Privacy & Cybersecurity Law Blog

On May 27, 2026, Connecticut enacted a comprehensive state artificial intelligence law, Substitute Senate Bill No. 5 (Public Act No. 26-15) (the “Act”), establishing several regulatory frameworks that address companion chatbots, frontier model governance, and AI use in employment decisions, among other topics. The effective dates are staggered beginning in October 2026. Key provisions of the Act are described below.

AI Companion Safeguards

Operators must implement protocols to detect and respond to user expressions of self-harm, prevent outputs that encourage harm, and avoid anthropomorphic deception. Operators of AI companions that could reasonably be mistaken for human users must clearly disclose that the user is interacting with AI. This disclosure must be either continuously visible throughout the interaction or provided at defined intervals: at the start of the first interaction during any twenty-four hour period and, during a continuous interaction, at least hourly for minors and every three hours for adults.

The Act also requires operators to implement additional safeguards for users the operator knows or has reason to believe are minors, including preventing certain types of interactions with the AI companion and providing minor users and their parents or legal guardians tools to manage the minor users’ screen time and account settings.

Frontier Model Governance

The Act defines “frontier developer” using a compute-based threshold broadly similar to California’s and covers persons who train or intend to train foundation models using computing power greater than 10^26 integer or floating-point operations. Unlike California’s law, the compute-based threshold is included in the definition of “frontier developer” rather than in a standalone definition of a “frontier model.”

The Act distinguishes between “frontier developers” and “large frontier developers,” imposing baseline whistleblower protections on all frontier developers while reserving more robust governance obligations for large frontier developers (defined as those with more than $500 million in annual gross revenue).

Specifically, all frontier developers are prohibited from retaliating against employees who report risks associated with catastrophic outcomes and must provide clear notice of employee rights under the statute. Large frontier developers must establish formal internal reporting systems by January 1, 2027, including anonymous reporting channels for covered employees, obligations to provide updates on investigations and mitigation actions, and quarterly reporting of such matters to officers and directors.

AI in Employment Decisions

The Act requires employers to disclose when employers or applicants are interacting with automated employment-related decision technologies, unless that fact would be obvious to the reasonable person. In addition, before any such technology may be used to generate any output for the purpose of making (or as a substantial factor in making) an employment-related decision concerning an employee or applicant, employers must provide the employee or applicant with a notice that lets the employee or applicant know that the employer has deployed such technology and includes information about the technology, including the technology’s name and purpose, the nature of the decision, the categories of personal data the technology will process, how such data will be assessed in reaching a decision, the sources of such data, and the employer’s contact information.

Generative AI Provenance

Covered providers (defined as any person who produces a generative AI system with more than 1 million users per month that is publicly accessible to consumers for personal use) must, where commercially and technically feasible, embed metadata or similar signals to allow users to identify AI-generated or materially altered content.

Disclosures for AI Subscriptions

Subscription-based providers are prohibited from entering into or renewing subscriptions for AI technology without first providing consumers with written notice disclosing the key terms and conditions of the subscription and receiving written notice from the consumer that such consumer has accepted the key terms and conditions of the subscription.

Regulatory Sandbox Program and Enforcement

The Act directs the Connecticut Commissioner of Economic and Community Development to develop a plan to establish an AI regulatory sandbox program to allow testing of innovative products or services on a limited basis under reduced regulatory and other legal requirements under Connecticut law.

Enforcement authority rests primarily with the Connecticut Attorney General.