Commentary |

June 2026

Whistleblower Protections in SB 53: Strengths, Limitations, and Open Questions

Abra Ganz, Karl Koch

Executive Summary

SB 53 greatly improves the AI safety legislative landscape in California, but achieves only partial success in its whistleblowing protections. Its major success is that it significantly increases the number of safety-relevant issues that can be reported to authorities. In particular, employees can now blow the whistle when they believe frontier developers have not reported critical safety incidents or where large frontier developers have made materially false or misleading statements about, or are not complying with, their AI framework. Employees “responsible for assessing, managing, or addressing risk of critical safety incidents” will also be explicitly protected when blowing the whistle about catastrophic risks. SB 53 also requires large frontier developers to provide an anonymous internal reporting channel that a select group of employees can use to report catastrophic risks and that all employees can most likely¹ use to report a violation of the law (including of SB 53 itself).

Looking more deeply at the provisions of SB 53, however, we see a more mixed picture. An ideal AI whistleblower law would ensure that all reasonable risks could be reported; that all individuals capable of spotting such risks could report them without fear of retaliation; that any relevant individual could support government investigations without fear of retaliation; that authorities are equipped to investigate disclosures; and that real consequences exist for violations. SB 53 achieves each of these partially.

First, the responsibility for disclosing catastrophic risks is not placed onto companies, but instead on an unclearly-defined subset of employees. SB 53 does not require companies to report a specific and substantial danger to the public health or safety resulting from a catastrophic risk to the Office of Emergency Services (OES). Nor do evaluation providers receive any protection from retaliation, either for making reports or for participating in government investigations.

Second, while the definition of catastrophic risk is relatively broad and does not require a clear violation of the law, it is limited to specific types of catastrophic risk and harms only above a high threshold: fifty deaths or a billion dollars in damages.

Third, although SB 53 creates incentives for companies and insiders to report harm caused by AI, it is unclear what consequences these reports will entail. Company incident reports are sent to the OES, where they might not be accessible to the public, and whistleblower reports of catastrophic risk to California’s Attorney General (AG) or a federal authority. The OES lacks clear powers to compel companies to change their behavior, the AG has no clear mandate to intervene in the absence of a legal violation, and no federal authority has established jurisdiction over such risks.

Lastly, SB 53 does not adjust the penalties for violating whistleblower protections in California, which are meagre at $10,000 per violation — a far cry from the $1m violation cap for other SB 53 violations, and extremely little in the context of large frontier developers, defined as having gross revenue of over $500,000,000.

The next step is to ensure SB 53’s faithful implementation. State agencies must build the necessary expertise: the OES and the AG need access to specialised expertise to evaluate and respond to critical safety incidents and catastrophic AI risks. These agencies should collaborate closely to develop a comprehensive understanding of emerging threats and assess potential legal violations.

Background

SB 53’s whistleblower provisions are legally entwined with California’s pre-existing whistleblower framework, which they extend, and SB 53’s core transparency requirements, for which they serve as an enforcement mechanism.

CA Labor Code § 1102.5 is California’s general whistleblowing law, covering all industries and employees. It prohibits employers from retaliating against employees who disclose information, which they have reasonable cause to believe to be a violation of the law, to a government or law enforcement agency, or to a person with authority over the employee. These protections cover a wide range of potential violations. Nevertheless, California’s protections are narrower than some other states, such as New York, as they (i) only cover employees and do not extend to contractors and (ii) only protect disclosures of violations of the law, and do not protect employees from retaliation for disclosing a substantial and specific risk to public health and safety. This is particularly significant in the context of AI as frontier AI companies frequently rely on contractors for safety-relevant roles such as red-teaming and safety evaluations² and novel AI risks often do not constitute clear legal violations, making the ability to report risks to public health and safety essential for early intervention.

