Laws & Statutes CT CT-SB-1103
SB-1103
CT · State · USA
CT
USA
● Enacted
Effective Date
2023-07-01
Connecticut Substitute Senate Bill No. 1103 — An Act Concerning Artificial Intelligence, Automated Decision-Making and Personal Data Privacy (Public Act No. 23-16)
Requires Connecticut state agencies (executive branch and Judicial Department) to inventory all AI systems in use, publish those inventories publicly, conduct pre-implementation impact assessments to ensure AI systems do not result in unlawful discrimination or disparate impact, and perform ongoing bias assessments. The Office of Policy and Management must develop and publish AI governance policies for executive agencies; the Judicial Department must do the same independently. Beginning October 1, 2023, state contracting agencies must include CTDPA (§§ 42-515 to 42-525) compliance provisions in all new contracts. The Act also established a temporary legislative working group (now terminated) to recommend best practices for government AI use and potential private-sector regulation. No private right of action or monetary penalties are specified; compliance is enforced through internal governmental processes.
Mapped Requirements
PS-01 Government AI Accountability H-02 Non-Discrimination & Bias Assessment
Official Sources
Full Text
Entry Last Reviewed
2026-03-28
AI generated
Summary

Requires Connecticut state agencies (executive branch and Judicial Department) to inventory all AI systems in use, publish those inventories publicly, conduct pre-implementation impact assessments to ensure AI systems do not result in unlawful discrimination or disparate impact, and perform ongoing bias assessments. The Office of Policy and Management must develop and publish AI governance policies for executive agencies; the Judicial Department must do the same independently. Beginning October 1, 2023, state contracting agencies must include CTDPA (§§ 42-515 to 42-525) compliance provisions in all new contracts. The Act also established a temporary legislative working group (now terminated) to recommend best practices for government AI use and potential private-sector regulation. No private right of action or monetary penalties are specified; compliance is enforced through internal governmental processes.

Enforcement & Penalties
Enforcement Authority
No private right of action. Enforcement is through the internal governmental chain of command: the Department of Administrative Services conducts inventories and ongoing assessments for executive branch state agencies; the Office of Policy and Management develops and publishes governing policies and procedures; the Judicial Department self-governs its own AI systems under the authority of the Chief Court Administrator. No external enforcement mechanism, complaint process, or penalty provision is specified. Section 4 creates a state contracting requirement enforced through procurement processes by state contracting agencies.
Penalties
No penalties, damages, or monetary remedies are specified in the Act. Enforcement is entirely through internal governmental compliance mechanisms and procurement contract requirements.
Who Is Covered
"State agency" has the same meaning as provided in section 4d-1 of the general statutes.
The Judicial Department.
"State contracting agency" has the same meaning as provided in section 4e-1 of the general statutes.
A "business" entering into a contract with a state contracting agency, where "business" has the same meaning as provided in section 4e-1 of the general statutes.
What Is Covered
Systems that employ artificial intelligence and are in use by any state agency, where "artificial intelligence" means (A) an artificial system that (i) performs tasks under varying and unpredictable circumstances without significant human oversight or can learn from experience and improve such performance when exposed to data sets, (ii) is developed in any context, including, but not limited to, software or physical hardware, and solves tasks requiring human-like perception, cognition, planning, learning, communication or physical action, or (iii) is designed to (I) think or act like a human, including, but not limited to, a cognitive architecture or neural network, or (II) act rationally, including, but not limited to, an intelligent software agent or embodied robot that achieves goals using perception, planning, reasoning, learning, communication, decision-making or action, or (B) a set of techniques, including, but not limited to, machine learning, that is designed to approximate a cognitive task.
Compliance Obligations 8 obligations · click obligation ID to open requirement page
PS-01 Government AI Accountability · PS-01.1PS-01.3 · Government System
Section 1(b)(1)-(2)
Plain Language
The Department of Administrative Services must conduct and publicly publish an annual inventory of all AI systems used by any Connecticut state agency. The inventory must cover each system's name, vendor, capabilities, whether it was used to make or support decisions, and whether it underwent a pre-implementation impact assessment. The first inventory was due by December 31, 2023, and must recur annually. Publication must be on the state's open data portal, ensuring machine-readable public access. This is one of the earliest state-level government AI inventory mandates —.
Statutory Text
(b) (1) Not later than December 31, 2023, and annually thereafter, the Department of Administrative Services shall conduct an inventory of all systems that employ artificial intelligence and are in use by any state agency. Each such inventory shall include at least the following information for each such system: (A) The name of such system and the vendor, if any, that provided such system; (B) A description of the general capabilities and uses of such system; (C) Whether such system was used to independently make, inform or materially support a conclusion, decision or judgment; and (D) Whether such system underwent an impact assessment prior to implementation. (2) The Department of Administrative Services shall make each inventory conducted pursuant to subdivision (1) of this subsection publicly available on the state's open data portal.
