Required GenAI Consultation by California Department of Technology

If your state entity has released a GenAI solicitation for a “Low” risk solution, and then GenAI use is identified on the GenAI Reporting and Factsheet (STD 1000) of a top-scoring bidder, your state department must conduct a GenAI Risk Assessment of the disclosed GenAI to ensure it remains a “Low” risk solution. If the disclosed GenAI is assessed as “Low” risk:

If the disclosed GenAI is assessed as “Moderate” or “High” risk, your CIO, AIO, or designee must immediately contact CDT to request a consultation. See Step 4 of the GenAI Risk Assessment at a glance for more detail.

The consultation process is illustrated in more-depth within the diagram and a detailed workflow below.

GenAl consultation process for Telecommunications, IT and non-IT

GenAl consultation process flow for Telecommunications, IT and non-IT
  1. CIO, AIO, or designee identifies from the onset (includes but not limited to box 6), that a procurement is, or contains, a GenAI technology function or service, and completes the Generative Artificial Intelligence Risk Assessment (SIMM 5305-F) OR State entity identifies GenAI technology function or service from the submission of the GenAI Reporting and Factsheet (STD 1000) during the procurement process.
  2. Submit a Case via the New Technology Consultation and Assessment request, in the CDT IT Service Portal for all risk levels.
  3. The state entity determines the risk assessment level of the GenAI to be “Low”, “Moderate”, or “High” risk.
  4. Procurement Process:
    • If the risk level is determined to be “Low”, The state entity proceeds with the existing, standard procurement process and no CDT GenAI consultation is required.
      • While no CDT GenAI consultation is required, it is available upon request.
      • CDT reserves the right to audit and consult on "Low" GenAI Risk Levels with potential higher risk concerns.
    • CDT GenAI Consultation is required for “Moderate” and “High” risk procurements.
  5. CDT will provide consultative services to assist state entities with GenAI solutions to meet their program/business needs.
  6. Resubmission – After CDT’s initial consultation, if at any time in the procurement process there are any changes to the terms, scope, or complexity of GenAI that were not evaluated or considered in the initial consultation, the state entity must resubmit the GenAI intake documents to CDT for further evaluation.

Avenues for a GenAI Consultation include but are not limited to:

  • Legislative Mandate: Instances for which a legislative mandate requires a solution that includes a GenAI technology function or service.
  • Market Research: A state entity is planning, researching, or performing analysis of a solution identifies a GenAI technology function or service.
  • Bid Response: A State entity includes the required vendor disclosure, and a vendor identifies GenAI in their response to the solicitation, or as part of their proposal.
  • Project Approval Lifecycle (PAL; SIMM 19) A state entity enters into PAL and at any stage identifies a GenAI technology function or service.
  • Budget Change Proposal (BCP): A BCP is submitted to the Department of Finance for a solution that contains a GenAI technology function or service.
  • Pilot or Proof of Concept: A state entity exploring potential use cases.
  • Intentional or incidental GenAI purchases related to IT, Non-IT or telecom purchases designated “Moderate” or “High” risk.

CDT’s GenAI consultation may result in recommended conditions or require re-submission of the GenAI intake documents based on CDT’s findings. CDT’s consultation timelines depend on the complexity of, and information provided in the GenAI intake documents. Email CDTGenAIIntakeRequest@state.ca.gov to discuss your business goals and needs.

Note: The completed GenAI Reporting and Factsheet (STD 1000) and Generative Artificial Intelligence Risk Assessment (SIMM 5305-F) are confidential and exempt from disclosure pursuant to Government Code sections 7929.210 and 8592.45.