Connecticut's New AI Employment Law: What Business Leaders Need to Know
On May 27, 2026, Connecticut enacted the Connecticut Artificial Intelligence Responsibility and Transparency Act (SB 5), one of the most comprehensive state AI laws to date. The law covers frontier models, chatbots, employment, and provenance. It passed with strong bipartisan support (131-17 in the House, 32-4 in the Senate), signaling broad consensus on the need for AI regulation.
This article focuses on SB 5's provisions governing automated employment decision technologies (AEDT) and explains why these provisions matter as a signal of broader regulatory trends. Connecticut joins Illinois, Colorado, California, New York City, and Texas in regulating AI in the workplace. For multi-state employers, understanding the common themes, and important divergences, is critical for building scalable compliance programs.
Key Provisions of Connecticut’s AEDT Framework
What Counts as AEDTConnecticut defines AEDT as any technology that processes personal data and uses computation to generate outputs, including predictions, recommendations, classifications, rankings, or scores, when that output is a "substantial factor" in employment decisions. A factor is “substantial” if it "meaningfully alters" the outcome of an employment decision concerning a Connecticut resident. Covered employment decisions include hiring, promotion, discipline, discharge, employment renewal, and training selection. The law excludes decisions involving minor changes in tasks, hours, or assignments, as well as workplace health and safety, scheduling, and productivity monitoring.
The law also carves out general-purpose technologies, including word processors, spreadsheets, calculators, databases, firewalls, anti-virus software, and spam filters, so long as they do not themselves influence employment decisions. Systems that use only incidentally and purely descriptive or statistical information are likewise excluded.
Developer and Deployer Obligations
Connecticut divides compliance responsibilities between developers (vendors who build or license AI tools) and deployers (employers who use them), a structural approach also used by Colorado.
Effective October 1, 2027, developers must provide deployers with all information needed for compliance, but only when the AEDT was marketed, sold, or licensed for use in employment decisions.
Deployers face more extensive obligations. Beginning October 1, 2027, deployers using AEDT that interacts with job applicants or employees must disclose, in plain language, that the individual is interacting with AEDT (unless obvious). When AEDT is a substantial factor in an employment decision, deployers must provide written notice before the decision is made, disclosing: (i) that AEDT has been deployed; (ii) the technology’s purpose and the nature of the decision; (iii) the product’s trade name; (iv) categories of personal data to be analyzed; (v) data sources; and (vi) employer contact information. Neither developers nor deployers must disclose trade secrets, but they must notify individuals when information is being withheld and explain why.
Discrimination and Liability
In one of the law's most significant provisions, SB 5 makes clear that using AEDT is not a defense to a discrimination claim. Employers cannot avoid liability by pointing to an automated system as the decision-maker. Courts and the Connecticut Commission on Human Rights and Opportunities may, however, consider evidence of anti-bias testing as a mitigating factor, though such testing does not create a safe harbor.
Enforcement
Violations constitute unfair or deceptive trade practices under the Connecticut Unfair Trade Practices Act (CUTPA). The Attorney General has exclusive enforcement authority; there is no private right of action. Through December 31, 2027, the AG may issue a 60-day cure notice before initiating litigation, providing businesses a grace period to remediate violations.
Emerging Themes Across State AI Laws
Connecticut's law reflects regulatory themes rapidly gaining traction nationwide. As of early 2026, more than 1,500 AI-related bills have been introduced across 45 states. For employers, compliance strategies can no longer be state-by-state afterthoughts; they must be built into enterprise-wide AI governance.
Theme 1: Developer-Deployer FrameworkConnecticut and Colorado both structure their laws around the developer-deployer distinction, allocating responsibilities between vendors and end-users. Colorado's SB 189 requires developers to provide information about intended uses, known limitations, training data categories, and human review instructions. Connecticut's approach is similar but less prescriptive, requiring developers to furnish "all information the deployer requires" without specifying exact categories.
For employers, this means vendor contracts will increasingly need to address information-sharing obligations, and vendors will face pressure to provide compliance documentation as a standard offering.
Theme 2: Pre-Decision TransparencyPre-decision notice is a core requirement across state AI employment laws. Connecticut requires written notice disclosing the technology's purpose, trade name, data categories, and data sources. Illinois's HB 3773 (effective January 1, 2026) mandates disclosure of the AI product's name, developer, data collected, affected positions, and contact information. Colorado requires both pre-use notice and a post-adverse-outcome disclosure within 30 days. California requires advance notice explaining the system's purpose, scope, and potential impacts, plus notification of opt-out rights. New York City's Local Law 144 requires notice about the AEDT's use and the qualifications and data the tool relies on.The bottom line: transparency is becoming a non-negotiable baseline. Employers should build notice-delivery mechanisms into HR workflows now, rather than waiting for each state's effective date.
