AI Laws in Connecticut (CT)
Connecticut has not enacted a comprehensive AI law — its high-risk AI bill (SB 2) passed the Senate but died in the House in 2024 and failed again in 2025. Narrow measures apply: a state-agency AI inventory, an automated-decision opt-out under the Connecticut Data Privacy Act, and (effective July 1, 2026) a duty to disclose when personal data is used to train large language models. Existing consumer-protection and anti-discrimination laws may also apply to AI.
What companies in Connecticut need to know about AI compliance
As of 2026-07-04, Connecticut has not enacted an AI-specific statute; the Connecticut Attorney General office defers to Connecticut Data Privacy Act (Conn. Gen. Stat. sec. 42-515 et seq.) with an automated-decision / profiling opt-out. Operators across sectors in Connecticut watch federal signals first.
The federal and neighboring-state framework that governs your AI operations. Cross-Sector operators in Connecticut operate under a federal-dominant framework anchored by FTC Section 5 (15 USC 45) and NIST AI RMF 1.0, with adjacent authorities Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679); Section 508 / ADA Title III (Digital Accessibility) (29 U.S.C. § 794(d); 42 U.S.C. § 12181). FTC Operation AI Comply (Sep 2024) targeted five companies across sectors. The practical risk they have to price in is cross-sector FTC Section 5 exposure and state UDAP liability, and the bellwether signal to monitor is NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents. No regional statute applies yet. Connecticut's comprehensive high-risk AI bill (SB 2) passed the Senate but died in the House in 2024 and failed again in 2025; narrow measures apply, including a state-agency AI inventory and, effective July 2026, LLM training-data disclosure (SB 1295). Use this as a starting point; sector pages on this site go deeper into industry-specific obligations.
Because Connecticut has no dedicated AI statute, regulatory obligations fall back to Connecticut Data Privacy Act (Conn. Gen. Stat. sec. 42-515 et seq.) with an automated-decision / profiling opt-out layered with federal sector-specific rules.
Federal law still governs Cross-Sector AI in Connecticut primarily through FTC Section 5 (15 USC 45) and NIST AI RMF 1.0. Adjacent federal authorities include Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (15 U.S.C. § 6801-6809; NIST CSF 2.0); General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679); Section 508 / ADA Title III (Digital Accessibility) (29 U.S.C. § 794(d); 42 U.S.C. § 12181). Gramm-Leach-Bliley Act (GLBA) / NIST Cybersecurity Framework (enforced by Federal Trade Commission; NIST) applies to saas platforms handling personal/financial data via ai must implement nist csf security standards: identify, protect, detect, respond, recover. Penalty exposure: ftc civil penalties up to $100,000/violation; private litigation for data breaches. FTC Operation AI Comply (Sep 2024) targeted five companies across sectors.
The enforcement surface for Cross-Sector centres on FTC, CFPB, State Attorneys General, and the statute operators most often under-document is General Data Protection Regulation (GDPR) (for EU users) (EU Regulation 2016/679) — a gap that surfaces in cross-sector FTC Section 5 exposure disputes. Build an evidence binder covering AI inventory, risk-tier register, incident-response runbook, and board-level AI risk report. Treat NIST AI RMF 1.0 (Jan 2023) is cited as the federal baseline across 30+ agency guidance documents as your leading indicator and escalate when the signal shifts.
Connecticut's immediate neighbors also lack AI-specific statutes, so operators defer primarily to federal frameworks until regional precedent emerges.
With 11-50 employees you can justify a half-time compliance lead and part-time external counsel on retainer. Small-stage Cross-Sector operators should deploy a named compliance lead, formal AI inventory, quarterly bias spot-checks, and a documented escalation path, with semi-annual internal audit with annual external review and ownership resting with a designated AI compliance lead reporting to the CEO. small-business budgets ($50K-$250K) justify a compliance lead plus a GRC tool such as Credo AI, Fairly, or Holistic AI. For Cross-Sector specifically, the sharpest exposure to manage is cross-sector FTC Section 5 exposure and state UDAP liability. Given Connecticut's concentration in insurance, financial services, and advanced manufacturing, insurance-underwriting models and automated employment-screening tools deserve priority in your AI inventory.
