California Internet Bills: Legislature Holds Hearings on SB 1142 and AB 2169

Sacramento has long served as the de facto laboratory for global technology regulation, but the hearings convened on April 21, 2026, represent a fundamental shift in the state’s approach to the digital frontier. As the California Senate Committee on Judiciary and the Assembly Committee on Privacy and Consumer Protection met to debate SB 1142 (the Digital Dignity Act) and AB 2169 (the Digital Choice Act), the atmosphere was one of high-stakes legal and technical brinkmanship. These California internet bills are not merely local regulatory adjustments; they are aggressive attempts to redefine the boundaries of user likeness, platform interoperability, and the very architecture of the modern internet.

The legislative package arrives at a time of extreme volatility in the tech sector. With the explosion of generative AI (GenAI) and the tightening grip of a few “gatekeeper” platforms, California lawmakers argue that the current legal framework is insufficient to protect the “digital souls” of 40 million residents. However, the tech industry, led by the Computer & Communications Industry Association (CCIA) and other advocacy groups, warns that Sacramento may be building a “Trojan Horse” for mass censorship and unprecedented cybersecurity vulnerabilities.

SB 1142 and the “Digital Replica” Dilemma

At the heart of the California internet bills debate is SB 1142, the Digital Dignity Act. Introduced by Senator Josh Becker, the bill seeks to provide Californians with a “right of revocation” over their digital likeness. Technically, the bill defines a “digital replica” as a highly realistic computer-generated representation of an individual’s voice, face, or body—often referred to in common parlance as a “deepfake.”

During the April 21 hearing, proponents like the Transparency Coalition described the current environment as a “digital haunting.” They argued that victims of nonconsensual digital likeness abuse—ranging from AI-generated intimate imagery to fraudulent financial endorsements—currently face a “legal no-man’s land.” Under SB 1142, a large online platform that provides GenAI tools would be legally mandated to implement a mechanism for users to revoke access to any digital replica of themselves created by others on that platform.

The 48-Hour Takedown Regime

The most controversial technical provision of SB 1142 is its strict notice-and-takedown framework. Unlike the federal Digital Millennium Copyright Act (DMCA), which includes a “counter-notice” provision and certain safe harbors, SB 1142 proposes a 48-hour window for platforms to remove flagged content. Crucially, this removal would be required without a prior judicial determination of illegality.

Critics argue this creates a “censorship by default” mechanism. For platforms hosting millions of pieces of content, the liability risk of failing to remove a reported image within 48 hours is so high that automated filters will likely be set to “over-remove.” This poses a direct threat to:

• Political Satire: AI-generated parodies of public figures could be scrubbed under the guise of “unauthorized replicas.”
• Investigative Journalism: News organizations using deepfake technology to demonstrate security flaws or report on disinformation campaigns might find their content vanished.
• Fair Use: The bill lacks the nuanced “transformative use” protections found in traditional intellectual property law.

AB 2169: The High Cost of Interoperability

While SB 1142 focuses on content, AB 2169 (the Digital Choice Act), introduced by Assemblymember Josh Lowenthal, takes aim at market dominance through mandatory interoperability. The bill’s premise is simple: users should be able to move their “digital lives” between platforms as easily as they port a phone number. However, the technical implementation of this goal is fraught with complexity.

AB 2169 requires social media companies and AI “model operators” to implement a “third-party-accessible interoperability interface.” This interface must allow users to share their “social graph” (connections, followers, and interaction history) and “contextual data” (AI chat histories, prompts, and model-generated inferences) directly with competing services. The bill mandates that platforms respond to these data transfer requests within five business days.

The Security “Trilemma”

The tech industry’s opposition to AB 2169 centers on the “Mobile Trilemma”—the inherent trade-off between innovation, privacy, and security. By forcing companies to create “open doors” for third-party access, AB 2169 effectively creates new vectors for cyberattacks. Technical experts have highlighted several specific risks:

1. Shadow API Exploitation: Mandatory interoperability interfaces can be targeted by “scraping” bots that mimic legitimate user requests to harvest massive datasets.
2. Data Sovereignty Loss: Once data is transferred to a third-party app with inferior security standards, the original platform loses the ability to protect that user’s information, yet the user may still hold the original platform liable for the breach.
3. Contextual Data Sensitivity: AB 2169 goes further than the EU’s Digital Markets Act (DMA) by including “AI-generated inferences.” These are predictions a model makes about a user based on their behavior. Sharing these inferences could expose highly private psychological profiles to third-party actors.

Constitutional Friction: The Ghost of AB 587

The hearings on these California internet bills do not exist in a vacuum. Lawmakers are navigating a landscape shaped by recent legal setbacks, most notably the litigation surrounding AB 587, California’s 2022 content moderation transparency law. In late 2024 and early 2025, the U.S. Court of Appeals for the Ninth Circuit issued significant rulings in X Corp. v. Bonta, suggesting that the government cannot compel platforms to disclose their editorial standards in ways that “chill” protected speech.

CCIA’s formal opposition on April 21 leaned heavily on these precedents. The association argued that both SB 1142 and AB 2169 infringe upon a platform’s First Amendment right to editorial discretion. By mandating the removal of content (SB 1142) or the sharing of social graphs (AB 2169), the state is effectively “compelling speech” and dictating how private entities must curate their digital environments. Furthermore, industry lawyers suggest that these bills are preempted by Section 230 of the Communications Decency Act, which generally protects platforms from liability for the content they host or the moderation decisions they make.

The Technical Reality: Security vs. Sovereignty

From a technical standpoint, the “Digital Choice” mandated by AB 2169 requires a level of standardization that does not currently exist. Different AI models use vastly different data architectures. Forcing “contextual data” to be portable between, for instance, a large language model (LLM) like OpenAI’s GPT-5 and a smaller, specialized medical AI would require a radical “flattening” of data structures. This could stifle innovation by forcing developers to build for the “lowest common denominator” of compatibility rather than pushing the boundaries of model-specific optimizations.

Strong data security relies on “least-privilege access,” where only the minimum necessary data is exposed. AB 2169’s mandate for “third-party-accessible” interfaces is the antithesis of this principle. Security researchers at the hearing noted that without a mechanism to verify the security “hygiene” of the receiving third party, AB 2169 could facilitate the largest legal data exfiltration event in history.

Conclusion: Setting a National Precedent

The outcome of the April 21 hearings will determine the trajectory of internet law in the United States for the next decade. If the California internet bills pass in their current form, Sacramento will have successfully exported a “Brussels-style” regulatory regime to the heart of Silicon Valley. This would likely lead to a fragmented national landscape where other states follow suit with their own idiosyncratic “Digital Choice” or “Digital Dignity” acts, creating a compliance nightmare for small and mid-sized tech firms.

However, the constitutional risks are real. If the Ninth Circuit or the Supreme Court ultimately strikes down these laws, it could result in a permanent weakening of the state’s power to regulate the digital economy. For now, the California Legislature stands at a crossroads: attempt to protect the “dignity” and “choice” of its citizens through aggressive mandates, or risk creating a digital environment that is less secure, more censored, and legally unworkable. As the Ninja Editor observes, the “Digital Dignity” of one Californian might just be the “Digital Censorship” of another.

The committees are expected to vote on the bills in the coming weeks. Until then, the tech world watches Sacramento, knowing that the code written in the State Capitol may soon be as influential as the code written in the campuses of Menlo Park and Mountain View.