Does Connecticut regulate AI?
Answer
Yes, but only state agencies — not private businesses. Connecticut's enacted AI law, SB-1103 / Public Act 23-16 (signed June 7, 2023, effective July 1, 2023), imposes oversight on state agency use of AI and automated decision-making: agencies must conduct impact assessments before deploying AI systems, publish a public AI inventory, and submit annual reports to the state legislature's joint consumer-protection committee. The law does not regulate private-sector AI use. Efforts to enact a comprehensive private-sector AI governance statute — Senator James Maroney's SB-2 (modeled on Colorado SB-24-205) — have been introduced and advanced in the Connecticut Senate in the 2024 and 2025 sessions, but SB-2 did not pass the House in either session. As of April 2026, Connecticut private-sector AI use is governed by generally-applicable federal and state laws (consumer protection, data privacy under the Connecticut Data Privacy Act, civil rights statutes, sector-specific rules) rather than a dedicated AI statute. Monitor successor bills in the 2026 and 2027 Connecticut legislative sessions.
Applicable Regulations
An Act Concerning Artificial Intelligence, Automated Decision-Making and Personal Data Privacy (Public Act 23-16)
Public Act 23-16 — the enacted form of Connecticut SB-1103 (2023 session). Signed by Governor Ned Lamont on June 7, 2023, making Connecticut among the first states to impose oversight on state agency use of AI. Government-only scope: does NOT directly regulate private-sector AI. Requires state agencies to complete impact assessments before deploying AI systems, publish a public AI inventory, and submit annual reports to the joint standing consumer-protection committee. Sections 1–3 effective July 1, 2023; Section 4 effective October 1, 2023; Section 5 effective upon passage.
Key Requirements
Full State Analysis
Where this lands operationally
Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.
Map This Workflow With Gridex
Use this research to identify the workflow, review points, and operating controls that would matter in your organization.
Map This Workflow With Gridex →Related Questions
- What are Connecticut's high-risk AI system requirements? Connecticut does not currently impose high-risk AI system requirements on private-sector businesses. Connecticut's enacted AI law — SB-1103 / Public Act 23-16 (signed June 7, 2023, effective July 1, 2023) — regulates state agencies only: it requires agencies to complete AI impact assessments before deployment, maintain publicly-accessible AI inventories (including vendor, purpose, start date, and the extent to which the system replaces human judgment), and submit annual reports to the Connecticut General Assembly's joint consumer-protection committee. Private-sector firms are not covered. Senator James Maroney has repeatedly introduced a comprehensive high-risk AI deployer bill (SB-2) in the 2024 and 2025 sessions — modeled on Colorado SB-24-205, with risk assessments, governance policies, and incident reporting — but SB-2 passed the Senate and died in the House both sessions. Until a successor bill is enacted, Connecticut businesses should look to federal rules, sector-specific guidance (e.g., for insurance or healthcare), and neighboring-state law (e.g., Colorado's AI Act, SB 26-189, whose obligations begin January 1, 2027, which uses a disclosure-and-notice model rather than a high-risk assessment framework) when designing AI governance programs.