SB 53, or The Transparency in Frontier Artificial Intelligence Act, signed into law in September 2025, creates a transparency framework for the most powerful AI systems. The Act applies to “frontier developers”, defined as persons who have trained or initiated the training of AI models using extraordinary computing power (greater than 10²⁶ FLOPs) and imposes heightened obligations on “large frontier developers”, defined as frontier developers with over five hundred million dollars ($500,000,000) in annual revenue. As of 26th January 2026, the only publicly known frontier developers are xAI and OpenAI, while the only large frontier developer is OpenAI.³ Beyond whistleblower protections, outlined below, SB 53’s main contribution is introducing transparency requirements, spanning four key areas: i) Frontier AI Framework Requirements: Large frontier developers must publish annually-reviewed protocols for managing catastrophic risk; ii) Transparency Reporting Requirements: Developers must publish summary reports of features and risks, similar to existing model cards and system cards, before deploying new or substantially modified models; iii) Government Reporting Requirements: Frontier developers must report critical safety incidents to the OES within 15 days (or 24 hours if posing imminent risk of death or serious injury), with large developers also submitting quarterly risk assessment summaries; iv) Prohibition on materially false statements: Large frontier developers are prohibited from making materially false or misleading statements about catastrophic risks from their models or their management of such risks.

Crucially, these requirements are legally binding. As such, companies that fail to comply are in violation of California Law and hence whistleblower protections apply to any employee who reports them and are a critical oversight mechanism.

Policy Analysis

SB 53 extends pre-existing whistleblower protections to cover reporting catastrophic risks as well as legal violations, creates mandatory internal reporting channels, and enables employees to report critical compliance failures directly to authorities. Our analysis proceeds through four dimensions: personal scope, material scope, remedies, and channels. For each aspect of whistleblowing law, we discuss the advantages and limitations of SB 53’s provisions.

Personal Scope

Personal scope defines who can make a whistleblowing disclosure. Whistleblowing law is part of the California Labor Code and hence only governs employees whose employment contract is under California law. SB 53 creates a tiered protection structure: all employees receive protection when reporting violations of SB 53’s requirements; and a subset, ‘covered employees’, defined as those responsible for assessing, managing, or addressing risk of critical safety incidents, receive protection for reporting catastrophic risks that do not include a legal violation. The scope of ‘covered employee’ remains ambiguous, creating uncertainty about who falls into this protected group. Nevertheless, the breadth of the language suggests that most employees whose work relates to AI safety in some way are likely “covered”.

Advantages

Well-Informed Reports: One advantage of the limitation in scope is that those responsible for critical safety incidents are likely to also be the employees who are best placed to assess risks and hence to blow the whistle if their concerns are not addressed, resulting in better-informed reports

Limitations

Limited Employees Can Report Catastrophic Risks: SB 53 protects only “covered employees,” which it defines as employees who are “responsible for assessing, managing, or addressing risk of critical safety incidents.”

It is not clear which lab employees are “covered” and which are not under this definition. Interpreted broadly, it could include a substantial percentage of all lab employees, including e.g. any employee with any responsibility for information security. After all, the definition of critical safety incident includes “unauthorized access to… the model weights of a foundation model that results in… loss of property,” and any employee who works on information security is in some sense “responsible for… addressing risk of” unauthorized access to their employer’s sensitive data. Interpreted more narrowly, the definition could include only the members of a lab’s safety team, or only the members of the safety team specifically responsible for addressing catastrophic risks. This is an open question and may end up being decided in court.

A somewhat unusual consequence of this limitation in scope is that Chapter 25.1 is included under SB 53’s material scope (§ 1107.1.(a)(2)) only for employees responsible for critical safety incidents and not clearly all employees who are responsible for the various parts of Chapter 25.1.
Contractors Out of Scope: While other whistleblower protection regimes extend to protect non-employees who have a working relationship with the company (e.g. volunteers, board members, etc.), SB 53 and the California Labor Code do not. Frontier companies commonly hire contractors for longer-term engagements and important roles such as management, making this exclusion a particularly strong limitation in scope. That said, it could be possible to argue in court that contractors who work full-time for a single company on long-term contracts would count as employees.

