.
Ropes & Gray advised clients with California state contracts or pending bids to review the order’s requirements ahead of implementing guidance from state agencies, indicating the obligations attach at signing rather than at the conclusion of any rulemaking period.
What’s Next
Implementing regulations or agency guidance will be needed to operationalize the certification standards, a process that in California typically spans several months and involves public comment. California’s active 2026 legislative session may produce companion bills to codify the framework into statute, extending its durability beyond the current administration. Companies with active state contracts should assess their compliance posture before agency-level guidance is finalized.
