Connecticut AG Puts Businesses on Notice: Old Laws Still Apply to AI

Connecticut’s latest advisory underscores a growing reality: state regulators are applying traditional legal frameworks to artificial‑intelligence systems rather than waiting for bespoke statutes. By referencing civil‑rights, privacy, data‑security, consumer‑protection and antitrust provisions, the Attorney General’s office signals that AI developers and users must already meet the same standards that govern conventional software and data practices. This approach mirrors a pragmatic strategy seen in several jurisdictions, where lawmakers prefer to leverage existing rules to address novel risks while legislative bodies deliberate on dedicated AI legislation.

For businesses operating in the Constitution State, the advisory translates into concrete compliance obligations. Companies must conduct privacy impact assessments, ensure non‑discriminatory algorithmic outcomes, and safeguard data against breaches—all under the umbrella of current statutes. The AG’s emphasis on reporting mechanisms creates a new channel for consumers to flag AI‑induced harms, potentially accelerating enforcement actions. Risk‑management teams should therefore integrate AI audits into their existing compliance programs, update vendor contracts to reflect liability expectations, and train staff on the expanded scope of consumer‑protection duties.

Connecticut’s stance fits within a broader national trend where states like Illinois, Washington and New York have enacted or proposed AI‑focused rules, yet many still rely on legacy laws. Companies with multi‑state footprints should adopt a unified compliance framework that satisfies the most stringent jurisdiction, thereby mitigating fragmented regulatory exposure. As AI adoption accelerates, regulators are likely to tighten enforcement, making proactive alignment with existing statutes a strategic imperative for sustained market participation.