Flag of the state Connecticut.

Key point: Connecticut’s new AI law adds to the growing complexity of state laws directed at commonly used automated employment decision tools.

On May 27, 2026, Connecticut Governor Ned Lamont signed SB 5 into law. Connecticut Senator James Maroney authored the bill, which covers several different areas involving the regulation of artificial intelligence (AI), including frontier models, chatbots, employment, and provenance. Lamont also signed into law a companion bill, SB 4, which amends Connecticut’s consumer data privacy law and establishes a data broker registration law. Altogether, the two bills significantly redefine the state’s privacy law and introduce requirements for the use of AI.

In the coming weeks, we will be posting articles analyzing several of the key aspects of these bills. In this first article, we analyze SB 5’s provisions as they relate to the use of automated employment decision technologies (AEDT).

AEDT Defined

As discussed further below, the law applies to employers’ use of AEDTs. The law defines AEDT as any technology that processes personal data and uses computation to generate an output, including any prediction, recommendation, classification, ranking, score, or other information, when that output is a substantial factor used to make or materially influence an employment-related decision.

The law defines “substantial factor” to mean a factor including constraints, rankings, scores, recommendations, or classifications, that meaningfully alters the outcome of an employment-related decision concerning a Connecticut resident. The law does not define “materially influence,” which is a term used in Colorado’s recently enacted AI law.

Employment-related decisions are significant decisions tied to employment opportunities and conditions. These include decisions to hire, promote, discipline or discharge individuals, to renew employment, and to select for training. The definition excludes decisions that result in only nonmaterial changes in job tasks, work responsibilities, hours or work assignments, and decisions made with respect to workplace health and safety, scheduling and planning, or productivity monitoring.

This broad definition of AEDT makes the law applicable to a variety of systems using this type of technology. However, there are express exclusions, including for word processing software, spreadsheets, map navigation, web hosting, domain registration, networking, caching, website loading, data storage, firewalls, anti-virus and anti-malware tools, spam and robocall filtering, spellchecking, calculators, databases, and similar technologies, so long as these tools do not themselves make or materially influence an employment-related decision. Systems or services that are used in a manner that is incidental to making an employment-related decision, and information that is purely descriptive, diagnostic, or statistical and that is not relied upon to make or materially influence a decision, are also excluded.

Connecticut’s employment AI law’s applicability standard draws inspiration from other state laws and regulations that regulate the use of AI in employment settings; however, the applicability standard does not directly track any of those other laws and regulations. We have created a chart that shows the various applicability standards of these laws and regulations. Ultimately, businesses using AI in employment-related settings such as hiring, firing, promotion, or compensation will need to navigate this increasingly complex maze of laws to ensure compliance.

Developer Obligations

Developers of AEDT that are deployed in Connecticut on or after October 1, 2027, must provide deployers, those who deploy AEDT, with all information the deployer requires to perform its duties. This means that developers will need to furnish sufficient information about how their tools function, the data they use, the types of outputs they generate and how those outputs may influence employment-related decisions, so that deployers can satisfy their disclosure and notice obligations to job applicants and employees.

However, the law limits this obligation to circumstances where the AEDT was advertised, marketed, configured, contracted for, sold, or licensed to be used to materially influence an employment-related decision. This limitation is particularly relevant for vendors that offer multipurpose tools that customers might choose to apply in employment contexts without the vendor’s active marketing or configuration for that purpose.

Deployer Obligations

Deployers/employers that deploy AEDT on or after October 1, 2027, whether purchased from a vendor or designed in-house, must comply with certain requirements implemented to impose transparency and fairness.

Disclosures When Employees and Applicants Interact With AEDT

Deployers/employers that use AEDT intended to interact with a job applicant or an employee must disclose in plain language to the job applicant or employee that they are interacting with AEDT, unless a reasonable person would deem it obvious that they are interacting with AEDT. Note that this disclosure requirement applies regardless of whether the AEDT is used to make, or is a substantial factor in making, an employment-related decision.

Disclosures When AEDT Is Used to Make or Is a Substantial Factor in Making, an Employment-Related Decision

Deployers/employers that use AEDT to generate an output for the purpose of making, or as a substantial factor in making, an employment-related decision concerning a job applicant or an employee, beginning October 1, 2027, must provide a written notice to the individual before the employment-related decision is made. This timing requirement ensures that individuals receive information about the use of AEDT while they can still respond or seek additional clarification, rather than learning about it only after a decision has been made.

Written notice must disclose (i) that the deployer/employer has deployed AEDT; (ii) the purpose of the technology and the nature of the employment-related decision at issue, such as whether the tool is being used in hiring; (iii) the trade name of the AEDT; (iv) the categories of personal data concerning the employee or applicant that the technology will analyze or process and how that personal data will be assessed in reaching a decision; (v) the sources of the personal data being used; and (vi) contact information for the employer.

The two disclosure obligations can be allocated by a contract between the developer and the deployer/employer that clearly allows developers to assume some or all of the responsibility for generating or delivering the required notices. However, deployers/employers remain ultimately responsible for ensuring that individuals receive timely and complete information before outputs are used as substantial factors in employment-related decisions.

Developers and deployers are not required to disclose any information that is a trade secret or that is otherwise protected from disclosure under state or federal law. However, where a developer or deployer withholds this information, they must send a notice to the individual or entity from whom the information is being withheld. The notice must disclose that the deployer or employer is withholding the information, and explain the basis for the decision to withhold the information.

Companies that use AEDT and have employees or job applicants in California, Colorado, Illinois, or New York City will need to look closely at the relevant laws in those states to determine whether they also are required to provide notices under those laws. Further, Connecticut’s law only requires notice. It does not create substantive rights (e.g., the right to opt-out or appeal) as exist under other laws.

Enforcement, Cure Period, and No Private Right of Action

Violations of developer and deployer obligations will be deemed an unfair or deceptive trade practice. Violations will be enforced solely by the Connecticut attorney general (AG), and there is no private right of action.

Prior to initiating a violation that occurs on or before December 31, 2027, the AG may issue a notice of violation if the AG determines that the violation is capable of being cured. If the recipient fails to cure the violation within 60 days of receiving the notice, the AG may then bring an action. This opportunity to cure is time-limited and applies only to violations within the specified period, as it is not a permanent safe harbor. Not all violations will receive a cure notice.

Discrimination Mitigation

The law integrates AEDT into Connecticut’s anti-discrimination statute by providing that the use of AEDT shall not be a defense against a complaint alleging a discriminatory practice. Employers cannot avoid liability by asserting that AEDT made or materially influenced the employer’s decision. Additionally, evidence of anti-bias testing or similar proactive efforts to avoid discriminatory practices, the results of the testing or efforts, and the response to those results may be considered. This signals that while proactive testing and mitigation of bias in AEDT are encouraged, employers cannot simply shift responsibility for discriminatory outcomes onto AEDT. Employers should consider whether their contracts with developers adequately protect them against potential discrimination claims from the use of a developer’s AEDT.

Next Steps:

  • Assess whether AEDT is used and determine whether these tools and their uses fall under the scope of the law.
  • Employers should review and potentially amend AEDT contracts with developers.
  • Begin preparing written notices that are compliant with the law in advance of the October 1, 2027, deadline.
  • Consider whether to conduct anti-bias testing for AEDT.