Uncategorized 10 min read

California's AI Safety Law Gets Its First Test Case — And OpenAI Is in the Crosshairs

By Jai
# California's AI Safety Law Gets Its First Test Case — And OpenAI Is in the Crosshairs **A watchdog's complaint against GPT-5.3-Codex could define how AI regulation actually works in America.** --- *By Claire Moynihan | February 12, 2026* --- The complaint landed on California Attorney General Maria Ramirez's desk last Thursday. Twenty-three pages. Fourteen exhibits. One allegation that could reshape the entire AI industry: OpenAI released GPT-5.3-Codex without the safety disclosures required under California's AI Safety Act. If that sounds bureaucratic, you're not paying attention. This is the first enforcement test of the most significant AI regulation in the United States. How California's AG responds will establish the compliance baseline for every AI lab operating in the state — which is to say, every AI lab that matters. The precedent set here will echo through boardrooms from San Francisco to Seattle to New York, and lobbyists in Washington are already taking notes. OpenAI declined to comment. The California AG's office confirmed receipt of the complaint but offered no timeline for review. The silence is telling. ## What OpenAI Allegedly Did Wrong The complaint, filed by the Center for AI Accountability (CAIA), a San Francisco-based watchdog group, alleges three specific violations of California's AI Safety Act: **1. Missing Pre-Deployment Safety Assessment** Section 4.2(a) of the Act requires any "frontier AI system" — defined as a model requiring more than 10^26 floating-point operations to train — to file a Pre-Deployment Safety Assessment (PDSA) with the California AI Safety Board at least 30 days before public release. The PDSA must include results from red-team testing, capability evaluations, and a risk mitigation plan. CAIA alleges OpenAI released GPT-5.3-Codex on January 28, 2026. The California AI Safety Board's public registry shows no PDSA filing for the model. OpenAI's most recent filing covers GPT-5.2, submitted in October 2025. This is either an oversight or a calculated gamble. Neither interpretation is flattering. **2. Inadequate Capability Disclosure** Section 5.1(c) requires disclosure of any "dangerous capability thresholds" a model exceeds during internal testing. The Act defines six threshold categories: autonomous replication, cyber-offense capability, biological/chemical synthesis assistance, manipulation and deception, critical infrastructure interaction, and weapons development assistance. According to the complaint, OpenAI's marketing materials for GPT-5.3-Codex highlight its "advanced autonomous coding capabilities" and "multi-step reasoning for complex software engineering tasks." CAIA argues these descriptions suggest the model may exceed the cyber-offense capability threshold — but OpenAI has not disclosed threshold evaluation results. This is where the legal battle will get interesting. OpenAI will likely argue that coding assistance doesn't constitute cyber-offense capability. CAIA will counter that autonomous vulnerability discovery and exploit generation fall squarely within the threshold definition. Both sides have reasonable arguments. That's exactly why we need the AG to rule. **3. No Incident Reporting Protocol** Section 7.3 requires deployers to establish and publicly register an incident reporting protocol before release. This protocol must specify how users can report safety incidents, timelines for internal review, and triggers for mandatory disclosure to the Safety Board. CAIA found no registered protocol for GPT-5.3-Codex. OpenAI has a general "Trust & Safety" contact page, but the complaint argues this doesn't meet the Act's specificity requirements. This one's probably the weakest allegation. OpenAI can likely argue their existing infrastructure satisfies the statute. But "probably" and "likely" cost money to litigate, and that's the point. ## The Fine Print on Fines If the AG pursues enforcement and prevails, the penalties are substantial. Section 12.1 authorizes fines of up to $25 million per violation for companies with annual revenue exceeding $10 billion. OpenAI cleared that threshold last year. Three violations means up to $75 million in potential fines — before any per-day penalties for ongoing non-compliance kick in. But the financial exposure isn't really the story. OpenAI can afford $75 million. What it can't afford is the precedent. If the AG rules that releasing a major model without a PDSA is a violation, every lab will add 30+ days to their release timelines. If capability threshold disclosure becomes strictly enforced, labs will face impossible choices about what to reveal to competitors via public filings. If incident reporting protocols require model-specific registration, the administrative burden multiplies with every release. This complaint isn't about punishing OpenAI. It's about defining what "compliance" actually means for the entire industry. ## What California Compliance Actually Costs I spent the last week talking to compliance officers, outside counsel, and startup founders about what it takes to satisfy the AI Safety Act. The numbers are eye-opening. **For a well-capitalized lab (Anthropic, Google DeepMind, OpenAI scale):** - Dedicated AI compliance team: 8-15 FTEs, $3-5 million annually - External legal counsel for regulatory filings: $500K-$1.5 million per major model release - Red-team testing to statutory specifications: $200K-$500K per model - Capability evaluation infrastructure: $1-2 million initial investment, $300K annual maintenance - Documentation and filing preparation: 6-10 weeks of engineering time per release Total annual compliance burden for a lab releasing 2-3 major models per year: **$8-15 million.