H-02 Non-Discrimination & Bias Assessment · H-02.3H-02.8 · Government System
Section 1(c)
Plain Language
Beginning February 1, 2024, the Department of Administrative Services must perform ongoing assessments of all AI systems used by state agencies to ensure they do not cause unlawful discrimination or disparate impact across an extensive list of protected characteristics (defined in Section 2(b)(1)(B)). The assessments must follow the policies and procedures established by the Office of Policy and Management. This is a continuing obligation — not a one-time pre-deployment check — requiring periodic review of deployed systems for bias. The protected characteristics include age, genetic information, color, ethnicity, race, creed, religion, national origin, ancestry, sex, gender identity or expression, sexual orientation, marital status, familial status, pregnancy, veteran status, disability, and lawful source of income.
Statutory Text
(c) Beginning on February 1, 2024, the Department of Administrative Services shall perform ongoing assessments of systems that employ artificial intelligence and are in use by state agencies to ensure that no such system shall result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (b) of section 2 of this act. The department shall perform such assessment in accordance with the policies and procedures established by the Office of Policy and Management pursuant to subsection (b) of section 2 of this act.
PS-01 Government AI Accountability · PS-01.4 · Government System
Section 2(b)(1)-(3)
Plain Language
The Office of Policy and Management must develop, publish, and maintain AI governance policies and procedures covering the full lifecycle of AI systems used by state agencies — development, procurement, implementation, utilization, and ongoing assessment. The policies must at minimum address procurement standards, anti-discrimination and disparate impact protections across a broad set of protected characteristics, pre-implementation impact assessments, and ongoing DAS assessments. The policies must be publicly posted on OPM's website and may be revised at the Secretary's discretion. This effectively creates an AI governance framework for all Connecticut executive branch agencies, with OPM as the standard-setting body and DAS as the compliance assessor.
Statutory Text
(b) (1) Not later than February 1, 2024, the Office of Policy and Management shall develop and establish policies and procedures concerning the development, procurement, implementation, utilization and ongoing assessment of systems that employ artificial intelligence and are in use by state agencies. Such policies and procedures shall, at a minimum, include policies and procedures that: (A) Govern the procurement, implementation and ongoing assessment of such systems by state agencies; (B) Are sufficient to ensure that no such system (i) results in any unlawful discrimination against any individual or group of individuals, or (ii) has any unlawful disparate impact on any individual or group of individuals on the basis of any actual or perceived differentiating characteristic, including, but not limited to, age, genetic information, color, ethnicity, race, creed, religion, national origin, ancestry, sex, gender identity or expression, sexual orientation, marital status, familial status, pregnancy, veteran status, disability or lawful source of income; (C) Require a state agency to assess the likely impact of any such system before implementing such system; and (D) Provide for the Department of Administrative Services to perform ongoing assessments of such systems to ensure that no such system results in any unlawful discrimination or disparate impact described in subparagraph (B) of this subdivision. (2) The Office of Policy and Management may revise the policies and procedures established pursuant to subdivision (1) of this subsection if the Secretary of the Office of Policy and Management determines, in said secretary's discretion, that such revision is necessary. (3) The Office of Policy and Management shall post the policies and procedures established pursuant to subdivision (1) of this subsection, and any revision made to such policies and procedures pursuant to subdivision (2) of this subsection, on the office's Internet web site.
PS-01 Government AI Accountability · PS-01.2 · Government System
Section 2(c)
Plain Language
Beginning February 1, 2024, no Connecticut state agency may deploy a new AI system unless it has first completed a pre-implementation impact assessment confirming the system will not result in unlawful discrimination or disparate impact. The assessment must follow OPM's policies. Separately, even if the assessment is completed, the agency head retains discretionary authority to block implementation if they determine the system would cause unlawful discrimination. This creates a dual gate: both the impact assessment must be satisfied and the agency head must not exercise a discretionary veto. This is a hard deployment prohibition — agencies cannot deploy first and assess later.
Statutory Text
(c) Beginning on February 1, 2024, no state agency shall implement any system that employs artificial intelligence (1) unless the state agency has performed an impact assessment, in accordance with the policies and procedures established pursuant to subsection (b) of this section, to ensure that such system will not result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (b) of this section, or (2) if the head of such state agency determines, in such agency head's discretion, that such system will result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (b) of this section.
PS-01 Government AI Accountability · PS-01.1PS-01.3 · Government System
Section 3(b)(1)-(2)
Plain Language
The Judicial Department must conduct and publicly publish an annual inventory of its AI systems, mirroring the executive branch inventory requirement in Section 1. The same four data fields are required: system name and vendor, capabilities, decision-making role, and whether a pre-implementation impact assessment was performed. Publication is on the Judicial Department's website rather than the state open data portal. The first inventory was due by December 31, 2023. This parallel structure reflects the constitutional separation of powers — the Judicial Department governs its own AI systems independently of the executive branch framework.
