What's Changed in California's Diversity Reporting Law

Overview

On June 29, 2024, California Governor Gavin Newsom signed into law S.B. 164 (the “Diversity Reporting Law”), amending the previous version of the law that was adopted in 2023, S.B. 54[1][2]. Please visit the following link for our previous client alert on this topic:

Key Highlights from California’s New Diversity Reporting Law.

The Diversity Reporting Law is intended to highlight and address the lack of funding for companies owned by diverse owners. Beginning in 2026, the Diversity Reporting Law will require venture capital companies with a California nexus to file an annual report with the California Department of Financial Protection and Innovation (“DFPI”) detailing certain demographic data about the founding team members of the businesses in which such entities made a venture capital investment in the prior calendar year (meaning that data should be collected starting in 2025 for the first report), as well as the total amount of money invested in such businesses and a breakdown of diverse and non-diverse businesses and founding teams. The collected data will be publicly available on DFPI’s website.

The Diversity Reporting Law may still face legal challenges that could delay, prevent, or limit implementation of the law. California has seen push back on prior diversity bills. For example, a California court held California A.B. 979 was unconstitutional in 2023 because the bill imposed a race-based classification by requiring publicly held corporations based in California to include at least one director from an underrepresented community. Another California court enjoined California law S.B. 826 in 2022 on similar grounds for requiring public companies based in California to have a certain number of female directors. Although the Diversity Reporting Law differs from those proposed bills in that it only requires diversity data reporting and does not mandate diversity quotas or targets, it may be prone to attack in light of the growing number of challenges to laws, regulations, and corporate programs promoting diversity, equity, and inclusion following the Supreme Court’s 2023 decision effectively ending affirmative action for college admissions.[3]

Amendments

The amendments to the original diversity reporting law, S.B. 54 (the “Original Diversity Reporting Law”) were adopted to address concerns by Governor Newsom that the Original Diversity Reporting Law contained “problematic provisions and unrealistic timelines” and would be impractical for the original government department with oversight over the Original Diversity Reporting Law to implement and enforce.[4] Although the Original Diversity Reporting Law was signed into law in 2023, the law did not require the filing of reports until March 1, 2025; thus, the law was amended before any companies were required to comply.

The principal effects of the 2024 amendments to the Original Diversity Reporting Law include:

(i) Adding covered entity-level reporting due March 1, 2026;

(ii) Delaying the first filing date for portfolio company level reports from March 1, 2025, to April 1, 2026;

(iii) Changing the regulatory body overseeing the law from the California Civil Rights Department to DFPI;

(iv) Requiring the reporting of demographic data to apply only to founders, CEOs, and presidents of startup companies, and not CFOs or other officers or directors of such companies;

(v) Setting a maximum penalty for non-compliance with the Diversity Reporting Law (though such maximum will not apply for reckless or knowing violations of the law);

(vi) Limiting the applicability of the law to avoid capturing investment vehicles that do not engage in venture capital investments; and

(vii) Extending the requirement for venture capital companies to retain records related to reports required under the law from four to five years.

Who Must Comply

The Diversity Reporting Law applies to “covered entities.” The following flow chart can be used to help determine if a company is a covered entity. A company is a covered entity only if it answers “yes” to all three boxes below.

Practical Implications

The Diversity Reporting Law is broad in scope and can capture entities that are not otherwise subject to California state law reporting. Because venture capital companies that solicit or receive investments from a California resident (which may be either an individual or an entity) are considered covered entities, venture capital companies will generally be subject to the Diversity Reporting Law unless such companies intentionally exclude California residents from fundraising. Managers should diligently review each of their investment vehicles (including single investor co-investment vehicles and alternative investment vehicles) that primarily invest or provide financing to startup, early-stage, and emerging growth companies to determine whether such vehicles are covered entities under the Diversity Reporting Law. 

What Needs to Be Disclosed

Covered Entity Level

Identifying Information. The Diversity Reporting Law requires each covered entity to submit to DFPI the following identifying information by March 1, 2026:

1. The covered entity’s name, email address, telephone number, physical address, and internet website; and
2. The name, title, and email address of a person who will serve as the dedicated point of contact for the covered entity with DFPI.

Failure to update this identifying information when submitting the annual reports (described below) can result in penalties even if the covered entity otherwise provides all information required under the Diversity Reporting Law. Covered entities should therefore ensure that the contact information of each covered entity and its designated point of contact are accurate when submitting the reports each year.

Investment Information. For the prior calendar year, each covered entity should provide to DFPI the following information by April 1, 2026, and annually thereafter:

1. Anonymized to the extent possible, the number of Venture Capital Investments made in the prior calendar year in companies primarily founded by diverse founding team members[5] as a percentage compared to the total number of Venture Capital Investments made by such covered entity (aggregated and broken down into categories described in Item 2 under the “Portfolio Company Level” subheader below);
2. The dollar amount[6] of Venture Capital Investments made in the prior calendar year in companies primarily founded by diverse founding team members as a percentage compared to the total dollar amount of Venture Capital Investments made by such covered entity (aggregated and broken down into categories described in Item 1 under the “Portfolio Company Level” subheader below);
3. The total dollar amount invested in each entity in which a Venture Capital Investment was made by such covered entity; and
4. The principal place of business of each entity in which a Venture Capital Investment was made by such covered entity.

Practical Implications

Portfolio Company Level

At an aggregate level, for the founding team members[7] of all the portfolio companies invested in by each covered entity in the prior calendar year, the relevant covered entity should provide the following information by April 1, 2026, and annually thereafter (meaning that data should be collected starting in 2025):

For each founding team member, such member’s:

1. Gender identity (including nonbinary and gender-fluid identities);
2. Race;
3. Ethnicity; and
4. Disability status;
   
   and whether any founding team member:
5. Identifies as LGBTQ+;
6. Is a veteran or a disabled veteran;
7. Is a resident of California; and/or
8. Declines to provide any of the information in (1) to (7) above.