Verified 2026-07-04. See https://www.cga.ct.gov/asp/cgabillstatus/cgabillstatus.asp?selBillType=Bill&bill_num=SB00002&which_year=2024 for the Connecticut Attorney General public record on Connecticut AI policy.
No state AI law — but this federal framework still applies in Connecticut
Connecticut has not enacted its own AI-specific statute. That does not mean AI is unregulated here: the U.S. federal framework below is in force in Connecticut exactly as it is in every other state. Each authority links to its official government source. This is the cross-sector baseline — see the federal AI tracker for bills moving through Congress, and the industry pages below for sector-specific obligations.
Prohibits unfair or deceptive acts or practices in or affecting commerce. AI-generated marketing content that deceives consumers — synthetic testimonials, undisclosed AI-created imagery, deceptive personalization, dark patterns amplified by AI — is actionable under Section 5.
Applies the Uniform Guidelines on Employee Selection Procedures four-fifths rule to AI hiring tools. Employer is liable for discriminatory AI outputs even when the tool is built and operated by a third-party vendor.
AI hiring and performance monitoring systems must accommodate individuals with disabilities. Must not eliminate essential job functions or require unnecessary testing.
AI credit and background check systems used in rental decisions must be transparent and non-discriminatory.
Voluntary framework organizing AI risk into Govern, Map, Measure, and Manage functions. A manufacturing-focused profile is under development. Framework is referenced in federal-contractor expectations and in agency best-practice guidance.
Recent AI law developments in Connecticut
Updated July 11, 2026Recent news coverage of AI regulation and policy in Connecticut. Headlines are aggregated automatically; follow each link for the full story.
Coverage from insurancejournal.com on AI legislation and regulation relevant to Connecticut.
Coverage from mondaq.com on AI legislation and regulation relevant to Connecticut.
Coverage from govtech.com on AI legislation and regulation relevant to Connecticut.
Coverage from wshu.org on AI legislation and regulation relevant to Connecticut.
Coverage from nhregister.com on AI legislation and regulation relevant to Connecticut.
AI bills moving through the Connecticut legislature
Updated July 11, 2026AI-related bills currently tracked in the Connecticut legislature, updated automatically from Open States and the state legislature's own official record. Follow each link for the official bill text, sponsors, and status history.
SIGNED BY GOVERNOR
SIGNED BY GOVERNOR
SENATE CALENDAR NUMBER 557
FAV. RPT., TAB. FOR CAL., SEN.
TABLED FOR HOUSE CALENDAR
FILE NO. 339
HOUSE CALENDAR NUMBER 599
FAV. RPT., TAB. FOR CAL., SEN.
TABLED FOR HOUSE CALENDAR
FILE NO. 606
FILE NO. 538
REF. TO JOINT COMM. ON Judiciary
REF. TO JOINT COMM. ON Education
REF. TO JOINT COMM. ON Insurance and Real Estate
REF. TO JOINT COMM. ON Judiciary
REF. TO JOINT COMM. ON Insurance and Real Estate
REF. TO JOINT COMM. ON Energy and Technology
REF. TO JOINT COMM. ON Insurance and Real Estate
REF. TO JOINT COMM. ON Judiciary
REF. TO JOINT COMM. ON Labor and Public Employees
REF. TO JOINT COMM. ON Labor and Public Employees
Applicable laws
Connecticut AI compliance by industry
AI compliance by company size
Jump to top-risk sectors for your company size
Quick resources for Connecticut
Industry risk levels in Connecticut
Do you also serve EU customers?
The EU AI Act applies to any company serving EU customers, even if you're based in Connecticut. Penalties reach €35M or 7% of global revenue. Deadline: August 2, 2026.
Other states with active AI laws
Related resources
Anchored to the primary government source (statute, bill text, or agency rule) and verified directly against it · Last verified Jul 4, 2026. See our methodology.
- ↗cga.ct.govhttps://www.cga.ct.gov/asp/cgabillstatus/cgabillstatus.asp?selBillType=Bill&b…
- ↗cbia.comhttps://www.cbia.com/news/issues-policies/sweeping-artificial-intelligence-bi…
- ↗ai-law-center.orrick.comhttps://ai-law-center.orrick.com/connecticut/