AB 810 requires California local government entities that maintain public-facing websites and provide public employee email addresses to operate on either a “.gov” top-level domain or a “.ca.gov” second-level domain. The measure also requires noncompliant public websites to redirect to a compliant domain.
The bill aims to standardize digital identity for local government, which proponents say improves public trust and reduces phishing and impersonation, but it raises operational and cost questions for smaller jurisdictions that manage disparate web and email systems.
At a Glance
What It Does
The bill obligates public-facing local websites and public employee email addresses to use .gov or .ca.gov domains and requires noncompliant websites to redirect to a compliant domain. It sets staggered compliance windows for cities/counties versus special districts and other political subdivisions.
Who It Affects
Cities, counties, city-and-county governments, special districts, joint powers authorities, and other political subdivisions that host public websites or issue public employee email addresses are covered. K–12 school districts are excluded and community college districts may use .edu instead of .gov/.ca.gov.
Why It Matters
Standardizing domain names changes how local governments present themselves online, affects procurement and IT operations, and reshapes the market for migration, hosting, and cybersecurity services. Agencies that currently use third-party domains or varied email domains will need coordinated migration plans.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 810 sets a state-wide naming rule for public-facing local digital assets. For entities covered by the statute, the requirement is twofold: public websites must resolve on a .gov or .ca.gov address, and public employee email accounts must originate from one of those domains.
If an affected entity’s public website is not on a compliant domain by the deadline, the bill requires that the existing site be redirected to a compliant domain — not simply taken offline.
The statute staggers compliance: the state gives cities, counties, and consolidated city-counties an earlier deadline than special districts, joint powers authorities, and other political subdivisions. The text explicitly allows community college districts and community colleges to keep or use .edu domains for their public-facing sites, and it excludes K–12 public school districts from this requirement.
The bill also defines “local agency” broadly to include a list of types of political subdivisions covered by the rule.Operationally, affected agencies will have to register eligible .gov or .ca.gov domains, rehost or map existing content, update SSL/TLS certificates, configure DNS and redirects, and migrate email systems (or at least email domain aliases and SPF/DKIM/DMARC records) so that employee messages originate from the new domains. Small authorities that rely on vendor-hosted portals, third-party calendaring, or embedded services will need to coordinate migrations to avoid breaking payment endpoints, APIs, or federated logins.
The statute does not allocate state funding or detail an enforcement regime, leaving implementation assistance, costs, and penalties undefined in the text.
The Five Things You Need to Know
The bill requires public-facing local government websites to use either a “.gov” top-level domain or a “.ca.gov” second-level domain; noncompliant sites must be redirected to a compliant domain.
Public email addresses provided to employees must use a .gov or .ca.gov domain — the requirement covers the email domain itself, not merely display aliases.
Cities, counties, and consolidated city–counties face an earlier compliance deadline than special districts, joint powers authorities, and other political subdivisions (the bill sets distinct dates for each group).
A community college district or community college may use a .edu domain in place of .gov/.ca.gov; K–12 public school districts are explicitly excluded from the statute.
The statute defines “local agency” to include cities, counties, city and county, special districts, school districts, joint powers authorities, and other political subdivisions.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Cities and counties: public websites must use .gov/.ca.gov
This subsection requires cities, counties, and consolidated city–counties that maintain a public-facing website to ensure the site uses a .gov top-level domain or a .ca.gov second-level domain. Practically, that means those municipal entities must either obtain a compliant domain and host the site there or point an existing domain to the compliant address.
Cities and counties: employee email domain requirement
This provision obligates those same municipal entities to ensure each public employee email address provided by the agency uses a .gov or .ca.gov domain. Agencies will need to confirm how employee mailboxes, aliases, and third-party mail routing will be reconfigured so outgoing mail shows the required domain and authentication records are updated.
Special districts and other political subdivisions: staggered requirements and redirects
Special districts, joint powers authorities, and other political subdivisions face the same domain-and-email rule but on a later schedule. If these entities maintain noncompliant websites past the deadline, the text mandates that those sites redirect to a compliant domain rather than remain at their existing addresses. The subsection places the same requirement on public email addresses for these entities.
Higher education carve-out: community colleges may use .edu
This subsection grants community college districts and community colleges the option to use .edu domains instead of .gov/.ca.gov. From an operational standpoint, that preserves existing higher-education identity practices and avoids forcing migrations for institutions already organized under .edu.
Definitions and K–12 exclusion
The statute defines the term “local agency” to include cities, counties, city and county, special districts, school districts, joint powers authorities, and other political subdivisions; however, an additional clause excludes K–12 public school districts from the subset of provisions that would otherwise require migration. This split treatment matters for compliance planning and for the scope of any state technical assistance programs.
This bill is one of many.
Codify tracks hundreds of bills on Government across all five countries.
Explore Government in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Residents and visitors seeking official information — a common domain convention (.gov/.ca.gov) reduces the risk of mistaking imposter sites for official sources, improving trust when applying for permits, checking notices, or submitting forms online.
- State and local cybersecurity teams — standardizing domains makes it easier to coordinate DNS-security policies, implement organization-wide email authentication (SPF/DKIM/DMARC), and detect anomalous domains that impersonate government sites.
- Vendors and integrators that provide migration, hosting, and identity services — forced migrations create demand for domain registration, website rehosting, SSL provisioning, and email transition work.
- Community colleges — the explicit allowance to use .edu preserves existing branding, avoids migration costs for many community college IT shops, and keeps academic federations intact.
Who Bears the Cost
- Small special districts and local agencies with limited IT budgets — these entities must absorb domain registration fees, hosting changes, email migration work, and staff time for a project many have not budgeted for.
- Local IT staff and contractors — the bill creates a concentrated workload: DNS and certificate changes, updating links and embedded resources, and coordinating redirects without breaking integrations.
- Third-party service providers used by local governments (payment processors, scheduling platforms, public records portals) — integrations may require contract changes or technical remapping to reflect new compliant domains.
- County clerks and records officers — while not explicitly named, these officials commonly maintain public portals and may face administrative overhead ensuring forms, public notices, and archival links continue to resolve correctly after migration.
Key Issues
The Core Tension
The central dilemma is between increasing public trust through domain standardization and the practical cost and technical complexity of forcing migrations: the policy reduces impersonation risks and improves discoverability, but doing so without funding, enforcement clarity, or transitional support risks uneven implementation, broken services, and disproportionate burden on small local entities.
The bill prescribes a clear naming standard but leaves major implementation questions open. It does not earmark funding, create a grant program, or set an enforcement mechanism (civil penalties, withholdings, or injunctive remedies are absent from the text).
That absence shifts the practical burden onto local budgets and existing IT teams, and it raises the likelihood of uneven compliance across jurisdictions. Without state technical assistance, smaller districts may rely on vendors or temporary fixes that satisfy the letter of the requirement (simple redirects) but leave underlying security and authentication issues unresolved.
Another tension arises between standardization and operational fragmentation. Requiring .gov/.ca.gov domains centralizes the visual identity of local agencies, which helps citizens, but it may also break established integrations: third-party portals, embedded widgets, or federated identity systems that expect legacy domains.
The transition will require careful coordination of DNS, TLS certificates, email authentication records, and contractual updates with vendors. The carve-out allowing community colleges to use .edu preserves higher-education identity but creates a two-tier system that will require clear public messaging to avoid confusing users about where to go for services.
Finally, the bill mandates redirects rather than addressing how long redirects should persist or how archival links will be maintained, leaving open questions about SEO, public-records access, and long-term link rot.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.