Understanding California Fund Diversity Reporting

California's venture capital landscape is facing a significant compliance shift. If your firm invests in startup, early-stage, or emerging growth companies and has any California connection, you need to understand the FIPVCC and what it requires for fund diversity reporting.

Originally passed as Senate Bill 54 in 2023 and later amended by Senate Bill 164 in 2024, the law requires certain venture capital firms to collect and publicly report demographic information about founding teams.

The DFPI now administers and enforces the requirements.

This is not optional. For covered entities, non-compliance can mean substantial financial and reputational penalties.

What Is the FIPVCC Law?

The law creates a transparency regime for specified venture capital reporting. For covered entities, reporting is mandatory and tied to annual disclosure obligations around founder demographics.

Registration and reporting follow specific deadlines, and the law applies only when coverage criteria are met.

Who Needs to Report?

All three prongs of the covered-entity test must be met.

Part One: Are You a Venture Capital Company?

Under California Code of Regulations Section 260.204.9, an entity is a venture capital company if any one of these conditions is met.

The 50% Asset Test requires that at least 50% of assets (excluding short-term investments) are venture capital investments. A venture capital investment is defined through management rights that allow substantial participation or influence in an operating company.

If a fund regularly takes board seats or observer rights, this often satisfies the company test regardless of stated strategy.

The Venture Capital Fund Test covers firms qualifying as venture capital funds under the Investment Advisers Act of 1940.

The ERISA Test covers venture capital operating companies under the Employee Retirement Income Security Act of 1974 definition.

Part Two: Is This Your Primary Business?

The entity must primarily engage in investing in or financing startup, early-stage, or emerging growth companies.

Because these terms are not tightly defined, firms should use their own internal strategy descriptions and investor materials to evaluate this prong.

Part Three: Do You Have a California Nexus?

An entity has California nexus when at least one condition is present.

Headquartered in California.

Significant presence or operational office in California.

Investment in a California-based business.

Soliciting or receiving investments from California residents.

The nexus prongs can create broad national reach. Even a single California investor or a single California portfolio investment can trigger coverage depending on legal interpretation.

Coverage is assessed at the vehicle level, not only the adviser level.

The Two Critical Deadlines

The timeline is compressed for firms preparing first-time filings.

March 1, 2026: Entity Registration

Covered entities submit identifying information to the DFPI, including entity name, point of contact details, and contact methods.

Information must remain current and generally be updated during annual cycles.

April 1, 2026: First Annual Report

The first report covers prior-year investments made in calendar year 2025.

Thereafter, the same reporting process repeats annually.

What Information Must Be Collected?

Covered entities must collect data in eight demographic categories for qualifying founding team members through standardized survey questions.

The categories include gender identity, race, ethnicity, disability status, LGBTQ+ identification, veteran status, California residency, and declination status.

Who Counts as a Founding Team Member?

A qualifying founding team member is either a founder who held initial shares and materially contributed before issuance and is not a passive investor, or the CEO or president.

Survey Distribution Rules

Distribution has strict legal guardrails.

Timing Restriction

Surveys cannot be sent until after the investment agreement is executed and the first transfer of funds occurs.

Anti-Coercion Requirements

Neither firms nor the DFPI may incentivize or pressure any founder to participate.

The standardized survey must clearly state voluntariness, no adverse action for declining, and that only aggregated data is reported.

Anonymization Mandate

Survey data must be handled in a way that does not connect any response to an identifiable founding team member.

This creates the core privacy tension: data must be collected, but cannot be retained in identifiable form.

What Goes in the Annual Report?

The report includes aggregated demographics, diverse-founder metrics, and investment-level totals.

Aggregated Demographic Data

Reporting is done at the aggregate level only. Individual responses cannot be identifiable.

Diverse Founder Investment Metrics

A diverse founding team member is someone who self-identifies in one of the protected categories listed by the law.

A business is primarily founded by diverse team members when over half of the team responds and at least half of respondents are diverse.

The report must include both count and dollar value metrics, in aggregate and by category.

Investment-Level Data

You must still report investment totals and principal place of business for each covered company for the reporting year.

The investment-level reporting requirement applies even where survey participation is low or absent.

The Privacy Paradox and Technical Architecture Challenge

Most teams underestimate this part. They often use standard tools that keep identities tied to response flow in ways the law does not allow.

Google Forms and similar tools keep submission metadata that can create traceable links.

Spreadsheets also create process risk when invitation and survey response systems are not separated.

Solo-founder companies create additional re-identification risk and require explicit shielding.

A compliant architecture separates invitation identity from response processing, aggregates in real time, and avoids writing identifiable rows to persistent storage.

Consolidated Reporting

A business that controls covered entities may file consolidated reports in some circumstances.

Because the statute does not define control with precision, teams should document the chosen approach and confirm legal assumptions.

Enforcement, Penalties, and Public Disclosure

The consequences of non-compliance are escalating and public.

The Cure Period

Late filing triggers notice and a 60-day cure period.

Penalties After the Cure Period

The DFPI may pursue administrative remedies and civil penalties up to $5,000 per day, with potentially higher outcomes for reckless or knowing conduct.

Fees

A minimum $175 fee applies per report, subject to adjustment.

Record Retention

Covered entities must preserve report-related records for at least five years and be prepared for DFPI examination.

Public Disclosure

Submitted reports are published and searchable, with related aggregate publication possible.

This creates operational, reputational, and partner-facing risk for firms that file incorrectly or late.

Privacy Law Implications Beyond the FIPVCC

The demographic program often includes sensitive personal information under the CCPA and related privacy obligations.

Teams should implement a privacy policy, controlled access, retention governance, and secure disposal procedures tied to legal requirements.

This separation-first model also helps with broader privacy compliance posture.

Current Status and Next Steps

As of February 2026, DFPI has published templates while registration and submission systems have been evolving toward the deadlines.

Covered entities should act now, not later, because the first filing period is already short.

Confirm coverage at the vehicle level.

Define your reporting structure and mapping of 2025 investments.

Build a survey workflow that respects timing and anonymization constraints.

Decide whether to operate with internal tooling or a purpose-built platform.

Track DFPI guidance for key unresolved terms like significant presence and operational office.

Why This Matters

California fund diversity reporting is now a practical governance and reporting standard for many firms.

Standard manual processes are often insufficient for legal defensibility and scalable execution.

Conclusion

The FIPVCC creates a technical compliance problem that many traditional tools were not designed to solve.

Purpose-built systems are needed where invitation identity and response data are kept separate and solo-founder re-identification is prevented.

Comply with VCC was built for this exact workflow: architecture-first, anonymized aggregation, and filing readiness for the 2025 report cycle.

Start your 2025 filing with automated FIPVCC compliance at Comply with VCC.