SB 942 96-Hour Rule for AI Licensees: Revocation, Liability, and Contract Drafting in 2026

California SB 942 makes covered AI providers responsible for policing their third-party licensees: when a licensee is caught stripping or modifying the manifest or latent disclosures the AI system applies to its outputs, the covered provider must revoke the license, and the licensee then has 96 hours to stop using the system before the California Attorney General can seek injunctive relief directly against them. The mechanism is deceptively simple to describe and genuinely complicated to operate. This guide explains how the 96-hour rule actually works, what contract clauses every covered provider needs in its licensing agreements, what the cascading liability looks like in practice, and what the engineering checklist looks like for the kill-switch infrastructure that has to exist before the law takes effect on August 2, 2026.

What the 96-hour rule actually does, step by step

The cleanest way to understand SB 942's licensee enforcement architecture is to walk through the sequence of events that the statute contemplates. A covered provider — that is, a generative AI provider with more than one million monthly Californian users, generating image, video, or audio content — licenses its AI system to a third party. That licensee uses the system in production, and at some point either modifies the output to remove the manifest disclosure (the visible "AI-generated" label) or strips the latent disclosure (the embedded C2PA-style cryptographic manifest) before redistributing the content. Under SB 942, that stripping is itself a violation of the law — but the covered provider does not get to be a passive bystander. The covered provider has an affirmative obligation to detect such violations and to revoke the licensee's access when they are discovered. Once revocation happens, the 96-hour clock starts. The licensee has those 96 hours to stop using the system entirely. After 96 hours have passed, the Attorney General, a city attorney, or county counsel can file a civil enforcement action seeking injunctive relief specifically against the licensee.

Two pieces of that sequence reward closer attention. First, the trigger event is the covered provider's discovery of the violation, not the violation itself. That makes detection a compliance function, not just a security or quality-assurance function — what counts as "discovery" will determine when the revocation clock starts. Second, the 96-hour window is a grace period for the licensee, not for the covered provider. The covered provider's revocation must be prompt; the 96 hours after revocation is the licensee's window to wind down, not extra time for the covered provider to deliberate.

The cascading liability problem and why it changes API design

The single most important practical consequence of SB 942's licensee architecture is the cascading liability rule. Failing to revoke a non-compliant licensee makes the covered provider liable for the licensee's continuing violations, on top of whatever direct liability the covered provider already has for its own disclosure obligations. That is a structural choice the statute makes deliberately: the covered provider is the entity with the deep pockets and the technical means to enforce the regime, so the law puts the burden of enforcement on the covered provider rather than relying on the AG to chase down individual licensees one at a time.

The downstream effect of cascading liability is that covered providers cannot treat their API as a neutral utility that they ship to whoever pays. Every licensee becomes a compliance surface. Most covered providers are responding by tightening three things at once. They are pushing the operational risk back onto the licensee through indemnification clauses in licensing contracts, so that if the licensee's violation triggers covered-provider liability, the covered provider can recoup that exposure. They are building automated monitoring on their own infrastructure, because the statute imposes a discovery-triggered duty and waiting for a regulator to inform you of a violation is the worst possible form of discovery. And they are drafting termination provisions that preserve unilateral revocation rights without requiring proof, notice, or cure periods, because the 96-hour clock does not stop while the parties argue about whether the violation actually occurred.

What the licensing contract has to say (and what most contracts get wrong)

SB 942 requires the licensing contract between a covered provider and its third-party licensee to obligate the licensee to preserve the manifest and latent disclosures the system applies to outputs, and to give the covered provider a revocation mechanism for violations. That is the statutory floor. A defensible SB 942 licensing contract typically goes well beyond the floor and includes the following provisions, drafted with the cascading liability problem in mind. First, an explicit representation by the licensee that it will not strip, modify, alter, or interfere with any manifest disclosure or any latent disclosure embedded in outputs by the licensed system. Second, a covenant to preserve provenance metadata across any downstream modification the licensee performs — re-encoding, format conversion, social media uploads, AI-to-AI processing, and the like. Third, an audit right for the covered provider to verify compliance, typically including the right to sample outputs and to require the licensee to provide attestations of compliant operation. Fourth, a unilateral termination right tied to disclosure violations, which does not require the covered provider to prove the violation in litigation before exercising the right. Fifth, an indemnification provision under which the licensee bears any loss the covered provider suffers as a result of the licensee's violations, including the per-day-per-violation statutory penalties. Sixth, a post-termination usage restriction with explicit reference to the 96-hour window, so that the contractual obligations align with the statutory framework.