Statutory Text
(b) (1) Not later than December 31, 2023, and annually thereafter, the Judicial Department shall conduct an inventory of the department's systems that employ artificial intelligence. Each such inventory shall include at least the following information for each such system: (A) The name of such system and the vendor, if any, that provided such system; (B) A description of the general capabilities and uses of such system; (C) Whether such system was used to independently make, inform or materially support a conclusion, decision or judgment; and (D) Whether such system underwent an impact assessment prior to implementation. (2) The Judicial Department shall make each inventory conducted pursuant to subdivision (1) of this subsection publicly available on the department's Internet web site.
PS-01 Government AI Accountability · PS-01.4 · Government System
Section 3(c)(1)-(3)
Plain Language
The Judicial Department must independently develop, publish, and maintain its own AI governance policies and procedures — parallel to but separate from the OPM-developed policies for executive agencies. The minimum requirements are identical: procurement governance, non-discrimination protections, pre-implementation impact assessments, and ongoing assessments. The Chief Court Administrator has discretionary revision authority. Policies must be publicly posted on the department's website. This separation ensures the judiciary controls its own AI governance without executive branch oversight.
Statutory Text
(c) (1) Not later than February 1, 2024, the Judicial Department shall develop and establish policies and procedures concerning the department's development, procurement, implementation, utilization and ongoing assessment of systems that employ artificial intelligence. Such policies and procedures shall, at a minimum, include policies and procedures that: (A) Govern the department's procurement, implementation and ongoing assessment of such systems; (B) Are sufficient to ensure that no such system (i) results in any unlawful discrimination against any individual or group of individuals, or (ii) has any unlawful disparate impact on any individual or group of individuals on the basis of any actual or perceived differentiating characteristic, including, but not limited to, age, genetic information, color, ethnicity, race, creed, religion, national origin, ancestry, sex, gender identity or expression, sexual orientation, marital status, familial status, pregnancy, veteran status, disability or lawful source of income; (C) Require the department to assess the likely impact of any such system before implementing such system; and (D) Provide for ongoing assessments of such systems to ensure that no such system results in any unlawful discrimination or disparate impact described in subparagraph (B) of this subdivision. (2) The Judicial Department may revise the policies and procedures established pursuant to subdivision (1) of this subsection if the Chief Court Administrator determines, in said administrator's discretion, that such revision is necessary. (3) The Judicial Department shall post the policies and procedures established pursuant to subdivision (1) of this subsection, and any revision made to such policies and procedures pursuant to subdivision (2) of this subsection, on the department's Internet web site.
PS-01 Government AI Accountability · PS-01.2 · Government System
Section 3(d)
Plain Language
Beginning February 1, 2024, the Judicial Department faces two obligations: (1) it may not deploy any new AI system without first completing a pre-implementation impact assessment under its own policies, and the Chief Court Administrator retains a discretionary veto if they determine the system would cause discrimination; and (2) it must perform ongoing assessments of all deployed AI systems to ensure they do not result in unlawful discrimination or disparate impact. This combines the pre-deployment gate and ongoing assessment obligations that are separated across Sections 2(c) and 1(c) for executive agencies into a single provision for the judiciary.
Statutory Text
(d) Beginning on February 1, 2024, the Judicial Department shall: (1) Not implement any system that employs artificial intelligence (A) unless the department has performed an impact assessment, in accordance with the policies and procedures established pursuant to subsection (c) of this section, to ensure that such system will not result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (c) of this section, or (B) if the Chief Court Administrator determines, in said administrator's discretion, that such system will result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (c) of this section; and (2) Perform ongoing assessments of the department's systems that employ artificial intelligence to ensure that no such system shall result in any unlawful discrimination or disparate impact described in subparagraph (B) of subdivision (1) of subsection (c) of this section.
Other · Government System
Section 4
Plain Language
Beginning October 1, 2023, every new state contract with a business must include a provision requiring the business to comply with the Connecticut Data Privacy Act (CTDPA, §§ 42-515 to 42-525). This is a procurement flow-down requirement — it does not create new substantive AI obligations but ensures that businesses contracting with the state are contractually bound to comply with Connecticut's existing data privacy law. Businesses should verify their CTDPA compliance posture before entering into state contracts, as non-compliance could now constitute a breach of contract in addition to a statutory violation.
Statutory Text
Notwithstanding any provision of the general statutes, no state contracting agency shall enter into any contract with a business on or after October 1, 2023, unless such contract contains a provision requiring the business to comply with all applicable provisions of sections 42-515 to 42-525, inclusive, of the general statutes. For the purposes of this section, "business", "contract" and "state contracting agency" have the same meanings as provided in section 4e-1 of the general statutes.