California SB 813 Proposes Landmark Safe Harbor for AI Development Through Certification

Why SB 813 Matters
With SB 813, California introduces a first-in-the-nation framework that reduces regulatory uncertainty and encourages responsible AI innovation. In addition to fostering public-private cooperation over top-down mandates, the bill would provide legal protection for certified developers of artificial intelligence models and artificial intelligence applications.

Key Provisions of SB 813

• MRO Designation. Private organizations may apply to become MROs for renewable three-year terms, based on rigorous risk mitigation plans and independence from industry.
• Certification and Oversight. MROs will certify developers and security vendors, audit risk protocols, decertify noncompliant systems, and report annually to the Legislature and Attorney General.
• Legal Safe Harbor. MRO certification provides an affirmative defense in lawsuits involving personal injury or property damage—unless the harm resulted from intentional misconduct.
• High-Risk Focus. MRO plans must address high-impact risks, such as cybersecurity, CBRN (chemical, biological, radiological and nuclear) threats, malign persuasion, model autonomy and exfiltration.
• Health Care Recordkeeping Update. Extends client record retention requirements in the health care field from seven to 10 years for occupational therapy providers.
• Data Minimization. Uses aggregated meta data and data for certification and reporting purposes.

What’s Next?
SB 813 has cleared its initial committee hurdles and is now advancing through the Senate Judiciary and Appropriations committees, where economic impact and legal precedent will be under review. As interest intensifies, we expect:

• broader stakeholder input, including from insurers, technologists and civil rights groups;
• clarifications and amendments related to certification criteria and enforcement scope; and
• opportunities for public comment and pilot programs, particularly through the Attorney General’s Office or academic-industry coalitions.

For those interested, stakeholder engagement is recommended to assess how certification could impact both operations and risk exposure in California and beyond.

Implications for Developers, Investors and Certifying Bodies

• Strategic Certification. MRO certification could potentially serve not just as a compliance checkbox but as a strategic asset that delivers legal protection and reputational advantage.
• Litigation Defense. Stakeholders should asse whether SB 813 could allow developers to assert a clear affirmative defense tied to independent third-party certification—potentially reducing litigation risk and exposure.
• Stakeholder Participation. Organizations with technical, compliance or governance expertise may consider applying for MRO status or partnering with designated MROs.
• Global Alignment. SB 813 seeks to encourage harmonization with federal and international frameworks.

What Stakeholders Can Do

• Review Legal Strategy. Incorporate certification into legal defense planning, risk management protocols and insurance structuring.
• Assess Certification Readiness. Evaluate current AI risk protocols, red-teaming procedures, and transparency standards.
• Engage Early. Provide input on certification benchmarks or explore board and advisory roles with emerging MROs.
• Monitor the MRO Landscape. Stay current on which organizations are applying for MRO status and how standards evolve under the Attorney General’s criteria.

How Pillsbury Can Help
Pillsbury attorneys are advising companies across AI, energy, infrastructure, health and financial services on SB 813 and its implications. With deep roots in AI policy, governance, energy and environmental law, and long-standing relationships in Washington, DC, and state capitals, we are well-positioned to guide clients through the dynamic AI regulatory environment.