Theme 3: AI Is Not a Shield Against Discrimination ClaimsConnecticut expressly codifies that AEDT use is not a defense to discrimination claims, among the strongest statements of this principle in any state law. Illinois's HB 3773 makes it a civil rights violation for AI to result in discrimination, even unintentionally. California’s Fair Employment and Housing Act (FEHA) amendments elevate anti-bias testing as central evidence in discrimination investigations. Colorado’s SB 189 states that developers and deployers “may be held liable” for discrimination arising from a covered ADMT.
The message is clear: employers cannot outsource responsibility for discriminatory outcomes to an algorithm. Proactive anti-bias testing is universally encouraged but does not constitute a defense or safe harbor.
Theme 4: Employment-Specific vs. Cross-Sector ScopeConnecticut's employment provisions are narrowly scoped to employment decisions. By contrast, Colorado's SB 189 covers "consequential decisions" across seven domains, including education, housing, financial services, insurance, health care, government services, and employment. California's ADMT regulations similarly extend to any "significant decision" affecting consumers.
While Connecticut employers may focus compliance on the employment lifecycle, companies operating in Colorado or California must address AI-assisted decisions across the enterprise.
Theme 5: Audit Requirements, or Their AbsenceConnecticut does not require bias audits or impact assessments, focusing instead on disclosure and notice, a "heads-up, not an audit" approach. This distinguishes it from New York City's Local Law 144, which requires annual independent bias audits with publicly available summaries. Colorado's original AI Act required impact assessments, but the replacement law (SB 189) removed those requirements in favor of disclosure. Illinois does not require formal bias audits, though draft regulations suggest active enforcement of notice and recordkeeping.
The trend favors disclosure-first models. However, the absence of a legal mandate does not mean bias testing is unnecessary; multiple states treat evidence of proactive testing favorably in discrimination proceedings.
Theme 6: Attorney General-Only Enforcement, No Private Right of ActionConnecticut, Colorado, and Illinois all channel enforcement through the state attorney general (AG) rather than creating a private right of action. Both Connecticut and Colorado provide a 60-day cure period for early violations, signaling a graduated enforcement posture during initial compliance periods. New York City's Local Law 144 is an outlier, carrying civil penalties of $500 to $1,000 per violation. The dominance of AG-only enforcement in newer laws may reflect lessons about the chilling effects of private litigation on AI innovation.
The Compliance Landscape: A Patchwork Without Federal PreemptionWithout a comprehensive federal AI law, employers must navigate an increasingly complex web of state and local requirements. While President Trump's December 2025 Executive Order 14365 criticized state AI laws and directed the Department of Justice to challenge inconsistent measures, executive orders do not override state law. Until Congress acts, state regulations remain enforceable, and states continue to expand the regulatory perimeter.
The practical advice is straightforward: employers operating across multiple states should comply with the "highest common factor" when establishing AI disclosure, notice, risk-assessment, and record-retention processes. Building governance structures to meet the strictest applicable standard, rather than the lowest, positions organizations to adapt as additional states enact legislation.
Action Steps for EmployersGiven Connecticut's law and the broader regulatory trajectory, employers using AI in employment settings should consider the following:
Inventory AI tools. Conduct a comprehensive inventory of all AI tools used across the employment lifecycle, including recruiting, screening, performance evaluation, promotion, and separation. Assess which tools produce outputs that could be deemed a "substantial factor" in employment decisions.
Build notice processes. Design and implement standardized notice and disclosure processes. Connecticut's October 1, 2027 deployer obligations provide a clear benchmark that, with modest customization, may also satisfy requirements in Illinois, California, and Colorado.
Strengthen vendor contracts. Require vendors to deliver compliance-supporting information. Both Connecticut and Colorado impose developer obligations that will flow through vendor relationships. Implement anti-bias testing. Institute proactive anti-bias testing and maintain thorough documentation of methodologies, results, and remediation efforts. While not legally mandated everywhere, evidence of good-faith testing may serve as a mitigating factor in discrimination proceedings in Connecticut, California, and Illinois.
Monitor the evolving landscape. With over 1,500 AI-related bills introduced across 45 states in 2026 alone, the regulatory environment will continue to evolve rapidly.
ConclusionConnecticut's SB 5 is both significant in its own right and a reliable indicator of where state AI regulation is heading. Its emphasis on transparency, developer-deployer framework, refusal to allow AI as a shield against discrimination, and AG-only enforcement model are all themes recurring across state AI employment laws. The regulatory floor is rising, the direction is consistent, and the time to build scalable AI governance frameworks is now.
|
.png?upscale=true&width=1200&upscale=true&name=HubSpot%20Banners%20(14).png)
%20(6).png?upscale=true&width=1200&upscale=true&name=Hubspot%20Headers%20(600%20x%20100%20px)%20(6).png)
.png?upscale=true&width=240&upscale=true&name=HubSpot%20-%20Digital%20Risk%20Report%20Images%20(3).png)
%20(8).png?upscale=true&width=1200&upscale=true&name=Hubspot%20Headers%20(600%20x%20100%20px)%20(8).png)
