SB 580 directs the California Attorney General to create model policies for how state and local agencies interact with immigration authorities and to issue guidance for how agency databases should be governed to reduce their availability for immigration enforcement. The measure frames these actions as statewide policy meant to protect community trust and privacy in public-facing agencies and services.
The bill places an implementation duty on public agencies and signals the state’s intention to shape operational practices — from records access to training — that affect interactions between immigration authorities and California’s residents, particularly immigrant communities who use public services.
At a Glance
What It Does
The Attorney General must develop model interaction policies for agencies and publish guidance — including audit criteria and training recommendations — for state and local agency databases to limit their use for immigration enforcement. Agencies are required to adopt those policies or an equivalent.
Who It Affects
All state and local agencies in California that interact with the public and maintain records — including those that contract with private vendors to host databases — as well as service providers (schools, libraries, courts, health facilities) and the vendors that run their data systems.
Why It Matters
The bill centralizes policy on how government entities handle requests from immigration authorities and sets expectations for how data can be governed or restricted, with operational and compliance implications for records management, vendor contracts, training, and public-facing services.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
SB 580 creates a new statutory duty for the Attorney General to produce two deliverables: model policies on agency interactions with immigration authorities and detailed guidance for governing agency databases so information availability for immigration enforcement is limited to the greatest extent practicable. The database guidance must include audit criteria and training recommendations and explicitly covers databases maintained by private vendors on behalf of agencies.
The statute instructs the AG to consult stakeholders in producing these materials.
Once the AG issues the materials, the bill requires state and local agencies to put them into effect (either by adopting the model policy or by implementing an equivalent). That implementation requirement forces agencies to review existing practices for records access, law-enforcement and federal-request workflows, vendor contracts, and staff training.
Because vendor-hosted systems are in scope, agencies will likely need to negotiate contract terms, data access controls, and audit provisions with third-party providers.The bill also includes procedural and jurisdictional provisions that matter in practice. It declares the issue a statewide concern (so the rules apply to charter cities), contains a severability clause, and ties potential reimbursement for local implementation costs to determinations by the Commission on State Mandates.
Finally, the statute exempts any rule, policy, or standard issued under the section from the normal state administrative rulemaking procedures, which shortens the formal process for adoption but narrows opportunities for public rulemaking input.
The Five Things You Need to Know
The Attorney General must publish model policies and database guidance by July 1, 2026, and agencies must implement the model policy or an equivalent by January 1, 2027.
The database guidance must include audit criteria and training recommendations and explicitly covers databases operated by state or local agencies, including those hosted or maintained by private vendors.
The bill requires agencies to implement the AG’s model policy or an equivalent policy rather than simply encouraging voluntary adoption, creating a statutory implementation duty for state and local entities.
Any rule, policy, or standard the Attorney General issues under this section is exempt from Chapter 3.5 of the Government Code (the normal state administrative rulemaking procedures).
The statute declares the subject a statewide concern that applies to all cities (including charter cities) and provides that if the Commission on State Mandates finds state-mandated costs, reimbursement will follow existing statutory procedures.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
AG to publish model interaction policies
This provision directs the Attorney General to publish model policies on how state and local agencies should interact with immigration authorities. The AG must consult appropriate stakeholders in drafting these policies. Practically, that means the AG will set baseline expectations for staff conduct, request handling, and limits on voluntary cooperation where state law permits, creating a single reference point for agencies statewide.
Agency implementation duty
This subsection imposes a statutory duty on state and local agencies to implement the model policy or an equivalent policy by the date specified in the statute. That duty translates to concrete steps for agencies: policy adoption, updating internal procedures, training personnel, and documenting compliance. The ‘equivalent policy’ language gives agencies some flexibility but also raises questions about what level of divergence will satisfy the statutory requirement.
Database governance, audit criteria, and vendor coverage
The AG must publish guidance, audit criteria, and training recommendations aimed at limiting how agency databases are used for immigration enforcement. Importantly, the provision covers databases maintained by private vendors for public agencies, so the guidance will affect procurement, contract terms, access controls, logging, and auditability. Agencies will need to map data flows, identify where immigration-related data reside, and potentially invest in technical controls or contract renegotiation to comply.
