CT SB 1295
Connecticut SB 1295 (Enhanced CTDPA)
Creates COMPLETE BAN on targeted advertising to under-18s regardless of consent. Requires AI impact assessments. Connecticut issued first CTDPA fine ($85,000) in 2025.
Jurisdiction
Connecticut
US-CT
Enacted
Jun 25, 2025
Effective
Jul 1, 2026
Enforcement
Connecticut Attorney General
What It Requires
Harms Addressed
Who Must Comply
This law applies to:
- • Controllers processing Connecticut residents' data
Who bears obligations:
Safety Provisions
- • COMPLETE BAN on targeted advertising to under-18s
- • AI impact assessments required
- • Profiling restrictions for minors
- • Dark pattern prohibitions
- • Enhanced consent requirements for sensitive data
Compliance Timeline
Jul 1, 2026
All provisions take effect
Enforcement
Enforced by
Connecticut Attorney General
Penalties
$5K/violation
Up to $5,000 per violation; first CTDPA fine $85,000 (July 2025).
Quick Facts
- Binding
- Yes
- Mental Health Focus
- No
- Child Safety Focus
- Yes
- Algorithmic Scope
- Yes
Why It Matters
Complete advertising ban for minors is stricter than most states. Active enforcement shows teeth.
What You Need to Comply
You need: ZERO targeted advertising to minors; AI impact assessment documentation; no profiling of minors; no dark patterns.
NOPE can helpCite This
APA
Connecticut. (2025). Connecticut SB 1295 (Enhanced CTDPA). Retrieved from https://nope.net/regs/us-ct-sb1295
BibTeX
@misc{us_ct_sb1295,
title = {Connecticut SB 1295 (Enhanced CTDPA)},
author = {Connecticut},
year = {2025},
url = {https://nope.net/regs/us-ct-sb1295}
} Related Regulations
NY RAISE Act
Requires large AI developers of frontier models operating in New York to create safety protocols, report critical incidents within 72 hours, conduct annual reviews, and undergo independent audits. Creates dedicated DFS office funded by developer fees.
Colorado AI Act
First comprehensive US state law regulating high-risk AI systems. Modeled partly on EU AI Act with developer and deployer obligations for consequential decisions.
CA CPPA ADMT
California Privacy Protection Agency regulations establishing consumer rights and business obligations for Automated Decision-Making Technology (ADMT) that makes significant decisions including healthcare. Requires pre-use notice, opt-out rights, access rights, appeal rights, and risk assessments.
VT AADC
Vermont design code structured to be more litigation-resistant: focuses on data processing harms rather than content-based restrictions. AG rulemaking authority begins July 2025.
NE AADC
Nebraska design code blending privacy-by-design with engagement constraints (feeds, notifications, time limits) aimed at reducing compulsive use.
CA AB 489
Prohibits AI systems from using terms, letters, or phrases that falsely indicate or imply possession of a healthcare professional license.