Note: Authored by R.A.Parks with significant research assistance from Claude Opus 4.7. Claude reviewed the bill text, the OLR Bill Analyses, and the Connecticut Hospital Association testimony record, and helped synthesize the federal-policy context.
The Connecticut General Assembly passed Senate Bill 5 on May 1 โ the AI Responsibility and Transparency Act โ 131-17 in the House after a 32-4 Senate vote on April 21. Governor Lamont said he plans to sign. The lead sponsor is State Senator James Maroney (D-Milford). His 14th District covers Milford, Orange, and parts of West Haven and Woodbridge. I live in Milford. I’ve spoken with Senator Maroney before. I think he’s serious about this subject in a way most state legislators aren’t, which is not the same as agreeing with every bill he sponsors. This one earned a careful read.
It’s the most comprehensive state AI law in the country at the moment, and most of it does not apply to most Connecticut employers. Both can be true.
What the law actually requires
The bill breaks into four chunks with different obligations and effective dates.
Employment AI. From October 1, 2026, employers using AI in hiring, promotion, discipline, or termination must comply with disclosure rules. By October 1, 2027, they have to tell applicants and employees they are interacting with the system, identify its purpose and the data categories it uses, and provide pre-decision notice. The bill also amends Connecticut’s anti-discrimination statutes to make clear that AI use is not a defense against a discrimination claim. The Attorney General has exclusive enforcement authority โ no private right of action, with a 60-day cure period through the end of 2027.
Frontier models. Developers training models on more than 10ยฒโถ computing operations have whistleblower-protection obligations. By January 1, 2027, large frontier developers โ defined as those above $500M in revenue โ must establish anonymous internal reporting for employees raising “catastrophic risk” concerns. Catastrophic risk is defined as injury or death to 50 or more people, or $1 billion or more in property damage, from CBRN assistance, autonomous cyberattacks, or autonomous criminal conduct. The threshold is high enough that no Connecticut-domiciled company triggers it.
Embedded metadata (ยง 15). Generative AI providers with more than one million monthly users must embed C2PA-standard provenance metadata in any AI-generated or materially-modified audio, image, or video output, using methods that resist tampering. The bill explicitly excludes business-to-business uses, video-game and interactive-experience platforms, and any system used solely for upscaling, noise reduction, or compression.
AI Companions and a sandbox. Operators of natural-language AI systems that sustain a user relationship must give clear non-human notice, run protocols to detect self-harm and suicide risk, and meet enhanced standards for minors. The bill explicitly excludes AI used for clinical support, medication-adherence reminders, disease-management guidance, and other treatment-support functions, as long as the system does not present itself as human or attempt to meet emotional needs. Effective January 1, 2027. The bill also creates a Utah-style regulatory sandbox for AI testing.
Who carries the burden
This is what most coverage skips. The biggest compliance burden falls on deployers โ employers in Connecticut using AI for hiring or personnel decisions โ not on the foundation model companies that build the models. A mid-size Connecticut business using an AI screening vendor handles the disclosure and notice itself. The vendor must provide the information needed to comply, but the contract can reallocate those duties as long as the allocation is explicit.
The frontier-developer obligations are real but narrowly targeted. Some may be concerned that fifty different state laws will harm US AI competitiveness against China, but SB 5 is not where it lands hardest. The harder version of that argument is the Colorado AI Act layered on top of CT SB 5 layered on top of whatever Texas and California pass, applied to the same multi-state employer running one hiring process. That is the cost the federal preemption push is trying to address.
The federal collision course
President Trump signed an executive order on December 11, 2025 โ “Ensuring a National Policy Framework for Artificial Intelligence” โ directing the Attorney General to stand up an AI Litigation Task Force whose job is to challenge state AI laws in court. The order also threatens conditional federal funding for states with “onerous” AI laws, with carve-outs for child safety, AI compute and data center infrastructure, and state procurement.
SB 5 was passed knowing this. State laws remain enforceable until a court says otherwise; the executive order cannot preempt anything by its own force. Connecticut’s bet is that SB 5 survives a challenge, partly because it does not try to regulate model training directly.
The wrinkle is that the same administration moved in the opposite direction this week. The Center for AI Standards and Innovation announced agreements with Google DeepMind, Microsoft, and xAI to evaluate new AI models before public release โ the kind of pre-deployment review the White House spent its first year opposing. The pivot is attributed to Anthropic’s Claude Mythos Preview, the model that found 271 Firefox bugs from inside Project Glasswing this week. There is an obvious tension between an AI Litigation Task Force that exists to strike down state-level safety rules and a White House now negotiating its own pre-deployment safety reviews. Where this lands matters for SB 5 more than the bill text itself.
Where the healthcare carve-outs landed
The Connecticut Hospital Association testified in March against two provisions in the earlier version of SB 5 that would have hit healthcare AI hard. The first was a “synthetic digital content” section the CHA argued was broad enough to catch AI-drafted clinical reports and AI-reconstructed radiology images. The second was a section that would have routed Connie health-information-exchange patient data into AI research pilots without sufficient privacy controls. CHA asked for a one-line healthcare exemption on the synthetic-content section and for the Connie section to be deleted unless stakeholders convened first.
Senate Amendment “A,” adopted April 21, addressed both. The Connie provision was deleted entirely. The synthetic-digital-content section was replaced with the narrower Embedded Metadata provision (ยง 15) summarized above โ the one-million-monthly-user threshold and the explicit exclusion for systems “used solely for upscaling, noise reduction, or compression” cover most clinical AI image-handling, and the business-to-business exclusion covers most vendor-installed clinical AI. And the AI Companion section gained an explicit carve-out for clinical support, medication-adherence reminders, and disease-management guidance, on the condition that the system does not present itself as human or attempt to meet emotional needs.
The healthcare-IT carve-outs the CHA asked for in March largely arrived in late April. Not as a single “legitimate medical or healthcare-related purpose” clause, but as targeted exclusions and an outright deletion. Worth recognizing as a worked example of how testimony at a March hearing can move state legislation that passes in May.
My take
I’m pro-AI. I’ve watched it produce real efficiency gains in technical work โ code generation, log analysis, documentation. Where human judgment and feedback still carry the load, it is much less of an accelerant. Both things stay true.
The case against state AI laws is strongest when you imagine fifty different sets of rules applied to the same deployer; it is weaker when most developer-side obligations fall on a handful of frontier companies that already have the legal teams. SB 5 on the developer side is mostly whistleblower protection plus a narrow embedded-metadata duty for the few providers above one million monthly users. On the deployer side, where Connecticut employers actually live, the law is procedural โ notice and disclosure, not prohibition. None of it prevents using AI in hiring; it makes the use legible. I don’t love additional disclosure requirements, but I recognize that proper attribution is a legitimate need โ and I’ll comply. October 1 is when the first effective dates land.
Sources
- CT Mirror - Connecticut passes AI regulations after years in development
- Hartford Business Journal - Connecticut passes AI regulations
- Shipman & Goodwin - CT AI Responsibility and Transparency Act: Key Impacts on the Workplace
- Freshfields - Connecticut Poised to Enact One of the Nation’s Most Comprehensive AI Laws
- Connecticut Hospital Association - SB 5 testimony
- CT General Assembly - SB 5 bill status, text, amendments, and Bill Analyses
- OLR Bill Analysis - sSB 5 (File 338, as amended by Senate “A”)
- White House - Ensuring a National Policy Framework for Artificial Intelligence (EO, Dec 11, 2025)
- CNBC - Trump admin moves further into AI oversight, will test Google, Microsoft and xAI models
- Connecticut Senate Democrats - James Maroney bio