Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

California, United States

Information privacy: connected devices

CybersecurityIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

California requires manufacturers of connected devices sold in the state to equip those devices with reasonable security features suited to the device and the data it handles. It affects IoT manufacturers and is aimed at reducing unauthorized access to devices and the information they collect, transmit, or store.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: Introduced -> Signed -> In Effect
  1. 1

    Feb 13, 2017

    Introduced

    California SB 327 was introduced to require reasonable security features for connected devices.

  2. 2

    Sep 28, 2018

    Signed

    The governor signed California's connected-device security law.

  3. 3

    Jan 1, 2020

    In Effect

    Manufacturers selling connected devices in California became subject to the reasonable-security requirement.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

California, United States

California AI Transparency Act

AI RegulationIn Effect

California requires covered generative AI providers to give users clear provenance disclosures when AI-generated or AI-altered content is created or presented. It affects providers and some licensees of large generative AI systems and gives the Attorney General and local public lawyers a civil-enforcement path.

Effective
Jan 1, 2026
View detail

California, United States

Generative artificial intelligence: training data transparency

AI RegulationIn Effect

California requires developers of generative AI systems made available to Californians to publish documentation about the data used to train those systems. It affects developers releasing public-facing generative AI systems or major modifications and is meant to improve transparency around dataset sources and composition.

Effective
Jan 1, 2026
View detail

California, United States

California Age-Appropriate Design Code Act

Age VerificationPassed

California created child-focused design and privacy duties for online services likely to be accessed by minors, including high-privacy defaults, data protection impact assessments, and limits on harmful profiling or nudging. It affects businesses offering online products, services, or features to children in California, even though enforcement has been tied up in litigation.

Effective
Jul 1, 2024
View detail