---
title: "CCPA Scope and Thresholds"
canonical_url: "https://www.sorena.io/artifacts/us/ccpa/scope-and-thresholds"
source_url: "https://www.sorena.io/artifacts/us/california-consumer-privacy-act/scope-and-thresholds"
author: "Sorena AI"
description: "Use the real California threshold tests instead of rough privacy folklore."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "CCPA scope and thresholds"
  - "CCPA 100000 consumers"
  - "CCPA 25 million revenue"
  - "California business threshold"
  - "CCPA"
  - "Scope and Thresholds"
  - "California privacy"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# CCPA Scope and Thresholds

Use the real California threshold tests instead of rough privacy folklore.

*Scope* *CCPA*

## California CCPA Scope and Thresholds

Grounded in the California statute, CPPA regulations, and current California enforcement themes.

California threshold analysis is one of the highest leverage steps in the whole programme. If it is wrong, notices, contract paper, and rights work will all be wrong too.

## The three core thresholds

A business may be in scope if it has annual gross revenues over 25 million dollars, buys, receives, sells, or shares the personal information of 100,000 or more consumers or households, or derives 50 percent or more of annual revenue from selling or sharing personal information.

- Use finance approved revenue figures and date the calculation
- Define the counting method for consumers and households and keep it stable
- Track where sale or sharing revenue is recognised and how it is measured
- Review whether affiliates or brand structures affect the business analysis

*Recommended next step*

*Placement: after the scope or definition section*

## Use California CCPA Scope and Thresholds as a cited research workflow

Research Copilot can take California CCPA Scope and Thresholds from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on California CCPA can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Research Copilot for California CCPA Scope and Thresholds](/solutions/research-copilot.md): Start from California CCPA Scope and Thresholds and answer scope, timing, and interpretation questions with cited outputs.
- [Talk through California CCPA](/contact.md): Review your current process, evidence gaps, and next steps for California CCPA Scope and Thresholds.

## Exemptions and carve outs

Even when the threshold is met, not every data set is treated the same. California exemptions can be sector specific, context specific, or limited to certain information uses.

- Map exemptions by law, dataset, and processing purpose
- Separate exempt regulated operations from website, marketing, or analytics activity
- Record where employee, applicant, or contractor information is subject to different handling rules
- Retest exemptions when the business expands into new channels or services

## How to keep the scope decision current

The threshold answer can change as a company grows, adds advertising relationships, or acquires another business.

- Review thresholds at least annually and after acquisitions or major growth
- Link the decision to your category map and rights volume assumptions
- Store calculations and source data used for the decision
- Escalate borderline cases to finance, privacy, and product together

## Primary sources

- [CPPA regulations](https://cppa.ca.gov/regulations/?ref=sorena.io) - Official California regulations hub.
- [California privacy statute effective January 1, 2026](https://cppa.ca.gov/regulations/pdf/ccpa_statute_2026.pdf?ref=sorena.io) - Current statutory text as reflected in CPPA materials.
- [CPPA FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official California FAQ.
- [CPPA CCPA updates](https://cppa.ca.gov/ccpa_updates.html?ref=sorena.io) - Rulemaking and effective date updates.

## Related Topic Guides

- [CCPA Applicability Test | California Scope Test](/artifacts/us/california-consumer-privacy-act/applicability-test.md): Test whether a business is in scope under the current California threshold model.
- [CCPA Checklist | California Privacy Compliance Checklist](/artifacts/us/california-consumer-privacy-act/checklist.md): Track the California controls that must actually exist in policy, product, and vendor operations.
- [CCPA Compliance Program | California Operating Model](/artifacts/us/california-consumer-privacy-act/compliance.md): Build a California privacy programme that survives regulator questions and product change.
- [CCPA Consumer Rights Workflow | 45 Day Request Handling](/artifacts/us/california-consumer-privacy-act/consumer-rights-workflow.md): Run California rights operations with clear timing, verification, and downstream instructions.
- [CCPA Deadlines and Compliance Calendar](/artifacts/us/california-consumer-privacy-act/deadlines-and-compliance-calendar.md): Use the dates that actually shape California privacy work.
- [CCPA Enforcement and Penalties | CPPA and AG Exposure Guide](/artifacts/us/california-consumer-privacy-act/enforcement-and-penalties.md): Understand how California enforcement usually starts and what evidence the agency will ask for.
- [CCPA FAQ | Practical California Privacy Answers](/artifacts/us/california-consumer-privacy-act/faq.md): Answer the California privacy questions that usually stall implementation.
- [CCPA Penalties and Fines | California Exposure Summary](/artifacts/us/california-consumer-privacy-act/penalties-and-fines.md): Know the penalty ranges, then work backward to the controls that reduce them.
- [CCPA Privacy Notices and Disclosures | California Notice Architecture](/artifacts/us/california-consumer-privacy-act/privacy-notices-and-disclosures.md): Design the California notice stack so each disclosure appears in the right place and says the right thing.
- [CCPA Privacy Policy Template | Required California Disclosures](/artifacts/us/california-consumer-privacy-act/ccpa-privacy-policy-template.md): Write a California privacy policy that actually matches the statute and regulations.
- [CCPA Requirements | California Control Requirements](/artifacts/us/california-consumer-privacy-act/requirements.md): Translate California law into control statements that can be implemented, tested, and audited.
- [CCPA Service Provider and Contractor Contracts](/artifacts/us/california-consumer-privacy-act/service-provider-contractor-contracts.md): Draft California vendor contracts that work in practice, not only on paper.
- [CCPA vs CPRA | What Actually Changed in California Privacy](/artifacts/us/california-consumer-privacy-act/ccpa-vs-cpra.md): A practical CCPA vs CPRA delta guide grounded in the current California statute, CPPA regulations, and official agency guidance.
- [CCPA vs GDPR | California and EU Privacy Comparison](/artifacts/us/california-consumer-privacy-act/ccpa-vs-gdpr.md): Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable.
- [Do Not Sell or Share Implementation | CCPA and GPC Guide](/artifacts/us/california-consumer-privacy-act/do-not-sell-share-implementation.md): Implement California opt out controls that actually work across websites, apps, and partner pipelines.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/us/california-consumer-privacy-act/scope-and-thresholds