The Software & Information Industry Association (SIIA) has joined a coalition of organizations in urging the California Privacy Protection Agency (CPPA) to significantly narrow the scope of its proposed regulations. In a joint letter, the coalition expresses serious concerns about the economic and operational burdens these regulations would impose on businesses, estimating costs in the tens of billions of dollars and potential job losses of 100,000 or more. The letter also raises questions about the CPPA’s regulatory authority over areas like Automated Decision-Making Technology (ADMT) and Artificial Intelligence, emphasizing the need for a more balanced, risk-based approach to cybersecurity requirements.

The coalition warns that despite extensive feedback from businesses and trade groups, the draft regulations remain largely unchanged, signaling a lack of meaningful engagement in the rulemaking process. Given the significant and far-reaching impacts, the letter urges the CPPA to reconsider its approach to ensure businesses can comply without facing undue hardship.