TL;DR: California’s new AI laws take effect on January 1, 2026 and require companion and healthcare-focused systems to prevent self-harm content, avoid misleading medical authority claims, and intervene in live conversations, according to Lakera. The shift is from policy intent to runtime control, where governance must hold up under user interaction, not just documentation.
NHIMG editorial — based on content published by Lakera: California’s AI Laws Are About to Meet Reality
Questions worth separating out
Q: How should security teams govern user-facing AI that can change tone in live conversations?
A: They should treat the conversation itself as a governed control surface.
Q: Why do companion chatbots create compliance risk even when they do not claim to be human?
A: Because users respond to tone, persistence, and conversational memory, not just explicit identity claims.
Q: What do security teams get wrong about AI systems that sound like clinicians?
A: They focus on whether the system explicitly says it is a doctor, but that is only part of the problem.
Practitioner guidance
- Define runtime response controls Map every user-facing AI flow to a response policy that can block, rewrite, or route outputs before they are delivered.
- Log intervention events Record when a guardrail fires, what condition triggered it, and what response the system took.
- Review implied-authority language Audit prompts, templates, and user interface copy for phrases, titles, or visual cues that could make AI outputs feel clinician-guided or human-authored.
What's in the full article
Lakera's full article covers the operational detail this post intentionally leaves for the source:
- The specific behaviour rules Lakera describes for self-harm prevention and companion chatbot disclosure.
- The practical enforcement model for stopping misleading medical-style outputs at runtime.
- The legal and operational implications of California’s January 1, 2026 timeline for teams serving California users.
- The executive-order context and why it does not change the immediate state-law implementation window.
👉 Read Lakera’s analysis of California’s AI laws and runtime guardrails →
California AI laws and runtime guardrails for user-facing systems?
Explore further
Runtime policy enforcement is becoming the real control plane for user-facing AI. California’s laws make it clear that governance is no longer judged by what teams wrote down before deployment. It is judged by whether the system changes behaviour when a user conversation crosses a safety or authority boundary. For IAM and NHI programmes, that is the same structural problem as any identity control that must act at runtime rather than at approval time.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: Who is accountable when an AI guardrail fails in production?
A: Accountability sits with the operator that deployed the system and the team responsible for its live control design. If the guardrail did not trigger, the issue is not just model behaviour, but governance failure. California’s approach makes that distinction sharper by focusing on observed system behaviour rather than written intent.
👉 Read our full editorial: California’s AI laws force runtime control of user-facing AI