Practical Implications

The language of the Diversity Reporting Law states that a covered entity is only required to provide each founding team member with an “opportunity to participate” in a survey for the purposes of collecting the above-listed information. While it is not clear what constitutes an appropriate “opportunity to participate,” it would be prudent for the covered entity to internally document the dates it provides the surveys to founding team members to complete.

Reporting Fees

The Diversity Reporting Law entitles DFPI to charge reasonable fees for submitting the required reports. The fees for each report will be at least $175, but DFPI may adjust the fee as necessary to meet the reasonable costs of administering the Diversity Reporting Law.

How the Information Must Be Collected

On an annual basis, pursuant to the timelines discussed in “Penalties for Non-Compliance” below, the covered entity shall obtain the information required by DFPI by providing each applicable founding team member of a covered portfolio company with a standardized survey (which shall be provided pursuant to a form specified by DFPI[8] and must include a “decline to state” option for each question).

The covered entity must also provide a written disclosure to each founding team member (simultaneous or prior to distribution of the survey) stating that (i) disclosure of demographic information is voluntary, (ii) no adverse action will be taken against the founding team member if they decline to participate in the survey, and (iii) the aggregate data collected for each demographic category will be reported to DFPI.

The covered entity should provide the survey to the applicable founding team members after the covered entity has executed an investment agreement with such portfolio company and made the first transfer of funds.

Penalties for Non-Compliance

Starting in 2026, if a covered entity fails to (i) update the identifying information to DFPI by April 1 of each year or (ii) submit the annual reports (covering the other covered entity information and the portfolio company level information) by April 1 of each year, DFPI shall give the covered entity notice of such non-compliance and a cure period of 60 days to update or submit the report, as applicable. If the covered entity again fails to update or submit the report prior to the end of the cure period, DFPI may seek all available remedies against the covered entity, including requiring compliance with the Diversity Reporting Law and enforcing penalty payments for such non-compliance. 

The determination of any financial penalty for non-compliance will be a facts and circumstances determination by the courts, which shall take into consideration several factors, including, but not limited to: (i) the financial standing of the covered entity, (ii) the covered entity’s assets under management, (iii) the nature of the covered entity’s failure to comply, and (iv) the amount of financial resources available to the covered entity; however, the penalty shall not exceed $5,000 per day of non-compliance and/or non-payment. Penalties larger than $5,000 per day can be awarded if the covered entity has knowingly or recklessly violated the Diversity Reporting Law. DFPI may also seek reimbursement for reasonable attorneys’ fees and investigative expenses and is entitled to publish any information concerning violations of the Diversity Reporting Law by any covered entity.

Retention of Records & DFPI’s Investigative Powers

Covered entities are required to retain all records relating to reports for at least five years after they submit each report to DFPI. DFPI is entitled to examine the records of any covered entity to determine compliance with the Diversity Reporting Law, including requiring the covered entity to file additional written reports and/or provide answers to questions from DFPI.

Privacy Matters

The information gathered and stored by covered entities under the Diversity Reporting Law includes sensitive personal information, which may implicate meaningful privacy compliance obligations under U.S. state and even foreign data privacy laws to which the covered entity and its affiliates may be subject. Since founding team members of implicated portfolio companies, whose personal information is involved, could reside anywhere in the world, both domestic and foreign data privacy laws could be implicated. Even if covered entities have previously collected personal information relating to founding team members of portfolio companies, covered entities should consult with their legal counsel to evaluate whether the collection of likely new and more sensitive data elements impacts their obligations under applicable data privacy laws. For example, covered entities may need to update their privacy notices to reflect the handling of this sensitive personal information, consider whether obtaining founding team members’ consent would be required and/or valid under applicable data privacy laws, and ensure their data privacy processes and practices comply with both the Diversity Reporting Law and applicable data privacy laws.

[1] See S.B. 164, Leg. Ch. 41 (Cal. 2024).

[2] See S.B. 54, Leg. Ch. 594 (Cal. 2023).

[3] See Morrison Foerster, SCOTUS Effectively Ends Affirmative Action for College Admissions: What This Decision Might Mean for Workplace Diversity Programs (June 30, 2023).

[4] See A signing message of Governor Newsom: SB 54 by Senator Nancy Skinner (D-Berkeley) – Venture Capital Companies: Reporting, Office of Governor (Oct. 8, 2023).

[5] A business is primarily founded by diverse team members if more than half of the founders respond to the survey and at least half of such team’s members identify as women, nonbinary, Black, African American, Hispanic, Latino/Latina, Asian, Pacific Islander, Native American, Native Hawaiian, Alaskan Native, disabled, veteran or disabled veteran, lesbian, gay, bisexual, transgender, or queer.

[6] The plain language of the Diversity Reporting Law does not make it clear whether or not the reporting in item 2 under the “Covered Entity Level” subheader is with respect to an “amount” of companies or “dollar amount” invested in such companies. We have interpreted the reporting as being based on the invested dollar amount because, if based otherwise, it would be duplicative of the requirement under the “Covered Entity Level” subheader. We anticipate this will be clarified when the reporting form is provided.

[7] A founding team member means either of the following: (a) a person who (i) owned initial shares or similar ownership of the business, (ii) contributed to the concept, research, development, or work performed by the business prior to initial shares being issued, and (iii) was not a passive investor in the business; or (b) a person designated as chief executive officer or president.

[8] As of the date of the update to this client alert, the standardized form has not yet been provided.