At a Glance
- The Connecticut Artificial Intelligence Responsibility and Transparency Act targets high-risk and employment-related systems and is scheduled to take effect starting October 1, 2026.
- Companies must implement governance programs, risk assessments, and clear disclosures — not just legal review.
On May 27, 2026, Connecticut Governor Ned Lamont signed Public Act No. 26-15/SB 5, an Act Concerning Online Safety (the Act). The Act, passed by the Connecticut legislature on May 1, 2026, addresses AI across a broad range of domains, including frontier model whistleblower protections, employment-related AI tools, AI companions, generative AI content provenance, and a regulatory sandbox. Companies developing, deploying, or using AI technologies in connection with Connecticut businesses and residents should begin assessing their compliance obligations now, as certain provisions take effect as early as October 1, 2026, with others phasing in through October 1, 2027.
AI-Related Provisions Taking Effect in 2026
AI Subscription Disclosures (Effective October 1, 2026)
Subscription-based AI providers must furnish consumers with written pre-contract disclosures of key terms, including usage limitations and any discretion to reduce functionality. Consumers must provide written acceptance before the provider may collect fees. Renewal disclosures are required for any new limitations.
Frontier Model Developers: Whistleblower Protections (Effective October 1, 2026)
The Act protects employees of “frontier developers” — persons doing business in Connecticut who train foundation models using at least 10^26 operations — from retaliation for reporting catastrophic risks, defined as foreseeable risks of death or serious injury to 50+ individuals or $1 billion+ in property damage linked to CBRN weapons or autonomous cyberattacks. Large frontier developers (annual gross revenue exceeding $500 million) must establish anonymous internal reporting processes by January 1, 2027. Violations carry civil penalties of up to $1,000 per violation, enforceable by the attorney general.
WARN Act Disclosure (Effective October 1, 2026)
Employers filing WARN Act notices must disclose whether layoffs are related to AI or other technological changes.
AI-Related Provisions Taking Effect in 2027
AI Companions (Effective January 1, 2027)
The Act defines “artificial intelligence companion” as any form of AI with a natural language interface that provides adaptive, human-like responses and can sustain a relationship across multiple interactions. The definition includes significant carve-outs for purely operational business chatbots not marketed as companions, video game chatbots limited to game topics, standalone smart speakers that do not sustain relationships, narrowly tailored educational tools, health-care-only AI systems that do not present as human or meeting social/emotional needs, narrow task-specific tools, and developers who do not solely control the deployment context or user interface. Operators must implement protocols to detect expressions of suicide, self-harm, or imminent violence and refer users to mental health resources. Operators must also disclose the AI’s nonhuman nature where a reasonable person could be misled. Heightened protections apply to users under 18, including prohibitions on encouraging self-harm, offering unauthorized mental health services, sexually explicit interactions, and manipulative engagement techniques. The attorney general enforces these protections under the Connecticut Unfair Trade Practices Act (CUTPA).
Automated Employment Decision Technologies (Effective October 1, 2027)
The Act regulates any technology that processes personal data and produces an output — such as a score, rank, or recommendation — that is a substantial factor in employment-related decisions, encompassing hiring platforms, resume screeners, assessment tools, scheduling algorithms, and performance analytics. Deployers must provide pre-decision written notice identifying the tool, its purpose, data categories, and assessment methodology. The Act amends the Connecticut Fair Employment Practices Act to clarify that use of such technology is not a defense to a discrimination complaint; however, courts and the Connecticut Commission on Human Rights and Opportunities may consider evidence of anti-bias testing as a mitigating factor, evaluating “the quality, efficacy, recency and scope of such testing or efforts, the results of such testing or efforts and the response thereto.” This is not a safe harbor, but employers who document rigorous bias-testing methodologies and corrective actions will be better positioned in enforcement proceedings.
Generative AI Provenance and Watermarking (Effective October 1, 2027)
Generative AI systems with over one million monthly users must embed provenance data in AI-generated or materially altered audio, image, or video content, using commercially reasonable methods including standards established by the Coalition for Content Provenance and Authenticity. Exemptions apply to B2B use, video game and interactive experience platforms, and systems used solely for upscaling, noise reduction, or compression.
Enforcement, Affirmative Defenses, and Bias Testing
The attorney general has exclusive enforcement authority under CUTPA for most provisions and does not create any new private rights of action. Furthermore, the Act clarifies that a private right of action, including under CUTPA, does not apply for violations related to (i) AI subscription disclosures (Section 1), (ii) AI companion safety protocols and disclosure for users 18 years of age or older (Section 5), (iii) automated employment-related decision technology (Section 8-11), and (iv) generative AI provenance data (Section 15).
The Act establishes a mandatory cure period from October 1, 2026, through September 30, 2027; thereafter, cure opportunities are discretionary. The Act creates a rebuttable presumption that a developer, integrator, or deployer used reasonable care if it complied with the Act’s requirements. An affirmative defense is available where the entity discovered the violation through red-teaming, cured it within 60 days with notice to the attorney general, and complied with the NIST AI Risk Management Framework, ISO/IEC 42001, or an equivalent framework. Notably, the definition of “algorithmic discrimination” expressly excludes systems used solely for bias testing, compliance testing, or efforts to expand applicant pools to increase diversity — ensuring that proactive testing efforts do not themselves create liability.
Key Takeaways
Connecticut’s new AI law places the state among the most aggressively regulated jurisdictions for AI in the United States. Companies should promptly inventory AI systems that may qualify as high-risk or as automated employment decision technologies; review vendor and integrator contracts for compliance with the Act’s allocation requirements; build disclosure and notice frameworks in advance of the October 1, 2026, effective date; audit chatbot and companion products for compliance with the January 1, 2027, obligations; and document bias-testing methodologies, results, and corrective actions to position favorably under the Act’s anti-bias testing framework.