Material Scope

Material Scope defines the subject matter that can form the content of a whistleblowing disclosure. SB 53’s key contribution is extending California’s whistleblower protections beyond legal violations by protecting covered employees from retaliation for reporting “a specific and substantial danger to the public health or safety resulting from a catastrophic risk” with “reasonable cause to believe” such danger exists (§ 1107.1(1)). To understand this scope, two definitions and their thresholds are essential: “critical safety incident” and “catastrophic risk.”

“Critical safety incident” means any of the following:

Unauthorized access to, modification of, or exfiltration of the model weights of a foundation model that results in death, bodily injury, or damage to, or loss of, property.
Harm resulting from the materialization of a catastrophic risk.
Loss of control of a foundation model causing death or bodily injury.
A foundation model that uses deceptive techniques against the frontier developer to subvert the controls or monitoring of its frontier developer outside of the context of an evaluation designed to elicit this behavior and in a manner that demonstrates materially increased catastrophic risk.

“Catastrophic risk” means a foreseeable and material risk that a frontier developer’s development, storage, use, or deployment of a foundation model will materially contribute to the death of, or serious injury to, more than 50 people or more than one billion dollars ($1,000,000,000) in damage to, or loss of, property arising from a single incident involving a foundation model doing any of the following:

Providing expert-level assistance in the creation or release of a chemical, biological, radiological, or nuclear weapon.
Engaging in conduct with no meaningful human oversight, intervention, or supervision that is either a cyberattack or, if committed by a human, would constitute the crime of murder, assault, extortion, or theft, including theft by false pretense.
Evading the control of its frontier developer or user.

The Act expressly excludes risks from the category of catastrophic risks: information generated by a model if it is already publicly available, lawful federal government activity, and situations where the model causes harm in combination with other software, but AI did not materially contribute to the harm. Thus ‘catastrophic risk’ in the Act only refers to CBRN and loss of control risks.

Advantages

All Employees Can Disclose Violations of SB 53. The whistleblower section of SB 53 asserts any employee’s right to receive protection against retaliation if they blow the whistle with reasonable cause to believe that any violation of law, including SB 53 itself, occurred (§§ 1102.5(b), 1107.1(j)(1). This includes, for example,
- Misleading Statements: As companies are prohibited from publishing materially false or misleading statements, developers who do so are in violation of state law. Given the California Labor Code, employees would thus be protected if they report such misleading statements to a government or law enforcement agency—for the first time ever allowing employees to correct statements made by companies on their frontier safety frameworks and incident reporting, albeit only to government authorities such as the Attorney General.
- Failure to Report Critical Safety Incidents: Frontier developers must disclose critical safety incidents within 15 days of an incident’s discovery (§ 22757.13.(c)). Employees would be protected in reporting such an incident if they had reasonable cause to believe that such a report wasn’t made.
- Failure to Report Critical Safety Incidents that pose an imminent risk of death or serious injury: Frontier developers must report an incident of this nature within 24 hours of discovery. Employees are protected for reporting failure to do so (and hence also for reporting the incident itself), if they have reasonable cause to believe that the company did not make a report. Employees will likely only be able to claim protections for reporting violations under this rule if harm from the incident has already materialized, with more harm being imminent. The only exception here is deception, where only an increase in catastrophic risk already requires an incident report, and hence reporting on imminent harm risk resulting from it.
- Failure to Comply with their Frontier AI Framework: This includes the failure to publish a justification in the event of a material modification to the frontier AI framework.
- Failure to publish their transparency report: This includes the failure to include all required information.
Catastrophic Risks can be Reported: As noted above, this is an important extension of California whistleblower law, which previously only covered reports of unlawful activity.
Reasonable Cause to Believe: Whistleblowers receive protection for reports that they reasonably believe to be true, ensuring that employees are encouraged to come forward with any concerns they may have, before those concerns materialise into concrete harms. This “reasonable cause to believe” standard is generally considered to be whistleblower-friendly and is consistent with pre-existing California whistleblower law.

