A new California law will require covered investment entities to register with the California Department of Financial Protection & Innovation (DFPI) by March 1, 2026, and provide demographic surveys to their portfolio companies and report any such survey responses received on an aggregated basis to the DFPI by April 1, 2026. The Fair Investment Practices by Venture Capital Companies Law (FIPVCC) was passed to increase diversity in the venture capital industry and promote more equitable investment practices. The law may, in certain cases, require registration of entities operated by firms that do not consider themselves traditional venture capital funds. Additionally, registration under the FIPVCC may be required for entities that are not based in or maintain operations in California. Investment firms and other entities making potentially covered investments should carefully review the applicability of the FIPVCC to their business.

In Depth

Who qualifies as a covered entity?

There are three requirements to be a covered entity to register and report under the FIPVCC.

Is the entity a venture capital company (VCC)?

There are three ways an entity can be considered a VCC:

  • The entity has (on at least one occasion during the annual period commencing with the date of its initial capitalization and on at least one occasion during each annual period thereafter) at least 50% of its assets comprising venture capital investments, which are defined to include investments in operating companies that come with management or certain advisory rights.
  • The entity qualifies as a venture capital fund under US Securities and Exchange Commission Rule 203(l)‑1.
  • The entity qualifies as a venture capital operating company under US Department of Labor rules.

Does the entity primarily engage in covered activity?

Under the FIPVCC, covered activity is the business of investing in or providing financing to “startup, early-stage, or emerging growth companies.” None of these terms is defined in the statute, nor does the FIPVCC precisely specify what constitutes being “primarily engaged in” such covered activity.[1]

Does the entity have a California nexus?

An entity’s California nexus can be established by the entity (i) being headquartered in the state, (ii) maintaining a significant operational footprint or office there, (iii) investing in California‑based companies, or (iv) soliciting or receiving investments from California residents.

Registration requirements

Beginning March 1, 2026, covered entities must register with the DFPI by submitting basic organizational and contact information. Required details include the entity’s legal name, a designated contact person with title and email address, and the firm’s principal contact information, including its email, phone number, physical address, and website. The DFPI is developing an online platform to accept these submissions and is expected to release additional guidance before the deadline. Covered entities should monitor DFPI updates so they are prepared to register promptly once the portal goes live.

Demographic survey obligations

Following registration, covered entities must administer a standardized demographic survey created by the DFPI. The survey must be provided to the founding team members of each portfolio company that received investment or financing from the covered entity during the prior calendar year (whether or not those portfolio companies are located in California). Please note that covered entities are required to direct the survey to the founding team members of each portfolio company, not just the portfolio company itself.[2] Information may be collected only after the covered entity has executed an investment agreement and funded the initial capital transfer. The survey requests self‑identified demographic information concerning gender identity, race, ethnicity, LGBTQ+ identification, disability status, veteran status, and California residency. These categories are more expansive than the information business entities may have been submitting in federal EEO-1 employer information reports, which require reporting only by job category, sex, and race or ethnicity.

Participation by founding team members must be voluntary, and covered entities are required to provide a written disclosure stating that declining to respond will not result in adverse consequences and that only aggregated, anonymized information will be reported. Covered entities may also satisfy these requirements through a consolidated report submitted by a controlled entity, as long as all required information is included.

To the extent a founding team member is also an employee of a covered entity, firms will want to ensure that they store the demographic information collected via the survey in a place separate from the individual’s personnel file.

Annual reporting requirements

By April 1, 2026, and annually thereafter, covered entities must submit a Venture Capital Demographic Data Report to the DFPI reflecting any information received from portfolio companies. The report must include aggregated, anonymized demographic information collected from the DFPI‑mandated surveys returned during the prior year. The report has three parts, which collect the following:

  • Part I: Aggregated information identifying the total number of survey responses received from founding team members for each demographic category identified on the report. The covered entity must still report on any founding team members, even if a founding team member declines to provide demographic information, in which case the report will reflect the individual as “decline to state” based on the DFPI’s standardized survey.
  • Part II: Information identifying, for the prior calendar year, (i) the number of investments made in companies primarily founded by diverse founding team members (in the aggregate and broken out by each demographic category), expressed as a percentage of the total number venture capital investments, and (ii) the total dollar amount of venture capital investments in businesses primarily founded by diverse founding team members (in the aggregate and broken out by each demographic category), expressed as a percentage of the total dollar amount of venture capital investments.
  • Part III: For each business that received venture capital investment from the covered entity during the prior year, a list of (i) the total amount of venture capital invested and (ii) the principal place of business. Note that the report does not require covered entities to identify each business.

The DFPI will make all submitted reports publicly accessible, searchable, and downloadable on its website, and it may publish additional aggregated statewide results.

If a report is not submitted by the deadline, the DFPI will issue a notice and provide the firm with a 60‑day cure period. Covered entities must also ensure that their registration information remains accurate; failure to update this information is subject to the same notice‑and‑cure procedures.

Recordkeeping and penalties

Covered entities must maintain records related to their obligations under the FIPVCC, including copies of all submitted reports, for at least five years after submission. Enforcement authority under the law is broad. The DFPI may issue cease‑and‑desist orders, require payment of investigative and legal costs, and impose monetary penalties. Penalties may reach $5,000 per day for ongoing violations, with larger amounts for reckless or knowing noncompliance. In determining the amount of any penalty, the commissioner and the courts may look to the following potentially mitigating factors:

  • The financial standing of the covered entity.
  • The number of assets under management by the covered entity.
  • The nature of the covered entity’s failure to comply with this chapter.
  • The amount of financial resources available to the covered entity.
  • The covered entity’s history of previous violations.

Next steps

It is possible that the FIPVCC could be challenged on a variety of grounds or that the registration portal will not be operational by March 1, 2026.

For now, however, given the statute’s broad scope, investment firms with any California touchpoint should assess whether they or any affiliates fall within the FIPVCC’s definition of a covered entity. If so, they should begin developing internal processes for registration, founder outreach, survey administration, and data aggregation. When determining next steps, firms also should consider the potential applicability of privacy laws and other requirements related to sensitive personal information.