Bridging the Gap: State AI Laws, Federal Regulation, and Credit Union Compliance

Although California state Senator Scott Wiener’s first attempt to pass artificial intelligence (AI) legislation was vetoed by Governor Gavin Newsom last year, his second attempt was successful when Newsom recently signed Senate Bill 53 (SB 53) into law.  Signed on September 29, 2025, the Transparency in Frontier Artificial Intelligence Act (TFAIA), creates new AI-specific regulations aimed to enhance online safety by requiring the largest frontier developers to (i) publicly disclose safety and security protocols; (ii) report the most critical safety incidents and (iii) protect whistleblowers. A “frontier” is a highly advanced AI model 
Here are some of the key components and requirements of the new law:

1.    Greater Transparency: A large frontier developer must write, implement, and publish (on its website) a frontier AI framework describing how it manages risks.
2.    Increased Innovation: Establishes a new consortium within the Government Operations Agency to develop a framework for a public cloud computing cluster called “CalCompute”.  CalCompute will advance the development of AI that is safe, ethical, equitable, and sustainable by fostering research and innovation.
3.    Reporting of Safety Incidents: Creates a new mechanism for frontier AI companies and the public to report potential critical safety incidents to the Office of Emergency Services. 
4.    Whistleblower Protections: The law requires the developer to provide an internal process, including anonymous disclosure, for employees who believe the activities pose a catastrophic risk or that the developer has misrepresented its risk management. Also, the law prohibits a large frontier developer from enforcing policies or contracts that prevent or retaliate against whistleblowing employees.

If your credit union isn’t located in California, you may be asking yourself: “how does this impact my credit union?” The direct impact of this California specific law for those who are not located in the state may not be obvious at first glance, but there are some indirect and potential federal implications for federally chartered credit unions. The California Press Release announcing the passage of the bill claims that “California is home to 32 of the top 50 AI companies of the world”.  What this means is that if your credit union is using AI tools powered by a “frontier model” developer covered by SB 53, that developer will have obligations around safety, transparency, and risk reporting.  While these obligations do fall on the developer themselves, this could affect how credit unions vet and manage their third-party vendors. 

Additionally, the adopting of this new CA law could have an impact on future federal legislation as it relates to AI framework.  State laws often serve as templates. Just as California privacy law (CCPA/CPRA) spurred national conversation on data privacy, SB 53 could shape federal AI governance frameworks that would directly impact credit unions. As other states create their own AI safety frameworks, credit unions operating across state lines (even if federally chartered) could face inconsistent disclosures or obligations from different vendors. For instance, Colorado recently passed its own comprehensive AI law aimed to protect consumers from risks of algorithmic discrimination. The burden of this inconsistency could help accelerate a push toward federal AI regulation, which could ultimately apply to Federal Credit Unions.

For now, the gap between state and federal law means credit unions should treat SB 53 as an early sign of what’s to come at the federal level. Even if your credit union is not in California, vendors you work with may be subject to these new requirements and regulators could expect you to incorporate that information into your third-party risk management and due diligence processes. Monitoring vendor compliance with AI safety frameworks, documenting how your credit union evaluates AI risks, and staying alert to evolving state and federal proposals will help ensure your credit union is prepared for broader, more uniform regulation that could develop in the near future.