US-CTEnforcement: July 1, 2026

Connecticut Data Privacy Act — AI Training Data Disclosure (PA 25-113): AI Compliance Requirements

Connecticut Governor Lamont signed Public Act No. 25-113 on June 25, 2025, amending the Connecticut Data Privacy Act (CTDPA). Effective July 1, 2026: any business subject to the CTDPA that uses personal data to train AI systems (specifically large language models) must include a clear and conspicuous disclosure in their consumer-facing privacy notice. The CTDPA applies to businesses processing data of 100,000+ CT residents/year OR 25,000+ CT residents/year with revenue from selling personal data. The disclosure must state whether personal data is collected, used, or sold for LLM training purposes.

Check your compliance — freeDownload checklist

Key Facts

Effective Date

June 25, 2025

Enforcement Begins

July 1, 2026

Maximum Penalty

$5,000 per violation; Connecticut AG enforcement

What Your Business Must Do

2 compliance requirements identified. Critical requirements carry the highest risk of enforcement action.

AI Training Data Privacy Notice Disclosure

High Priority

Update your privacy notice to include a CLEAR AND CONSPICUOUS statement about whether you use personal data to train AI/LLM models. This applies if: (1) You are subject to the CTDPA (100K+ CT residents OR 25K+ with revenue from data sales), AND (2) You use customer/user personal data in any AI/ML training pipeline. The disclosure must be consumer-facing — typically in your Privacy Policy. Effective July 1, 2026.

Deadline: July 1, 2026

CTDPA Automated Decision Opt-Out

Medium Priority

The existing CTDPA (effective July 2023) already requires: right to opt out of AI-powered profiling that produces legal or similarly significant effects. Ensure your privacy notice discloses automated profiling and provides an opt-out mechanism for Connecticut residents.

Deadline: July 1, 2026

Frequently Asked Questions

Does Connecticut Data Privacy Act — AI Training Data Disclosure (PA 25-113) apply to my business?

Connecticut Governor Lamont signed Public Act No. 25-113 on June 25, 2025, amending the Connecticut Data Privacy Act (CTDPA). Effective July 1, 2026: any business subject to the CTDPA that uses personal data to train AI systems (specifically large la. Use ComplianceIQ's free scanner to get a personalized assessment in under 5 minutes.

What is the penalty for non-compliance?

The maximum penalty under Connecticut Data Privacy Act — AI Training Data Disclosure (PA 25-113) is: $5,000 per violation; Connecticut AG enforcement. Fines are typically scaled by company size, severity of violation, and whether violations were willful or accidental.

How do I comply with Connecticut Data Privacy Act — AI Training Data Disclosure (PA 25-113)?

The 2 requirements above cover the core obligations. The fastest path to compliance is: (1) conduct an AI risk assessment, (2) document your AI systems, (3) implement transparency disclosures where required. ComplianceIQ generates all required documents automatically.

Official Source

https://www.bclplaw.com/en-US/events-insights-news/connecticut-quietly-adds-ai-disclosure-mandate-to-consumer-privacy-law.html

Last updated: 2026-04-12 — verify at source before relying on this information.

Don't leave compliance to chance

ComplianceIQ scans your AI tools, tells you exactly which regulations apply, and generates all required documents — in 30 minutes.

Start your free compliance scan