United States of America: California Consumer Privacy Act cybersecurity audit compliance regulations become applicable to businesses with revenues above USD 100 million
Description
California Consumer Privacy Act cybersecurity audit compliance regulations become applicable to businesses with revenues above USD 100 million
On 1 April 2028, businesses with annual gross revenues exceeding USD 100 million reach the first compliance deadline under the California Consumer Privacy Act (CCPA) cybersecurity audit regulations and must submit certifications to the California Pr…
Scope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2023-08-28
under deliberation
2024-11-22
in consultation
2025-01-14
processing consultation
2025-03-28
under deliberation
2025-05-09
under deliberation
2025-09-23
adopted
2026-01-01
in grace period
2028-04-01
in force
2029-04-01
in force