Newsom Orders California Agencies to Weigh AI Harms in State Contracting Rules

By Hector Herrera | April 12, 2026 | Government

California Governor Gavin Newsom signed an executive order directing state agencies to build AI harm standards directly into government contracting requirements. The order puts California—the largest state economy in the nation—in position to shape AI industry behavior at scale, arriving precisely as federal regulation stalls under the Trump administration's hands-off approach.

What Happened

The executive order, signed this week, instructs California state agencies to develop procurement standards that account for two specific AI risks: the generation of child sexual abuse material (CSAM) and violations of civil liberties. Any AI company seeking a state contract will need to demonstrate compliance with those standards.

This is not a bill. It does not require legislative approval. Newsom moved through executive authority alone, which means it takes effect faster and sidesteps the California legislature—a body that has spent the past two sessions debating and, in some cases, blocking aggressive AI regulation.

Context

California has been the most active state in the U.S. on AI policy, but it has also been inconsistent. Last year, the legislature passed SB 1047, a sweeping AI safety bill targeting developers of large foundation models. Newsom vetoed it, arguing the bill was too broad and would push AI startups out of California. The veto drew sharp criticism from safety advocates and set up a continuing tension between the governor's pro-industry stance and growing pressure to draw clear lines around AI risk.

This executive order represents Newsom threading that needle. It is targeted and procurement-specific—not a blanket regulatory framework. It does not tell companies how to build their AI systems. It tells them what they must prove if they want California's business.

That distinction matters because California's state government spends billions annually on technology contracts. Companies that want access to that revenue now face compliance requirements they don't face at the federal level.

Details

The order specifically names CSAM generation and civil liberties violations as the harm categories state agencies must address in contract standards. Those two areas are not random. CSAM has become a flashpoint as generative image and video models grow more capable, and federal law already criminalizes the material—making it a legally unambiguous starting point. Civil liberties concerns are broader: think facial recognition in public spaces, predictive policing systems, and benefits eligibility algorithms that produce discriminatory outcomes.

The order directs agencies to develop standards, meaning the specific requirements will be written by individual agencies in the months ahead. The executive order is the mandate; the standards are still being drafted.

Impact

For AI companies: If you sell software to California state agencies, you now have a compliance timeline. That applies to large enterprise vendors like Microsoft, Google, and Salesforce, but also to the AI startups that have built businesses on government contracts. The specific standards aren't public yet, but companies should begin assessing their systems against the two named harm categories now.

For other states: California's procurement standards will function as a de facto industry benchmark. When the nation's largest state economy sets contract requirements, vendors typically meet those requirements across their entire product line rather than building California-specific versions. Expect smaller states to reference California's standards when writing their own procurement rules.

For federal policy: The executive order is an implicit rebuke of the federal approach under the current administration, which has prioritized AI development over AI risk management. With no federal floor on AI safety in government contracting, states are writing their own. California's size gives it the leverage to move the industry even without Washington.

What to Watch

The timeline for agency-level standards is not yet set. Watch for individual California agencies—particularly Health and Human Services, Corrections, and Technology—to begin publishing draft standards over the next six to twelve months. Each agency's interpretation of "civil liberties violations" will vary, and the resulting standards will tell you how aggressive the governor is willing to go in practice versus in principle.

Also watch for industry response. The last time Newsom moved on AI regulation, tech lobbying was intense. Whether companies engage constructively or mount opposition will signal how seriously they're taking state-level procurement risk.

Hector Herrera covers government and AI policy for NexChron.