---
title: "CCPA Applicability Test"
canonical_url: "https://www.sorena.io/artifacts/us/ccpa/applicability-test"
source_url: "https://www.sorena.io/artifacts/us/ccpa/applicability-test"
author: "Sorena AI"
description: "Test whether a business is in scope under the current California threshold model."
keywords:
  - "CCPA applicability test"
  - "CCPA thresholds"
  - "California privacy scope"
  - "CCPA business definition"
  - "CCPA"
  - "Applicability Test"
  - "California privacy"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# CCPA Applicability Test

Test whether a business is in scope under the current California threshold model.

*Applicability* *CCPA*

## California CCPA Applicability Test

Grounded in the California statute, CPPA regulations, and current California enforcement themes.

A defensible California scope memo should show both why the entity is a business and which threshold it meets, with calculations that can be rerun next year.

## Business status and threshold tests

The main California thresholds are more than 25 million dollars in annual gross revenue, buying, selling, or sharing the personal information of 100,000 or more consumers or households, or deriving 50 percent or more of annual revenue from selling or sharing personal information.

- Document which threshold is met and the evidence behind it
- Use the finance source and counting method consistently
- Measure consumers and households with a repeatable methodology
- Check whether affiliates or common branding affect the analysis

## Exemptions and data context

Even when the business is in scope, some data sets or regulated contexts may be exempt. Review exemptions carefully and write down exactly which data and workflows are carved out.

- Map exemptions by dataset and processing purpose
- Separate website tracking and marketing from sector specific exempt processing
- Record whether the organisation acts as a business, service provider, contractor, or third party in each flow
- Review whether employee or applicant data uses sit in a different California context

## Evidence and reassessment

Scope decisions should be updated on a calendar and after trigger events such as acquisitions, new adtech, major volume growth, or entry into sharing relationships.

- Keep a versioned scope register with approval history
- Recalculate thresholds at least annually and after material business change
- Link the scope memo to the data map and vendor inventory
- Escalate threshold edge cases to legal and finance together

*Recommended next step*

*Placement: after the applicability result*

## Turn California CCPA Applicability Test into an operational assessment

Assessment Autopilot can take California CCPA Applicability Test from deciding whether these obligations apply in practice to a reusable workflow inside Sorena. Teams working on California CCPA can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for California CCPA Applicability Test](/solutions/assessment.md): Start from California CCPA Applicability Test and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through California CCPA](/contact.md): Review your current process, evidence gaps, and next steps for California CCPA Applicability Test.

## Primary sources

- [CPPA regulations](https://cppa.ca.gov/regulations/?ref=sorena.io) - Official California regulations hub.
- [California privacy statute effective January 1, 2026](https://cppa.ca.gov/regulations/pdf/ccpa_statute_2026.pdf?ref=sorena.io) - Current statutory text as reflected in CPPA materials.
- [CPPA FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official California FAQ.
- [CPPA CCPA updates](https://cppa.ca.gov/ccpa_updates.html?ref=sorena.io) - Rulemaking and effective date updates.

## Related Topic Guides

- [CCPA Checklist | California Privacy Compliance Checklist](/artifacts/us/ccpa/checklist.md): Track the California controls that must actually exist in policy, product, and vendor operations.
- [CCPA Compliance Program | California Operating Model](/artifacts/us/ccpa/compliance.md): Build a California privacy programme that survives regulator questions and product change.
- [CCPA Consumer Rights Workflow | 45 Day Request Handling](/artifacts/us/ccpa/consumer-rights-workflow.md): Run California rights operations with clear timing, verification, and downstream instructions.
- [CCPA Deadlines and Compliance Calendar](/artifacts/us/ccpa/deadlines-and-compliance-calendar.md): Use the dates that actually shape California privacy work.
- [CCPA Enforcement and Penalties | CPPA and AG Exposure Guide](/artifacts/us/ccpa/enforcement-and-penalties.md): Understand how California enforcement usually starts and what evidence the agency will ask for.
- [CCPA FAQ | Practical California Privacy Answers](/artifacts/us/ccpa/faq.md): Answer the California privacy questions that usually stall implementation.
- [CCPA Penalties and Fines | California Exposure Summary](/artifacts/us/ccpa/penalties-and-fines.md): Know the penalty ranges, then work backward to the controls that reduce them.
- [CCPA Privacy Notices and Disclosures | California Notice Architecture](/artifacts/us/ccpa/privacy-notices-and-disclosures.md): Design the California notice stack so each disclosure appears in the right place and says the right thing.
- [CCPA Privacy Policy Template | Required California Disclosures](/artifacts/us/ccpa/ccpa-privacy-policy-template.md): Write a California privacy policy that actually matches the statute and regulations.
- [CCPA Requirements | California Control Requirements](/artifacts/us/ccpa/requirements.md): Translate California law into control statements that can be implemented, tested, and audited.
- [CCPA Scope and Thresholds | California Business Threshold Guide](/artifacts/us/ccpa/scope-and-thresholds.md): Use the real California threshold tests instead of rough privacy folklore.
- [CCPA Service Provider and Contractor Contracts](/artifacts/us/ccpa/service-provider-contractor-contracts.md): Draft California vendor contracts that work in practice, not only on paper.
- [CCPA vs CPRA | What Actually Changed in California Privacy](/artifacts/us/ccpa/ccpa-vs-cpra.md): A practical CCPA vs CPRA delta guide grounded in the current California statute, CPPA regulations, and official agency guidance.
- [CCPA vs GDPR | California and EU Privacy Comparison](/artifacts/us/ccpa/ccpa-vs-gdpr.md): Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable.
- [Do Not Sell or Share Implementation | CCPA and GPC Guide](/artifacts/us/ccpa/do-not-sell-share-implementation.md): Implement California opt out controls that actually work across websites, apps, and partner pipelines.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/us/ccpa/applicability-test