United States of America: California Consumer Privacy Act risk assessment regulations's deadline takes effect
Description
California Consumer Privacy Act risk assessment regulations's deadline takes effect
On 1 April 2028, businesses subject to the risk assessment provisions of the California Consumer Privacy Act (CCPA) regulations must submit to the California Privacy Protection Agency (CPPA) an attestation confirming that they have completed all required risk assessments, together with a summary of the assessment information. This submission fulfils the external reporting obligation and enables the Agency to exercise supervisory oversight of compliance with the risk assessment framework.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2023-08-28
under deliberation
2024-02-23
under deliberation
2024-11-22
in consultation
2025-01-14
processing consultation
2025-03-28
under deliberation
2025-05-09
under deliberation
2025-09-23
adopted
2026-01-01
in force