The most common drafting error in pre-SB-942 licensing agreements is treating disclosure preservation as a default-best-practices clause rather than a hard contractual obligation. Boilerplate language like "licensee shall comply with applicable law" is not enough — it neither identifies SB 942 specifically nor creates the unilateral revocation right the covered provider needs. The other common error is omitting the audit right, which leaves the covered provider with no way to verify compliance until a third party (a regulator, a competitor, a journalist) reports a violation. Audit rights paired with automated monitoring are the operational pair that makes the 96-hour rule survivable.

Engineering the 96-hour kill switch

The technical infrastructure required to comply with the 96-hour rule has two halves: detection and revocation. The detection half is harder. At minimum, a covered provider needs a sampling pipeline that periodically pulls outputs from each licensee's usage and verifies that the manifest and latent disclosures are intact. C2PA manifest verification is the standard primitive — every output should carry a cryptographically signed manifest tied to the covered provider's certificate, and the verification step checks that the manifest is present, valid, and unmodified. When the manifest is missing or broken, that is a presumptive violation worth investigating. More sophisticated covered providers also subscribe to third-party content monitoring services that crawl public platforms looking for disclosure-stripped versions of their generated content; if a monitoring service finds an image that appears to have come from your model but lacks your watermark, that is also a discovery event.

The revocation half is mostly a question of API credential lifecycle management. Every licensee corresponds to a credential set — API keys, OAuth client IDs, signed tokens, or some combination. Revocation requires the ability to invalidate a specific credential set within minutes (not days), and to do so atomically across all the regions and edge nodes where the credential could authenticate. Most cloud-native AI providers handle this through a credential-revocation control plane that propagates invalidations through a distributed cache with low TTL on credential lookups. The alternative — slow propagation of revocations through eventual consistency — is incompatible with the cascading liability regime, because a revocation that takes 48 hours to propagate is functionally a revocation that takes 48 hours, which uses up half the 96-hour window before the licensee can even know the license is gone.

For covered providers that license at scale (think hundreds or thousands of B2B customers), the operational layer beyond detection-plus-revocation is incident handling. When a violation is detected, who decides whether to revoke? The 96-hour clock argues against a careful committee process — by the time the committee deliberates, the per-day-per-violation exposure is accumulating. The pattern that has emerged at the largest covered providers is automated revocation triggered by monitoring alerts, with a parallel manual review workflow that can either confirm the revocation or reinstate the credential if the alert turns out to be a false positive. The defensible compliance posture is fast revocation followed by careful review, not the reverse.

How the 96-hour rule fits with the rest of SB 942

The licensee revocation mechanic is one of three core SB 942 obligations, and understanding the others sharpens the operational picture. SB 942 also requires every covered provider to embed both manifest (human-visible) and latent (machine-readable) disclosures in image, video, and audio outputs — the substantive disclosure regime that the 96-hour rule is designed to enforce. That is the topic of our companion SB 942 manifest vs latent developer implementation guide. SB 942 further requires every covered provider to offer a free, public AI detection tool that lets any user verify whether a piece of content was generated by the provider's system — a separate engineering deliverable that the 96-hour mechanism interacts with in the sense that the detection tool can also serve as part of the covered provider's own monitoring infrastructure. The October 2025 AB 853 amendments pushed the effective date for all of these obligations to August 2, 2026 and added new categories of obligations for large online platforms (effective January 1, 2027) and capture device manufacturers (effective January 1, 2028). Our SB 942 vs AB 853 changelog tracks the deadline math.

What to do this quarter (and what most covered providers are missing)

With about three months until SB 942 takes effect, the practical sequence for covered providers is contract first, infrastructure second, monitoring third. Lock the SB 942-compliant licensing contract template this month and begin re-papering active licensees on the new template. The contract drafting work should be done before the engineering work because the contract sets the operational requirements that the engineering has to support — for instance, the contract's audit right defines what kind of monitoring infrastructure you actually need to build. Next month, complete the API credential-revocation control plane work so that any credential can be invalidated within minutes across all regions. Through the run-up to August 2, build the monitoring pipeline that produces the discovery events that trigger the revocation clock. The single most common gap we see in covered-provider compliance plans is overinvestment in the manifest and latent disclosure technical work and underinvestment in the licensee-monitoring layer. Both halves are required; only one of them gets press attention.

Sources

The primary materials are the SB 942 statute on Digital Democracy and the AB 853 amendments on California Legislative Information (the source of the August 2, 2026 effective date). For the contractual angle in particular, Orrick's analysis of the new contract requirements and Jones Day's overview of the licensee provisions are the most useful practitioner-grade summaries. Troutman Pepper Locke's post-AB-853 alert covers the amendment's impact on the contractual provisions. Watch the California Attorney General's office for any pre-effective-date guidance on what counts as "discovery" of a licensee violation, which is the most ambiguous statutory term and the most likely subject of early enforcement attention.