Limitations

Lack of Certainty: SB 53 protects disclosures only if they relate either to a violation of law or a “specific and substantial danger to the public health or safety resulting from a catastrophic risk.” “Catastrophic risk” is a high and difficult-to-calculate bar to meet, and we worry that this requirement will have a chilling effect on potential whistleblowers. Particularly in the AI industry, where risks are novel and probabilistic, it is extremely difficult to determine the exact harm that can result from a risk. The phrasing of the Act also suggests that a risk of 49 deaths is insufficiently bad to raise a concern with the government if a large frontier developer is not addressing it. Additionally, the more-than-fifty-death threshold is unprecedented: it is not in line with risk-of-harm whistleblower legislation that exists in other states, such as New York, where existing whistleblower protections cover significant harm to even a single person.
Single Incident: The ‘single incident’ requirement in the definition of catastrophic risk (22757.11.(c)(1)) could significantly limit the scope of risks which can be reported. For example, if risk stemming from a single model were to threaten the deaths of hundreds, but through separate channels and at different times, those deaths might not arise from a “single incident,” and therefore the risk of such deaths might not be reportable as a catastrophic risk.
Limited Scope of Covered “Catastrophic Risks”: Not all significant risks of harm are covered under the ability to report catastrophic risks. In SB 53, “catastrophic risk” from an AI model does not cover any risk of a certain amount of harm caused by a model, but only particular types of risk: namely, risk that a frontier model will assist in creating a CBRN weapon, engage in a cyberattack or other crime autonomously, or escape human control. Any risk of a model committing a cyberattack, murder, or theft where it is directed to do so by a human is not covered under the Act, no matter how large the scale. In the same way, the definition of a critical safety incident is also limited to particular risk pathways (22757.11(d)).
Limited Ability to Warn of Risks: While the regulation requires the logging of all “critical safety incidents,” it does not create protections for whistleblowers who warn of the risk of critical safety incidents, even using internal channels. If the legislation had included protected internal channels for reporting risks of critical safety incidents, it could have incentivised the avoidance of incidents rather than only their reporting.

Remedies

SB 53 applies existing Labor Code remedies to its whistleblower provisions. This section examines the protections available to whistleblowers and deterrents against retaliation.

Advantages

Extends Labor Code Remedies to Reports of Public Safety Dangers from Catastrophic Risks: Covered employees who face retaliation for reporting a catastrophic risk are entitled to the remedies in the California Labor Code, including burden-of-proof reversal (§ 1107.1(g)) and injunctive relief (§ 1107.1(h)). The same is true for retaliation suits brought by any employee who reports a violation of SB 53 (§§ 1102.6 and 1102.61-2).
Incentivizes Internal Knowledge Sharing: Imminent critical safety incidents can be reported to the AG if the developer has not logged them with the OES within 24 hours. This thus incentivises sharing with employees the knowledge that risks have been reported to the OES in order to avoid over-zealous reporting to the California AG.

Limitations

Limited Scope: Whistleblower protections in SB 53, unlike in the EU’s whistleblower directive,⁴ do not extend to family members. Especially in the context of the Bay Area, where spouses often both work in the AI industry, this can strongly discourage potential whistleblowers and does not have clear benefits.
Inconsistent Belief Standards: SB 53 uses different standards for determining access to an internal reporting channel and protection from retaliation. Section 1107.1(e)(1) requires only that an internal report is made in “good faith,” but the anti-retaliation protection in 1107.1(a) requires that an employee have “reasonable cause to believe” that their disclosure involves a violation of law or a substantial danger. Thus, a covered employee who anonymously submits an internal report in good faith but cannot meet the “reasonable cause” standard has legitimately used the internal reporting channel but has no statutory retaliation claim under § 1107.1(a) if their anonymity is breached and they are retaliated against.
Limited Government Penalties: The California Labor Commissioner can impose fines of up to $10,000 for violations of the Labor Code, including whistleblower protections (§ 1102.5(f)(1)). Large frontier developers are defined as having a gross revenue of over five hundred million dollars, and hence will not be deterred by a $10,000 fine from retaliating against whistleblower or not complying with any other whistleblower regulation. However, deterrence could come from other means, like a retaliation suit by the whistleblower, who would be entitled to damages and injunctive relief.

