Connecticut Public Act 25-113 (SB 1295) - CTDPA and profiling amendments
In effect since
Overview
Amends the Connecticut Data Privacy Act and related law. Expands applicability, strengthens minors and online safety duties, and adds consumer rights tied to profiling and consequential automated decisions. Signed June 24, 2025. Many duties take full effect January 1, 2026. Read the Public Act for section-by-section dates.
This is a privacy law with automated decision-making provisions.
Who this applies to
This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.
AI categories covered
- Consumer-facing AI
- Automated decision-making
- Algorithmic profiling
Specific AI use cases:
- Customer profiling and segmentation
- Credit scoring and risk assessment
What this requires you to do
Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
ADM impact assessment required
Conduct an ADM impact assessment. Evaluate how your automated decision-making affects consumers.
Profiling disclosure required
Disclose profiling activities. Inform consumers when you use their data for profiling purposes.
Transparency notice required
Provide transparency notices. Inform affected individuals that AI is being used and how it influences decisions.
Enforcement and penalties
Enforced by Connecticut AG. Civil penalties up to $5,000 per violation under applicable state privacy enforcement provisions.
Source
Read the full text
Always verify current language and amendments at the official source.
Other Connecticut regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.