A Clear Guide to the California DEI VC Law

California has long influenced national legal trends, and the venture capital sector is now dealing with the practical impact of the Fair Investment Practices by Venture Capital Companies Act, the FIPVCC.

This law began as SB 54 in 2023 and was replaced in 2024 by SB 164.

The law is a disclosure framework with enforceable reporting and timeline obligations.

This guide covers who is covered, what the law requires, how the process works, and what is at stake.

Why This Law Exists

The FIPVCC is a transparency requirement, not a mandate to change investment decisions.

It requires covered entities to collect founder demographic data and report aggregated results publicly to the DFPI.

It does not impose quotas or preference requirements; it imposes measurement and reporting requirements.

A key design change in SB 164 was moving administration from the Civil Rights Department to the DFPI.

That move shifted this into a regulatory model with examination authority and compliance consequences.

Who Actually Has to Comply

Coverage is determined using a three-part analysis at the fund or vehicle level.

A manager may have covered and non-covered vehicles simultaneously.

Step 1: Does the entity qualify as a venture capital company?

Under California Code of Regulations Section 260.204.9, an entity qualifies as a venture capital company if one of three pathways is met.

First, at least 50% of assets (excluding short-term pending investments) valued at cost must be venture capital investments during each annual period from initial capitalization.

Second, the entity may qualify as a venture capital fund under SEC Rule 203(l)-1 under the Investment Advisers Act.

Third, the entity may qualify as a venture capital operating company under ERISA Rule 2510.3-101(d).

The venture capital investment definition is broad.

It includes securities acquired in an operating company where the adviser, fund, or affiliate holds management rights.

Management rights include substantial participation, influence, or meaningful guidance over management and operations.

Board seats and board-observer seats generally meet this standard.

Step 2: Does the entity primarily invest in startups, early-stage, or emerging growth companies?

These three terms are not defined in the FIPVCC itself.

The JOBS Act uses a revenue threshold for emerging growth companies, but that framework is not controlling for this statute.

In practice, how the fund describes its strategy in offering documents and investor reporting is highly relevant.

Step 3: Does the entity have a California nexus?

Coverage can arise from any one of four nexus criteria.

Headquartered in California.

Having a significant presence or operational office in California, though both remain undefined in guidance.

Making venture capital investments in businesses with a California location or significant operations.

Soliciting or receiving investments from California residents.

The nexus test can create broad exposure.

A fund with even a single California LP may be in scope.

The same one-fund logic applies at vehicle level.

The Two Deadlines

Filing preparation is deadline-driven and should start with a concrete timeline.

March 1, 2026 — Registration

Every covered entity must register through the DFPI VCC Registration Portal.

The submission requires entity name, designated point-of-contact details, email, phone, address, and website.

Registration data must be maintained accurately and kept current in annual filings.

April 1, 2026 — First Annual Report

The first report is due April 1, 2026 and covers qualifying 2025 venture capital investments.

Annual reports are then due every April 1 for the prior calendar year.

What the Annual Report Actually Contains

The report has multiple sections.

Founding team demographic data

For each covered portfolio company, report aggregated founder categories only to the extent disclosures were voluntarily provided through the DFPI survey.

The eight required categories are gender identity (including nonbinary and gender-fluid), race, ethnicity, disability status, LGBTQ+ identification, veteran status, California residency, and decline-to-provide status.

Diverse founder investment metrics: counts

Report the percentage and count of investments in businesses primarily founded by diverse founding team members.

Metrics are shown in aggregate and in category-level breakdowns.

Diverse founder investment metrics: dollars

Report the percentage and dollar total of investments in those same businesses.

These values are again reported in aggregate and by category.

A company qualifies as primarily founded by diverse members only when more than half of founders respond and at least half of respondents are diverse.

Low response rates can prevent threshold qualification.

Investment-level dollar data

Each covered entity must report the total dollar amount invested in each covered portfolio company.

This obligation is mandatory regardless of survey responses.

Principal place of business

The principal place of business for each portfolio company must be reported.

These two components remain mandatory even where no founder responses were received.

Consolidated reporting

A business that controls a covered entity may submit one consolidated report for multiple covered entities.

The statute does not fully define control, so firms should document assumptions and legal basis.

The Survey Process and Why It's Legally Complicated

Founder data in the annual report comes only from the DFPI standardized survey form.

Survey timing restrictions

Surveys may only be distributed after the investment agreement is executed and the first transfer of funds is made.

This rule is designed to avoid coercion around funding decisions.

Anti-coercion and disclosure requirements

The covered entity and DFPI may not influence participation decisions.

The survey must disclose voluntary participation, no adverse action for declining, and that only aggregated data will be reported.

Anonymization requirements

The law requires data collection and reporting in a non-identifiable manner.

A process cannot link founder responses back to specific individuals in a way that creates identifiable records.

Systems that send invitations should be separate from systems that process responses.

Solo-founder companies require additional protections due to re-identification risk.

Fees, Penalties, and Public Exposure

Each annual report carries a minimum fee of $175.

Late filing triggers written notice and a 60-day cure period.

If unresolved, the DFPI can pursue cease-and-desist orders, injunctive relief, fee recovery, and civil penalties up to $5,000 per day.

Reckless or knowing violations may support higher amounts.

The Commissioner applies a case-by-case factors analysis, including financial standing, AUM, nature of failure, and prior violations.

Reports are publicly searchable and downloadable, which creates reputational consequences beyond penalty figures.

What to Do Right Now

This is a practical compliance sequence:

First, determine whether each vehicle is a covered entity under the three-step test.

Second, decide whether reporting is consolidated or by vehicle.

Third, map 2025 investments to determine covered venture capital investments and collect principal place-of-business and amount invested.

Fourth, identify founding team members and prepare DFPI survey distribution where timing rules are satisfied.

Fifth, implement an architecture that separates invitation systems from response handling and retains only non-identifiable audit data.

The FIPVCC deadline is tied to already-completed activity, so delay materially increases filing risk.

Getting This Done Without Building an Entire Data Infrastructure

Most firms are not equipped to build compliant anonymization architecture from scratch.

Google Forms and spreadsheets commonly preserve identifiable linkages that conflict with the law.

Comply with VCC was built to solve this architecture issue end-to-end.

The platform separates identity-aware invitation systems from anonymous aggregation systems.

Individual responses are not written to the database; raw submissions are not persisted; solo-founder data is protected from re-identification.

A five-year audit trail is maintained without identity linkage.

If this law applies to your firm, the infrastructure choice is now: implement a compliance-safe workflow.

If this reporting is required, start your 2025 FIPVCC filing at https://complywithvcc.com.