Channels

Whistleblowing channels are the individuals, agencies, or offices to which a whistleblower disclosure can be made. SB 53 protects covered employees if they whistleblow “to the AG, a federal authority, a person with authority over the covered employee, or another covered employee who has authority to investigate, discover, or correct the reported issue” (§ 1107.1(a)). Additionally, SB 53 requires the creation of “a reasonable internal process through which a covered employee may anonymously disclose information to the large frontier developer if the covered employee believes in good faith that the information indicates that the large frontier developer’s activities present a specific and substantial danger to the public health or safety resulting from a catastrophic risk” or a violation of SB 53’s transparency obligations. Under the California Labor Code, any employee is protected if they whistleblow to “a government or law enforcement agency, to a person with authority over the employee or another employee who has the authority to investigate, discover, or correct the violation or noncompliance,” or “any public body conducting an investigation, hearing, or inquiry” (§ 1102.5(b)). California’s Labor Code also provides a whistleblower hotline, operated by the AG, intended to receive calls from whistleblowers. Following a report made to the hotline, the AG is directed to refer calls received on the hotline to the appropriate government authority for review and possible investigation.

Advantages

Choice of Internal or External Channels: In line with California Labor Code, whistleblowers have the freedom to choose internal or external channels to raise concerns.
Expert Internal Channel: SB 53 allows whistleblowers to approach persons responsible for critical safety incidents, which, if this is equivalent to a subset of the safety team, encourages employees to go to those who are best-placed to assess risks.
Anonymous Internal Channel: SB 53 requires large frontier developers to create internal channels for raising concerns and clearly prohibits retaliation against those who are qualified to use this channel. These channels have a number of important features:
- Most importantly, SB 53 necessitates mandatory updates to the frontier developer’s board every quarter of the disclosures and associated responses. This ensures that the board has an accurate overview of employees’ concerns and creates an oversight mechanism for the reporting channel itself.
- The channel must allow for anonymous reporting, which reduces the risk of retaliation and incentivizes internal reporting, allowing developers to solve the issue swiftly without the involvement of external parties.
- Finally, SB 53 requires that monthly updates be provided to the employee who made the disclosure. This reassures the employee that their concerns are being taken seriously and, if the developer’s response is insufficient, the employee can follow up on the issue, externally if necessary.
  
  Moreover, while SB 53 itself only asserts that covered employees are protected when using this channel, pre-existing California whistleblower law extends the scope of this protection to any employee who reports unlawful activities. Specifically, SB 53 only specifies that “covered employees” (i.e. those who are “responsible for assessing, managing, or addressing risk of critical safety incidents”) receive protections for using this “reasonable internal process” (§ 1107.1(e)(1)), § 1102.5 of California’s Labor Code specifies that any employee has protection when they report a risk to “another employee who has authority to investigate, discover, or correct the violation or noncompliance.” As an internal process for reporting violations necessarily goes to those who have the authority to discover violations, all employees should receive legal protection when using this channel to report violations of the law. However, whether all employees will have access to this internal channel remains to be seen.⁵
  
  Finally, we note that companies are likely to be able to de-anonymize internal whistleblower reports, especially if they prevent non-covered employees from accessing the reporting channel, thereby limiting the pool of potential whistleblowers. Companies are not explicitly barred from seeking out the identity of internal whistleblowers.

Federal Authority SB 53 protects disclosures to any “federal authority,” an undefined term that reads broadly on its face but may not include, for example, members of Congress.

