AI Governance Podcast - California's ADMT Regulations with Phil Laird

Summary

This episode of the AI Governance Podcast features Phil Laird, General Counsel of the California Privacy Protection Agency (CPPA). Phil joins Enzai's Matt McCallum to discuss how California is operationalising automated decision-making oversight in 2026 and 2027.

They explore what California's regulations require by "meaningful human involvement" and what the definition explicitly rules out, the most common failure modes in early ADMT implementations, how California's Risk Assessment regime overlaps with EU AI Act and GDPR work, and the architectural ambition behind DROP. Phil closes on why "frictionless" is operating doctrine inside the agency rather than consumer rhetoric.

You can listen on Spotify or Apple Music or watch the episode here on YouTube.

Key takeaways

• What California's definition of "meaningful human involvement" explicitly closes the door on, and why some enterprise human-review patterns won't pass it.

• The most common failure mode in early ADMT implementations: organisations believing they have addressed automation bias when they have not, and what the CPPA's sharper expectations actually require.

• Where California's Risk Assessment regime overlaps with EU AI Act and GDPR work, where it doesn't, and why "re-use" is bounded rather than wholesale.

• Inside DROP, the centralised Delete Request and Opt-out Platform California is building, and what operational readiness in 2026/2027 looks like for in-scope businesses.

• Why "frictionless" is operating doctrine inside the CPPA rather than consumer rhetoric, and how that shapes the agency's regulatory sequencing.