Exemption from standard administrative rulemaking
The bill expressly states that rules, policies, or standards adopted under this section are not subject to Chapter 3.5 of the Government Code. That removes the normal notice-and-comment rulemaking steps for those instruments, allowing the AG to issue binding directives more quickly but limiting formal stakeholder review and judicial arguments that would typically rely on the administrative record.
Findings: privacy, trust, and statewide application
The Legislature sets out findings about privacy rights, community trust, and the statewide implications of immigration enforcement, and declares that the act addresses statewide rather than municipal concerns—ensuring the law applies to charter cities. Those findings both justify the statewide mandate and signal legislative intent to prioritize privacy and trust considerations in agency operations.
Severability and state-mandated cost reimbursement
Section 3 makes the act severable so that an invalid provision won’t void the remainder. Section 4 ties potential reimbursement for local agencies’ costs to the Commission on State Mandates: if that Commission finds the statute imposes mandate costs, reimbursement will follow existing statutory procedures, leaving funding contingent on an administrative determination rather than an upfront appropriation.
This bill is one of many.
Codify tracks hundreds of bills on Immigration across all five countries.
Explore Immigration in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Immigrant community members who use public services — clearer rules and tighter data controls could reduce the risk that routine records are used for immigration enforcement, increasing willingness to seek services.
- Front-line public service providers (schools, health clinics, libraries) — standardized policies and training reduce uncertainty for staff about how to respond to immigration-related requests and may improve service continuity.
- Privacy and civil-rights advocates — the law institutionalizes state-level attention to limiting data exposure and gives advocates a formal set of standards to evaluate agency behavior.
- Local agencies that lack internal policy capacity — smaller jurisdictions gain a ready-made policy and audit framework they can adopt or adapt, lowering the administrative burden of drafting their own rules.
Who Bears the Cost
- State and local agencies — they must review and revise policies, retrain staff, update records-management practices, and, where necessary, change vendor contracts and technical controls, all of which carry administrative and fiscal costs.
- Private vendors who host or manage public agency databases — vendors may need to add access controls, logging, and contract provisions to meet audit criteria and limit responses to immigration-enforcement requests.
- County counsel and agency legal teams — they will face increased workload resolving conflicts between the model policies and federal requests, subpoenas, or statutory obligations to share certain information.
- The Attorney General’s office — producing stakeholder-informed model policies, audit criteria, and training materials will require staff time and resources, which the state must absorb unless reimbursement mechanisms cover some local costs.
Key Issues
The Core Tension
The central tension is between protecting privacy and public-trust in state and local services (by limiting the availability of government-held data for immigration enforcement) and the obligation to comply with federal immigration law and requests; the bill favors stronger state-level limits and quicker administrative action, but doing so may generate legal conflicts, implementation costs, and operational ambiguity for agencies and vendors.
The bill leaves several implementation and legal questions unresolved. First, the statute requires the AG’s materials to be drafted “in consultation with appropriate stakeholders,” but it does not define the consultation process or set minimum transparency or public-comment requirements.
Given the exemption from Chapter 3.5 procedures, stakeholders who expect formal notice-and-comment rulemaking will have less administrative recourse and fewer documented opportunities to shape the final standards.
Second, the practical limits of restricting database access are complex. Agencies may face conflicting legal obligations—federal requests, state public-records statutes, court orders, or mandatory reporting duties—that constrain how much access they can lawfully deny.
Technical and contractual constraints are real: many agencies rely on legacy systems or vendor platforms that were not designed for granular access control, and retrofitting those systems can be costly and time-consuming. The reimbursement mechanism is conditional: local costs are only reimbursable if the Commission on State Mandates determines the law imposes state-mandated costs, which creates budget uncertainty and may leave underfunded jurisdictions struggling to comply.
Finally, the statute’s nationwide implications raise constitutional and preemption risks. Immigration enforcement is primarily a federal function, and any state policy that appears to obstruct federal immigration authorities could provoke litigation over preemption or statutory conflicts with federal immigration statutes and federal information-sharing requirements.
The bill requires policies to be consistent with federal and state law, but that caveat does not eliminate the risk of lawsuits or operational disputes when federal authorities issue requests that agencies believe they cannot honor under the new guidance.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.