Limitations

No Public Disclosure: Even in extreme circumstances where there may be imminent danger, public disclosure is not explicitly protected.
Separation of Channels: It is perhaps unusual that incident reports must be sent to the OES, but reports on catastrophic risks by whistleblowers cannot be sent to it. However, since OES is a government agency, any violation of law can be reported to it under pre-existing California whistleblower law.
Lack of Anonymity and Confidentiality in External Channels. While a reporting channel to the AG is mandated and reporting is also possible to the OES where there is a violation of law, these channels do not have any requirements for anonymity or confidentiality. Not only do anonymity and confidentiality guarantees protect whistleblowers, they help whistleblowers feel safe enough to come forward.
Lack of Clarity on Reasonable Internal Channel: SB 53 would be improved by a better-specified explanation of what is required for an internal channel to be “reasonable.” If an internal channel was owned by a company’s in-house legal team (whose duty would run to the company rather than to the whistleblower) or by an executive who could be the subject of a disclosure, whistleblowers could be deterred from disclosing.. Furthermore, SB 53 does not specify a confidentiality policy and process, although such specifications would improve whistleblowers’ confidence that their identity would not be revealed and incentivize legitimate disclosures.

Authors

“To mitigate the flaws in their systems, companies such as OpenAI, Google and Anthropic pay teams of employees and contractors to flag problematic responses and train the models to avoid them” (Washington Post [https://www.washingtonpost.com/technology/2023/08/08/ai-red-team-defcon/])

See more
Article 4 of the EU Directive 2019/1937 on the protection of persons who report breaches of Union law, provides protection against retaliatory measures taken to, among others, the relatives of the reporting person.

See more

For details see the section on reporting channels below

See more
According to Epoch AI [https://epoch.ai/data/ai-models], only three models pass 1026 FLOPS: Grok 3, Grok 4, and GPT 4.5.. OpenAI makes more than $500,000,000 in revenue according to Forbes [https://www.forbes.com/sites/the-prompt/2026/01/20/inside-openais-plan-to-make-money/], and, as of September 2025, xAI’s annualised revenue was estimated by EpochAI [https://epoch.ai/data/ai-companies] to be $428 million.

See more
If only those employees responsible for critical safety incidents have access to the anonymous internal channel, then the system will require a method for verifying that a given employee falls into this group if they wish to access this channel. This could potentially violate the anonymity requirement.

See more

Executive Summary

Background

Policy Analysis

Personal Scope

Advantages

Limitations

Material Scope

Advantages

Limitations

Remedies

Advantages

Limitations

Channels

Advantages

Limitations

Authors

Further reading

Advice and Consent for Major Governmental AI Deployments

US Tech Force: Why It Faces Major Challenges—and How It Can Succeed Anyway

xAI’s Trade Secrets Challenge and the Future of AI Transparency

xAI’s Challenge to California’s AI Training Data Transparency Law (AB2013)

Legal Obstacles to Implementation of the AI Executive Order

AI Preemption and “Generally Applicable” Laws

The Genesis Mission Executive Order: What It Does and How it Shapes the Future of AI-Enabled Scientific Research

Legal Issues Raised by the Proposed Executive Order on AI Preemption

Ten Highlights of the White House’s AI Action Plan

Two Byrd Rule Problems With the AI Moratorium

The AI Moratorium—the Blackburn Amendment and New Requirements for “Generally Applicable” Laws

The AI Moratorium—More Deobligation Issues

The AI Moratorium—Deobligation Issues, BEAD Funding, and Independent Enforcement

LawAI’s Comments on the Draft Report of the Joint California Policy Working Group on AI Frontier Models

Draft Report of the Joint California Policy Working Group on AI Frontier Models—Scoping and Definitions Comments

Draft Report of the Joint California Policy Working Group on AI Frontier Models—Whistleblower Protections Comments

Draft Report of the Joint California Policy Working Group on AI Frontier Models—Liability and Insurance Comments

Balancing Safety and Privacy: Regulatory Models for AI Misuse

Chips for Peace: How the U.S. and its Allies Can Lead on Safe and Beneficial AI

LawAI’s Thoughts on Proposed Updates to U.S. Federal Benefit-Cost Analysis