---
title: "CPRA Deadlines and Compliance Calendar"
canonical_url: "https://www.sorena.io/artifacts/us/cpra/deadlines-and-compliance-calendar"
source_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar"
author: "Sorena AI"
description: "Use the dates that matter for the current California privacy regime."
published_at: "2026-02-22"
updated_at: "2026-02-22"
keywords:
  - "CPRA deadlines"
  - "CPRA calendar"
  - "California privacy timeline 2026"
  - "CPPA deadlines"
  - "CPRA"
  - "Deadlines and Compliance Calendar"
  - "California privacy"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# CPRA Deadlines and Compliance Calendar

Use the dates that matter for the current California privacy regime.

*Calendar* *CPRA*

## California CPRA Deadlines and Compliance Calendar

Grounded in the California statute, CPPA regulations, and the 2026 California rule changes.

A good California privacy calendar keeps older commencement dates in view but also surfaces the first real operational deadlines created by the 2026 rules.

## Core regime dates

CPRA changes became operative on January 1, 2023 and CPPA administrative enforcement began on July 1, 2023. A later California rule package became effective on January 1, 2026 and now shapes the live baseline.

- January 1, 2023: CPRA changes operative
- July 1, 2023: CPPA enforcement begins
- January 1, 2026: updated California regulations effective
- January 1, 2026: DROP launches for registered data brokers

## Recurring and future deadlines

Consumer request timing remains central, but the newer California rules add transitional and recurring dates for risk assessments, cybersecurity audits, and data broker duties where applicable.

- 45 days for most consumer rights responses, with one 45 day extension where justified
- At least 24 months of request records and related programme evidence
- December 31, 2027: transitional deadline identified in current materials for certain ongoing risk assessments
- April 1, 2028: first risk assessment information submission deadline for 2026 and 2027 assessments

*Recommended next step*

*Placement: after the timeline or milestone section*

## Turn California CPRA Deadlines and Compliance Calendar into an operational assessment

Assessment Autopilot can take California CPRA Deadlines and Compliance Calendar from planning deadlines, owners, and milestones from this page to a reusable workflow inside Sorena. Teams working on California CPRA can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for California CPRA Deadlines and Compliance Calendar](/solutions/assessment.md): Start from California CPRA Deadlines and Compliance Calendar and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through California CPRA](/contact.md): Review your current process, evidence gaps, and next steps for California CPRA Deadlines and Compliance Calendar.

## Planning dates for larger businesses

Current California materials also point to phased first cybersecurity audit deadlines tied to revenue size. Larger businesses should build those dates into the governance calendar before the threshold year closes.

- April 1, 2028: first audit report deadline for businesses above 100 million dollars in 2026 revenue
- April 1, 2029: first audit report deadline for businesses between 50 million and 100 million dollars in 2027 revenue
- Annual January data broker registration cycle where the business qualifies as a data broker
- Annual rule and notice review each Q1 so California disclosures stay current

## Primary sources

- [CPPA regulations](https://cppa.ca.gov/regulations/?ref=sorena.io) - Official California regulations hub.
- [California privacy statute effective January 1, 2026](https://cppa.ca.gov/regulations/pdf/ccpa_statute_2026.pdf?ref=sorena.io) - Current statutory text as reflected in CPPA materials.
- [CPPA FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official California FAQ.
- [CPPA CCPA updates](https://cppa.ca.gov/ccpa_updates.html?ref=sorena.io) - Rulemaking and effective date updates.

## Related Topic Guides

- [CPPA Regulations Tracker | California Rulemaking Tracker](/artifacts/us/california-privacy-rights-act/cppa-regulations-tracker.md): Track the California rules that changed the operating baseline in 2026 and the related regulator outputs.
- [CPRA Applicability Test | California Scope and Trigger Guide](/artifacts/us/california-privacy-rights-act/applicability-test.md): Confirm California scope and then identify which CPRA specific obligations activate.
- [CPRA Checklist | California Privacy Rights Act Checklist](/artifacts/us/california-privacy-rights-act/checklist.md): Track the California privacy workstreams that changed under CPRA and the 2026 rules.
- [CPRA Compliance Program | California Operating Model](/artifacts/us/california-privacy-rights-act/compliance.md): Run a California programme that can absorb ongoing CPPA rules without constant redesign.
- [CPRA Consumer Rights Workflow | California Rights Operations](/artifacts/us/california-privacy-rights-act/consumer-rights-workflow.md): Run California rights operations across delete, correct, know, opt out, and limit.
- [CPRA Contracts, Contractors, and Service Providers](/artifacts/us/california-privacy-rights-act/contracts-contractors-and-service-providers.md): Draft California recipient contracts that support both baseline CPRA compliance and the newer assurance obligations.
- [CPRA FAQ | Practical California Privacy Rights Answers](/artifacts/us/california-privacy-rights-act/faq.md): Answer the California questions that stall CPRA implementation decisions.
- [CPRA Penalties and Fines | California Enforcement Exposure](/artifacts/us/california-privacy-rights-act/penalties-and-fines.md): Understand what makes California exposure larger, faster, and harder to defend.
- [CPRA Requirements | California Control Requirements](/artifacts/us/california-privacy-rights-act/requirements.md): Translate the current California regime into control statements that teams can build and test.
- [CPRA Risk Assessment Template | California Risk Assessment Guide](/artifacts/us/california-privacy-rights-act/cpra-risk-assessment-template.md): Use a California specific template that matches the current rule structure instead of a generic DPIA form.
- [CPRA Risk Assessments and Cybersecurity Audits | California Assurance Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-and-cybersecurity-audits.md): Prepare for the California assurance duties that now have real structure, timing, and evidence requirements.
- [CPRA Sensitive Personal Information | California SPI Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information.md): Handle SPI with the level of design and evidence the California rules now expect.
- [CPRA vs CCPA | What Actually Changed in California Privacy](/artifacts/us/california-privacy-rights-act/ccpa-vs-cpra.md): A practical CPRA vs CCPA delta guide grounded in the current California statute, CPPA regulations, Proposition 24, and official agency guidance.
- [CPRA vs Colorado Privacy Act | State Privacy Comparison](/artifacts/us/california-privacy-rights-act/cpra-vs-colorado-privacy-act.md): Compare the California and Colorado models before reusing a state privacy template across both.
- [CPRA vs Virginia VCDPA | State Privacy Comparison](/artifacts/us/california-privacy-rights-act/cpra-vs-virginia-vcdpa.md): Compare California and Virginia privacy models before reusing contracts or request flows across both.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar