Log in Sign up
← Global AI Risk & Regulation

Updated

Connecticut SB 5: Comprehensive AI Employment Regulation with Developer-Deployer Division of Labor

On May 11, 2026, the Connecticut General Assembly passed Senate Bill 5, a comprehensive online safety law with significant AI employment provisions. Governor Lamont is expected to sign it. The law combines elements from California's AI employment regulations and the EU AI Act, adopting a disclosure-focused approach with an innovative third-party verification pilot program.

Scope and Definitions

  • Covers Automated Employment-related Decision Technology (AEDT): any system that processes personal data and produces outputs (predictions, scores, rankings) that are a "substantial factor" in employment decisions (hiring, promotion, discipline, termination)
  • Expressly excludes spreadsheets, word processors, and tools used only for descriptive/statistical purposes
  • Likely read broadly to include GenAI if applied in ways causing discriminatory harm

Developer-Deployer Obligations Division

  • Primary compliance burden falls on deployers (employers using the technology)
  • Developers must provide deployers with sufficient information to enable compliance — but only where the technology is marketed/intended for employment decisions
  • No listing or categorization of what developers must produce, leaving open whether needed information will be available
  • Developers may contractually assume deployer notice and disclosure obligations

Key Requirements (effective October 1, 2026)

Real-Time Interaction Disclosure

Must inform employees/applicants in plain language when they are interacting with AEDT (unless obvious to a reasonable person).

Pre-Decision Notice

Before AEDT materially influences an employment decision, written notice must disclose:

  • The fact that AEDT is being used
  • Purpose and type of employment decision
  • Trade name of the system
  • Categories of personal data processed and how assessed
  • Sources of personal data
  • Deployer contact information
Evidence of Bias Testing

Use of AEDT is not a defense to discrimination claims. However, evidence of bias testing — including quality, recency, scope, results, and response to findings — "may be considered" by courts in determining liability. This aligns with California's FEHA approach.

Trade Secrets Safe Harbor

Neither developers nor deployers are required to disclose trade secrets; must only affirmatively notify that information is withheld on that basis.

Independent Verification Organizations Pilot (July 2027 – 2030)

  • Third-party entities approved by the Connecticut Department of Consumer Protection to assess whether AI systems meet risk mitigation and safety standards
  • Capped at five organizations, operating under state-supervised MOUs
  • Assessments do not create safe harbors, presumptions of compliance, or defenses in enforcement actions
  • Designed as a testbed for potential future AI auditing or certification regimes

Enforcement

  • Violations are unfair/deceptive trade practices under CUTPA
  • Enforceable exclusively by the Connecticut Attorney General (no private right of action)
  • Temporary cure period through December 31, 2027 at AG's discretion

Strategic Implications

The law stops short of mandating formal audits or certification, but its structure signals a regulatory trajectory toward formalized third-party validation of AI systems. Employers should begin building internal governance frameworks now — including use-case vetting, regular bias testing, and vendor diligence — to satisfy both current disclosure requirements and likely future independent review expectations.

Sources