6 April 2026

California Governor issues Executive Order on AI procurement standards and responsible government use

Written by:Danny TobeyRuth DapperKarley Buckley

On March 30, 2026, California Governor Gavin Newsom signed Executive Order N-5-26, directing state agencies to develop new standards for artificial intelligence (AI) companies seeking to contract with the state, as well as to expand responsible use of generative AI (GenAI) in government operations.

The Order, which takes effect immediately, represents the latest step in California’s ongoing efforts to shape AI governance. It follows the enactment of the Transparency in Frontier Artificial Intelligence Act (TFAIA) and a series of AI-related bills signed into law in late 2025.

In this alert, we summarize the Executive Order’s key provisions and potential implications for companies doing business with the State of California.

Background

Executive Order N-5-26 adds a procurement-focused layer to the regulatory landscape and builds on a prior Executive Order, N-12-23, issued in September 2023, which outlined how the state would evaluate, develop, and use GenAI in state operations. The new Executive Order cites both the opportunities and the risks presented by GenAI’s development – including the potential for mass surveillance, manipulation of information, and violations of civil rights and civil liberties – and frames public procurement as “one of the most powerful tools available to governments to shape market behavior and encourage responsible innovation.”

What does the Executive Order require?

The Order directs several state agencies to take action, in most cases within 120 days of issuance. Its key provisions fall into five categories.

1. New certification requirements for state contractors

The Department of General Services (DGS) and the Department of Technology (CDT) are directed to submit recommendations to the Governor for new certifications that may be incorporated into state contracting processes, where consistent with existing procurement statutes and regulations.

Under these certifications, entities seeking to do business with the state would be required to attest to and explain their policies and safeguards in several areas, including but not limited to:

  • Prevention of exploitation or distribution of illegal content, such as child sexual abuse material and non-consensual intimate imagery

  • Avoidance of harmful bias or implementation of governance to reduce the risk of such bias

  • Protection of civil rights and civil liberties, including free speech, voting, human autonomy, and protections against unlawful discrimination, detention, and surveillance

2. Independent review of federal supply chain designations

The Order directs CDT’s State Chief Information Security Officer (CISO) to review any new federal designations of companies as supply chain risks. Unlike the other provisions of the Order, this directive does not include a specified deadline and instead establishes an ongoing review obligation. If the CISO concludes that a designation is improper, DGS and CDT will jointly issue guidance to help ensure that departments and agencies can continue to easily procure from that company. The CISO may also review other federal procurement changes and recommend appropriate measures in response.

3. Reforms to contractor responsibility provisions

The Government Operations Agency (GovOps), in consultation with DGS and CDT, is directed to submit recommendations to the Governor on reforms to contractor responsibility provisions, including suspension and ineligibility authorities. The stated purpose is to ensure that state entities do not contract with entities that have been judicially determined to have unlawfully undermined privacy or civil liberties, including freedom of speech, voting, and protections from unlawful discrimination and surveillance.

4. Expanding GenAI use in government operations

The Order directs GovOps and its component agencies, including CDT, the Office of Data and Innovation (ODI), DGS, and the California Department of Human Resources (CalHR), to undertake steps regarding the use of GenAI within state government. These include:

  • Facilitating employee access to vetted GenAI tools for general use cases with appropriate privacy and cybersecurity safeguards

  • Leveraging the State Technology Council and AI Community of Practice to share best practices on AI procurement and adoption

  • Updating the State Digital Strategy to identify opportunities for GenAI to strengthen government transparency and accountability and improve performance and accessibility of services

  • Developing a pilot application or website using GenAI to provide Californians with streamlined access to government services organized by life event, such as disaster relief, starting a business, and finding a job

  • Expanding employee trainings on emerging technology, including AI

  • Publishing a data minimization toolkit for departments and agencies

5. Watermarking guidance

The Order directs CDT, in collaboration with GovOps, to issue guidance for departments and agencies to appropriately watermark AI-generated or significantly manipulated images or video, in accordance with industry best practices and consistent with the requirements of California Business & Professional Code §§ 22757.2 and 22757.3. This provision complements the California AI Transparency Act, which requires generative AI developers to ensure that content created using their tools includes provenance data and aligns with a growing number of jurisdictions that require GenAI providers to implement transparency measures.

What is the Order’s effect?

The Executive Order states that it “is not intended to, and does not, create any rights or benefits, substantive or procedural, enforceable at law or in equity, against the State of California, its agencies, departments, entities, officers, employees, or any other person.” The Order’s directives are addressed to state agencies and establish a framework for developing recommendations and guidance, rather than creating immediately binding obligations for private companies. However, as the recommendations mature and are incorporated into state contracting processes, companies seeking state contracts may face new attestation and disclosure requirements tied to the categories outlined in the Order.

How does this relate to California’s broader AI regulatory framework?

The Executive Order adds a procurement-oriented dimension to a body of California AI regulation that has grown substantially in recent years. The TFAIA, effective January 1, 2026, requires developers of large AI models to publish transparency frameworks, submit risk assessments, and report critical safety incidents. Other 2025 California enactments address a range of AI-related issues, from companion bot safety and AI-generated content transparency to algorithmic price fixing and the elimination of the “autonomous AI” defense in civil litigation. Executive Order N-5-26 complements these legislative measures by focusing on the state’s own contracting and procurement practices.

Key considerations for companies

Companies that contract with the State of California or are considering doing so should be aware of several implications arising from this Executive Order.

First, although the Order does not impose immediate new requirements on private companies, it kicks off a process that could result in new requirements within state contracting processes. Companies may wish to evaluate their policies and safeguards in the areas identified in the Order – particularly with respect to the prevention of illegal content exploitation, bias, and civil rights protections – to prepare for potential new requirements.

Second, California’s independent review mechanism for federal supply chain designations may be relevant to companies that have been or may be designated as supply chain risks at the federal level.

Third, the proposed reforms to contractor responsibility provisions, including suspension and ineligibility authorities, signal increased scrutiny of contractors’ records with respect to privacy and civil liberties. Companies with operations that implicate privacy, surveillance, or speech are encouraged to monitor developments in this area.

Finally, the Order indicates there may be new practices forthcoming for how state agencies and their contractors handle AI-generated content.

Given the pace of AI-related developments at the state and federal levels, companies are encouraged to monitor the recommendations and guidance that will emerge from the Executive Order’s implementation.

Find out more

DLA Piper’s team of AI lawyers, data scientists, and policy professionals helps organizations navigate the complex workings of their AI systems and comply with current and developing regulatory requirements. We continuously monitor updates and developments arising in AI and its impact on industry across the world.

For more information on AI and the emerging legal and regulatory standards, visit DLA Piper’s focus page on AI.

For further information or if you have any questions, please contact any of the authors.

Related insights

Publication

California delivers a new batch of AI-related legislation: Top points

14 October 2025

Publication

California law mandates increased developer transparency for large AI models

2 October 2025

Publication
Data cables

White House releases the National Policy Framework for Artificial Intelligence: Key points

23 March 2026

Print

Related capabilities

Regulatory and Government AffairsTechnologyArtificial Intelligence and Data Analytics