California Issues Executive Order on Procurement, Imposing New AI-Related Certification and Compliance Requirements on State Contractors

On March 30, 2026, California Governor Gavin Newsom issued Executive Order N-5-26 (the California Order), establishing new requirements for companies seeking to do business with the State of California in connection with artificial intelligence (AI) technologies.[1]

The California Order directs California’s Department of General Services (DGS) and Department of Technology (CDT) to develop new certifications that may be incorporated into state contracting processes as explained in detail below.[2] The California Order also directs additional state agencies to review federal procurement designations, reform contractor responsibility provisions, expand employee access to generative AI tools, and issue guidance on watermarking AI-generated content.[3]

The California Order arrives at a moment of significant tension between state and federal approaches to AI governance. On December 11, 2025, President Trump issued an executive order (the Federal Order) declaring a national policy of “minimally burdensome” AI regulation and establishing mechanisms to challenge and preempt state AI laws that, in the Administration’s view, “stymie innovation.”[4] The Federal Order directed the Secretary of Commerce to identify “onerous” state AI laws that conflict with the federal policy. The Federal Order also tied eligibility for certain federal funding programs to states’ compliance with the federal AI policy framework.[5]

This tension means that companies who currently do business with the State of California—or that may seek to do so in the future—should begin preparing now for the new certification and compliance obligations that the California Order is expected to produce, but also be aware that the federal government may take a skeptical view of the new requirements. In practice, the California Order will likely require companies that contract with the state to demonstrate that they have policies in place to prevent AI distribution of child sexual abuse material or non-consensual pornography, safeguard against harmful or unlawful AI uses, watermark AI-generated content, and vet AI vendors for security and privacy risks.[6]

I. New Obligations and Potential Conflict

The California Order’s most significant provisions fall into three categories: (1) new AI certification requirements for state contractors; (2) review of federal supply chain risk designations; and (3) reforms to contractor responsibility and suspension provisions.

A. New Certification Requirements (Section 1)

Section 1 of the California Order directs DGS and CDT to submit recommendations to the Governor for “new certifications that may be incorporated into state contracting processes[.]”[7] The Order identifies three specific areas that certifications must address:

• Illegal content. This includes “child sexual abuse material and non-consensual intimate imagery.”[8]
• Harmful Bias. This includes the “[u]tilization of models that display harmful bias or lack governance to reduce the risk of such harmful bias.”[9]
• Civil Rights and Liberties. This includes violations of rights such as “free speech, voting, human autonomy, and protections against unlawful discrimination, detention, and surveillance.”[10]

While the first of these categories is substantially aligned with the Federal Order, the second one may clash with the Trump Administration’s opposition to what it has characterized as ideologically motivated algorithmic bias requirements.[11] The Federal Order specifically cited Colorado’s law banning “algorithmic discrimination” as an example of a state law that “may even force AI models to produce false results in order to avoid a ‘differential treatment or impact’ on protected groups.”[12] While the California Order frames its bias concerns in terms of governance and safeguards rather than mandating specific model outputs, companies will face difficult questions about how to certify bias-mitigation governance that satisfies California’s requirements while avoiding practices that the federal government may scrutinize as “embed[ded] ideological bias.”[13] 

California’s requirement that contractors certify policies regarding “protections against unlawful discrimination” may similarly create tension with the federal government’s broader concerns about anti-discrimination requirements in the AI context.[14] The Trump Administration has framed certain state anti-discrimination mandates as forms of compelled ideological bias, and the Federal Order’s directive to identify state laws that “require AI models to alter their truthful outputs” could be read to encompass certain anti-discrimination safeguards.[15] Companies will need to carefully calibrate their AI governance frameworks to comply with California’s civil rights certification requirements without running afoul of federal policy preferences. 

B. Review of Federal Supply Chain Risk Designations (Section 2)

Section 2 directs CDT’s Chief Information Security Officer (CISO) to review “any new designations of companies as supply chain risks by the federal government.”[16] If the CISO determines a supply chain risk label to be “improper,” then departments and agencies may continue to procure from that vendor.[17]  So, a company determined to be a supply chain risk under the federal government’s assessment could theoretically continue to seek procurement contracts in California, positioning the state as a viable contracting alternative, subject to legal challenges given the federal government’s determination.[18] 

C. Contractor Responsibility Reforms (Section 3)

Section 3 directs the Government Operations Agency (GovOps), in consultation with DGS and CDT, to submit recommendations on suspension and ineligibility of contractors to “ensure state entities do not contract with entities judicially determined to have unlawfully undermined privacy or civil liberties.”[19]  The enumerated examples include freedom of speech, voting, and protection from unlawful discrimination and surveillance.[20]

As with Section 1, Section 3 may cause tension with federal guidance, particularly in circumstances where GovOps finds a company out of compliance with anti-discrimination protections due to conduct that the federal administration views as compliant with federal law.[21]

D. Additional Provisions (Sections 4–5)

The California Order also includes several provisions directed primarily at state agencies and employees, which may have indirect implications for contractors, including requiring the agencies to (i) facilitate state employee access to approved tools, (ii) publish a toolkit for data minimization, and (iii) issue guidance on watermarking AI-generated or significantly manipulated output. While not squarely contradictory to federal guidance, these requirements may be challenged as “onerous” under the Federal Order.[22]

II. Key Takeaways

Companies that currently contract with the State of California—or that anticipate doing so—should consider taking steps now to account for this new development, including the following: (i) conduct a privileged inventory of AI tools and practices; (ii) prepare for certification compliance ahead of DGS and CDT recommendations (expected July 2026); (iii) assess whether bias-mitigation and anti-discrimination governance frameworks satisfy California’s procurement requirements while minimizing the risk of federal scrutiny; and (iv) monitor regulatory and litigation developments that may impact the future of California Executive Order N-5-26.

[1] Executive Order N-5-26, Trusted AI Procurement, Cal. Exec. Order No. N-5-26 (Mar. 30, 2026).

[2] Id. § 1.

[3] Id. §§ 2–5.  

[4] Exec. Order No. 14,179, Ensuring a National Policy Framework for Artificial Intelligence (Dec. 11, 2025).

[5] Id. § 5.

[6] Cal. Exec. Order No. N-5-26 §§ 1-5.

[7] Cal. Exec. Order No. N-5-26 § 1.

[8] Id. § 1(a).

[9] Id. § 1(b).

[10] Id. § 1(c).

[11] Id. § 1(b).

[12] Exec. Order No. 14,179 § 1.

[13] Id.

[14] Cal. Exec. Order No. N-5-26 § 1(c).

[15] Exec. Order No. 14,179 § 4.

[16] Cal. Exec. Order No. N-5-26 § 2.

[17] Id.

[18] Id.

[19] Id. § 3.

[20] Id.

[21] Exec. Order No. 14,179 § 4.

[22] Id.