--- title: "CPPA Regulations Tracker" canonical_url: "https://www.sorena.io/artifacts/us/cpra/cppa-regulations-tracker" source_url: "https://www.sorena.io/artifacts/us/cpra/cppa-regulations-tracker" author: "Sorena AI" description: "Track the California rules that changed the operating baseline in 2026 and the related regulator outputs." keywords: - "CPPA regulations tracker" - "California privacy rulemaking" - "CPRA regulations 2026" - "CPPA updates" - "CPRA" - "California privacy" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # CPPA Regulations Tracker Track the California rules that changed the operating baseline in 2026 and the related regulator outputs. *Rulemaking* *CPRA* ## California CPRA CPPA Regulations Tracker Grounded in the California statute, CPPA regulations, and the 2026 California rule changes. The California rulemaking story now spans more than one wave of regulations. The tracker should show what is already effective, what has a future deadline, and what still needs monitoring. ## Already effective rule milestones The first major CPPA regulations took effect in 2023. A later package of California rules became effective on January 1, 2026 and now shapes the current baseline for many programmes. - January 1, 2023: CPRA changes operative - July 1, 2023: CPPA administrative enforcement begins - January 1, 2026: updated California regulations become effective - Tag each effective rule to the notices, rights, contracts, or assurance controls it changes ## High impact 2026 areas The highest impact current areas are cybersecurity audits, risk assessments, ADMT related rules, and California data broker developments including the DROP platform launched on January 1, 2026. - Track whether the business meets the conditions for annual cybersecurity audit duties - Track whether any processing requires a risk assessment before initiation - Watch ADMT related obligations where automated decision tools are used - Track data broker registration and DROP obligations if the model fits ## How to use the tracker The tracker should feed engineering, legal, and procurement backlogs. If it only lists dates without showing affected controls, it will not change implementation quality. - Map each rule update to a specific owner and delivery item - Review the CPPA updates page and OAL records regularly - Keep evidence of when each internal template was updated to the new rule - Use the tracker as the calendar source for California governance reviews *Recommended next step* *Placement: near the end of the main content before related guides* ## Use California CPRA CPPA Regulations Tracker as a cited research workflow Research Copilot can take California CPRA CPPA Regulations Tracker from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on California CPRA can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open Research Copilot for California CPRA CPPA Regulations Tracker](/solutions/research-copilot.md): Start from California CPRA CPPA Regulations Tracker and answer scope, timing, and interpretation questions with cited outputs. - [Talk through California CPRA](/contact.md): Review your current process, evidence gaps, and next steps for California CPRA CPPA Regulations Tracker. ## Primary sources - [CPPA regulations](https://cppa.ca.gov/regulations/?ref=sorena.io) - Official California regulations hub. - [California privacy statute effective January 1, 2026](https://cppa.ca.gov/regulations/pdf/ccpa_statute_2026.pdf?ref=sorena.io) - Current statutory text as reflected in CPPA materials. - [CPPA FAQ](https://cppa.ca.gov/faq.html?ref=sorena.io) - Official California FAQ. - [CPPA CCPA updates](https://cppa.ca.gov/ccpa_updates.html?ref=sorena.io) - Rulemaking and effective date updates. ## Related Topic Guides - [CPRA Applicability Test | California Scope and Trigger Guide](/artifacts/us/cpra/applicability-test.md): Confirm California scope and then identify which CPRA specific obligations activate. - [CPRA Checklist | California Privacy Rights Act Checklist](/artifacts/us/cpra/checklist.md): Track the California privacy workstreams that changed under CPRA and the 2026 rules. - [CPRA Compliance Program | California Operating Model](/artifacts/us/cpra/compliance.md): Run a California programme that can absorb ongoing CPPA rules without constant redesign. - [CPRA Consumer Rights Workflow | California Rights Operations](/artifacts/us/cpra/consumer-rights-workflow.md): Run California rights operations across delete, correct, know, opt out, and limit. - [CPRA Contracts, Contractors, and Service Providers](/artifacts/us/cpra/contracts-contractors-and-service-providers.md): Draft California recipient contracts that support both baseline CPRA compliance and the newer assurance obligations. - [CPRA Deadlines and Compliance Calendar | California Privacy Calendar](/artifacts/us/cpra/deadlines-and-compliance-calendar.md): Use the dates that matter for the current California privacy regime. - [CPRA FAQ | Practical California Privacy Rights Answers](/artifacts/us/cpra/faq.md): Answer the California questions that stall CPRA implementation decisions. - [CPRA Penalties and Fines | California Enforcement Exposure](/artifacts/us/cpra/penalties-and-fines.md): Understand what makes California exposure larger, faster, and harder to defend. - [CPRA Requirements | California Control Requirements](/artifacts/us/cpra/requirements.md): Translate the current California regime into control statements that teams can build and test. - [CPRA Risk Assessment Template | California Risk Assessment Guide](/artifacts/us/cpra/cpra-risk-assessment-template.md): Use a California specific template that matches the current rule structure instead of a generic DPIA form. - [CPRA Risk Assessments and Cybersecurity Audits | California Assurance Guide](/artifacts/us/cpra/risk-assessments-and-cybersecurity-audits.md): Prepare for the California assurance duties that now have real structure, timing, and evidence requirements. - [CPRA Sensitive Personal Information | California SPI Guide](/artifacts/us/cpra/sensitive-personal-information.md): Handle SPI with the level of design and evidence the California rules now expect. - [CPRA vs CCPA | What Actually Changed in California Privacy](/artifacts/us/cpra/ccpa-vs-cpra.md): A practical CPRA vs CCPA delta guide grounded in the current California statute, CPPA regulations, Proposition 24, and official agency guidance. - [CPRA vs Colorado Privacy Act | State Privacy Comparison](/artifacts/us/cpra/cpra-vs-colorado-privacy-act.md): Compare the California and Colorado models before reusing a state privacy template across both. - [CPRA vs Virginia VCDPA | State Privacy Comparison](/artifacts/us/cpra/cpra-vs-virginia-vcdpa.md): Compare California and Virginia privacy models before reusing contracts or request flows across both. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/us/cpra/cppa-regulations-tracker