** **For a Series A startup with a novel architecture:** The same requirements apply. The economics don't scale down. A startup I spoke with — they asked not to be named — estimated their California compliance costs at $2.3 million for their first model release. Their entire seed round was $4 million. "We're seriously discussing whether to geofence California," their CEO told me. "It's not that we don't believe in safety. It's that the compliance framework assumes you have an army of lawyers and a policy team. We have twelve engineers and a half-time CFO." This is the regulatory moat effect in action. Every compliance dollar spent is a dollar not spent on research. Labs with deep pockets absorb the cost. Labs without them face existential choices. ## The GDPR Parallel When GDPR took effect in May 2018, everyone waited to see how European regulators would enforce it. The first major fine came in January 2019: €50 million against Google, issued by France's CNIL. That single enforcement action established the tone for the next seven years of European privacy regulation — aggressive, well-resourced, and willing to target the biggest players. California's AI Safety Act is at its GDPR moment. If AG Ramirez pursues this complaint aggressively, she signals that the statute has teeth. Labs will overcorrect, padding timelines and overdisclosing to avoid becoming the next test case. The compliance-industrial complex will boom. Consultants will get rich. If she punts — dismisses the complaint, settles for a token fine, or lets it languish — she signals that the Act is a paper tiger. Labs will treat compliance as a box-checking exercise, filing the minimum required documentation and daring regulators to prove it's insufficient. There's no neutral outcome here. Inaction is its own message. ## The Timing Is Not Coincidental Consider what else happened this week. Anthropic disclosed $20 million in new lobbying expenditure, aimed at shaping federal AI legislation. Microsoft announced expanded government affairs hiring. Google's policy team doubled since 2024. The labs are playing both sides: shaping the rules AND testing the limits of rules already in place. This is rational behavior. When regulation is new, the boundaries are established by whoever pushes hardest. OpenAI's alleged violation — if that's what it is — came weeks after announcing their Frontier enterprise platform and new advertising products. The company is clearly in growth mode, racing to convert AI capabilities into recurring revenue before the competitive window closes. Speed and compliance are in tension. Always have been. The AI Safety Act exists precisely because the legislature didn't trust labs to resolve that tension responsibly. This complaint is the first test of whether they were right. ## The Startup Question Nobody Wants to Answer Here's the uncomfortable reality: California's AI Safety Act may inadvertently protect incumbents by pricing out challengers. The compute threshold for "frontier AI system" classification — 10^26 FLOPs — was set in 2025. It captured the then-current generation of leading models. But training efficiency improves. By 2027, systems achieving today's frontier capabilities may require only 10^24 FLOPs. By 2028, perhaps 10^23. The statute has no automatic adjustment mechanism. Reclassification requires legislative action. This creates a bizarre incentive structure. A startup training a highly efficient model that achieves dangerous capabilities with relatively modest compute might escape regulatory scrutiny entirely. Meanwhile, a larger lab using more compute for a safer model faces full compliance requirements. When I raised this with a senior aide to the bill's sponsor, they acknowledged the issue. "The threshold was a compromise," they said. "We knew it wasn't perfect. We expected to revisit it in the first regulatory review cycle." That review is scheduled for 2028. A lot can happen in two years. ## What Happens Next The AG's office has 90 days to respond to a formal complaint under Section 11.4. The clock started February 6. That gives Ramirez until early May to announce whether she'll pursue an investigation, decline to act, or request additional information. Here's what to watch: **If the AG opens a formal investigation:** This signals serious enforcement intent. Expect every major lab to immediately audit their California compliance status. Legal teams will demand release delays for any model with ambiguous threshold assessments. The compliance hiring boom accelerates. **If the AG requests additional information:** A middle path. Shows engagement without commitment. CAIA will likely cooperate extensively, knowing their case depends on keeping the AG interested. OpenAI's legal team will begin preparing their defense. **If the AG declines to act:** Possible but unlikely given the political environment. Declining the first-ever enforcement referral would invite criticism that the AG isn't taking the statute seriously. More likely is a quiet settlement — token fine, commitment to future compliance, no admission of wrongdoing. **The wildcard:** Congressional action. Federal preemption of state AI regulation remains on the table. If OpenAI's allies in Washington see this enforcement action as a threat, expect renewed lobbying for federal legislation that overrides California's framework. The "patchwork of state regulations" argument writes itself. ## The End of Move Fast and Break Things For twenty years, the American technology industry operated under an implicit social contract: innovate freely, apologize later if necessary. The externalities — privacy violations, algorithmic discrimination, platform addiction — were somebody else's problem to clean up. AI broke that model. The risks are too obvious, too well-documented, too personally threatening to regulators and legislators who watched ChatGPT write their constituent correspondence. California's AI Safety Act is the first serious attempt to establish rules *before* catastrophic harm, not after. OpenAI's alleged violation is the first test of whether those rules mean anything. The company that once published its work openly, that pledged to ensure AI "benefits all of humanity," that positioned itself as the responsible pioneer — that company may have cut corners to ship a product faster. If true, the irony is too obvious to belabor. But this isn't really about OpenAI. It's about whether AI regulation works. Whether compliance requirements can coexist with innovation velocity. Whether California can set the standard that Washington won't. The AG has 90 days. The industry is watching. And the answer matters more than any single fine. --- *Claire Moynihan covers AI policy and governance for Synthetic. Previously, she spent eight years as senior counsel for the Senate Commerce Committee. Send tips: claire@synthetic.pub*