California Uses Procurement Power to Set AI Standards Where Regulators Failed
California Gov. Gavin Newsom signed Executive Order N-5-26 on March 30, establishing AI certification requirements for vendors seeking state contracts. The move sidesteps years of regulatory gridlock by using government purchasing power-rather than legislation-to enforce AI safeguards.
The order gives state agencies 120 days to develop certifications addressing three risk categories: illegal content including child sexual abuse material and non-consensual intimate imagery; harmful bias and inadequate bias governance; and civil rights violations spanning free speech, voting, human autonomy, unlawful discrimination, detention, and surveillance.
What the Order Requires
State agencies must implement watermarking for AI-generated or substantially manipulated content to combat misinformation and deepfakes. California's chief information security officer will independently review supply chain risk designations and override any deemed improper.
The order also directs the Government Operations Agency to recommend reforms allowing California to bar vendors that courts have found unlawfully undermined privacy or civil liberties.
Procurement as Enforcement Mechanism
The strategy bypasses traditional legislative processes. Certification requirements take effect July 28, 2026-a deadline that vendors cannot delay through lobbying, committee negotiations, or legal challenges filed before implementation.
AI vendors must meet California's standards or lose access to the fourth largest economy in the world. They cannot afford to walk away from that market.
This approach differs fundamentally from how regulators have approached AI governance for nearly a decade. Rather than publishing policies and hoping for compliance, California made AI oversight an operational requirement embedded in contracting.
Federal-State Conflict
The order inverts existing federal supply chain power. The Department of Defense previously flagged Anthropic as a supply chain risk after the company refused to support certain surveillance and weapons applications. California's executive order now allows its chief information security officer to bypass such federal designations.
This creates competing demands. An AI vendor might satisfy California's civil rights protections while violating federal procurement terms, or vice versa. The calculus shifts for any vendor operating in both markets.
A Fragmented Future
Procurement power is not unique to California. Any government with a budget and vendor relationships can deploy the same mechanism. What Newsom did was publish the blueprint.
Other states could establish their own AI procurement standards, creating 50 different requirements pulling in different directions. Vendors would face a patchwork of conflicting certifications, each with its own enforcement deadline.
For AI for Legal professionals, this shift means AI governance is no longer a document problem. It is now an operations problem with hard deadlines and real market consequences.
Your membership also unlocks:
