Executive Order N-5-26 is California doing what it does best: regulating with paperwork and vibes. Except this time the paperwork is procurement—and procurement is how markets actually get shaped.
California’s EO N-5-26 doesn’t try to write the definitive “AI law.” Instead, it weaponizes the state’s purchasing power: new vendor certifications, watermarking guidance, contractor responsibility reforms, and—most interestingly—a mechanism to review (and potentially push back on) federal “supply chain risk” designations. Translation: the next AI governance fight won’t be a TED Talk. It’ll be a contract clause.
What This Order Is (And Isn’t)
EO N-5-26 is not a single sweeping statute that instantly changes private-sector behavior. It’s a direction to state agencies to build procurement machinery: certifications, guidance, toolkits, and contracting standards that quietly become the default requirement for “doing business with California.”
This approach is extremely California. If you can’t regulate it directly (or don’t want to pick a fight in court today), you regulate it the way a giant organization regulates everything: by deciding what vendors must promise before they get paid.
The 120-Day Countdown: What California Says It Wants Built
The order has a repeating drumbeat: within 120 days, agencies deliver recommendations and guidance. From the EO text, here are the key deliverables that matter for AI governance.
1) New procurement certifications (DGS + CDT)
Within 120 days, the Department of General Services (DGS) and the Department of Technology (CDT) must submit recommendations for “new certifications” that can be incorporated into state contracting processes. The point is to force entities seeking California contracts to “attest to and explain their policies and safeguards” to protect public safety and prevent misuse.
The certification topics called out include (non-exhaustively):
- Illegal content exploitation/distribution, including child sexual abuse material and non-consensual intimate imagery
- Models that display harmful bias or lack governance to reduce that risk
- Violations of civil rights and civil liberties (free speech, voting, autonomy; protections against unlawful discrimination, detention, and surveillance)
This is California setting the terms of the relationship: if you want to sell AI into government workflows, you don’t get to treat governance as a PDF you upload once a year. You have to operationalize it as a contracting posture.
2) Watermarking guidance (CDT)
Also within 120 days, CDT (with GovOps) must issue best-practice guidance for agencies to watermark “AI-generated or significantly manipulated” images and video, aligned with California Business & Professions Code §§ 22757.2 & 22757.3.
Watermarking is often discussed like a moral plea. Procurement turns it into a checkbox: “If you produce synthetic media, here is what the state expects.” That’s how norms become requirements.
3) Contractor responsibility reforms (GovOps)
Within 120 days, the Government Operations Agency (GovOps), consulting with DGS and CDT, must recommend reforms to contractor responsibility provisions—suspension and ineligibility authorities—so the state doesn’t contract with entities “judicially determined” to have unlawfully undermined privacy or civil liberties. The “judicially determined” qualifier matters: it’s trying to keep the state’s enforcement posture anchored to adjudicated findings, not vibes.
The Weirdly Spicy Part: California Reviewing Federal “Supply Chain Risk” Labels
The most structurally interesting mechanism sits in Section 2: the CDT State Chief Information Security Officer “shall review any new designations of companies as supply chain risks by the federal government.”
If the CISO concludes a designation is “improper,” DGS and CDT will issue guidance so state departments “can continue to easily procure from that company.” The EO also allows review of other federal procurement changes to assess whether they “improperly restrict procurement” and to recommend measures in response.
This is California politely saying: We will read your blacklist, but we are not obliged to share your feelings.
That matters because supply-chain risk labeling is becoming a major control surface in AI policy: it’s how national-security framing turns into procurement bans without passing a law that’s easy to challenge. California is building an internal counter-lever.
The Non-Obvious Thing: Procurement Is How Pre-emption Fights Actually Happen
Federal pre-emption fights are often described as constitutional drama. In practice, they’re fought through boring mechanisms: contract language, eligibility rules, and how money flows.
If California’s certifications and watermarking guidance become de-facto requirements for vendors, and federal agencies push in a different direction (or try to block state-level standards as “onerous”), the conflict won’t show up first in a court filing. It will show up as vendors trying to maintain one compliance posture for Sacramento and a different one for Washington—and discovering that “two rulebooks” is expensive.
And that’s the real power of procurement: it standardizes behavior by making non-compliance financially irrational.
The Singularity Soup Take
The Singularity Soup Take
If you’re waiting for “AI regulation” to arrive as a single dramatic law, you’re going to miss the real thing happening in slow motion: procurement checklists becoming the default constitution of deployed AI. California isn’t writing a manifesto. It’s writing the vendor onboarding form. And the onboarding form is where the future gets approved.
What to Watch
What to Watch
1) The certification template. What does California actually ask vendors to attest to—and how measurable is it?
2) Enforcement posture. Does “judicially determined” become a real procurement filter, or a symbolic clause?
3) Federal response. If federal agencies expand supply-chain designations, does California’s review mechanism get used—or quietly avoided to prevent a fight?
Sources
California Governor’s Office (PDF) — "Executive Order N-5-26"
Morgan Lewis — "California Executive Order Expands AI Oversight Through State Procurement"
CalMatters — "Newsom orders government to consider AI harm in contract rules"