AI accountability and consumer protection obligations mapped to SWT3 witness procedures. Algorithmic impact assessments, consumer notification, opt-out rights, and high-risk AI system governance.
Who this is for: AI system deployers subject to Connecticut jurisdiction, compliance officers overseeing high-risk AI deployments, legal counsel advising on algorithmic accountability, and risk management teams responsible for impact assessments and consumer notification.
New law: CART Act (SB 5) signed June 2, 2026. Connecticut enacted the CART Act, which significantly expands AI obligations beyond SB 2 to cover employment AEDT, healthcare AI, companion chatbots, and consumer notification. AEDT liability begins October 1, 2026. See the CART Act crosswalk for the comprehensive requirements.
Connecticut SB 2 signed into law. One of the most comprehensive state-level AI accountability laws in the United States. Applies to high-risk AI systems making consequential decisions in employment, education, financial services, healthcare, housing, insurance, and legal services. Notable for its broad scope covering both deployers AND developers, and for requiring disclosure of known limitations. Attorney General enforcement with civil penalties.
Connecticut SB 2, the AI Accountability Act, establishes requirements for deployers and developers of high-risk AI systems -- systems that make or substantially contribute to consequential decisions affecting Connecticut residents. It is among the most comprehensive state-level AI accountability frameworks in the United States.
Key obligations under SB 2:
The law is notable for imposing parallel obligations on both deployers (organizations using high-risk AI) and developers (organizations building or substantially modifying AI systems). Developers must provide deployers with sufficient documentation to complete their impact assessments.
SB 2 defines a high-risk AI system as any AI system that makes, or is a substantial factor in making, a consequential decision. A consequential decision is one that has a material legal or similarly significant effect on a consumer in the following domains:
| Domain | Examples of Consequential Decisions |
|---|---|
| Employment | Hiring, termination, promotion, compensation, task assignment |
| Education | Admissions, financial aid, academic assessment, disciplinary actions |
| Financial Services | Lending, credit scoring, insurance underwriting, account opening |
| Healthcare | Diagnosis, treatment recommendations, coverage determinations, benefits eligibility |
| Housing | Rental applications, mortgage approvals, property valuations, tenant screening |
| Insurance | Policy pricing, claims decisions, coverage eligibility, risk classification |
| Legal Services | Bail determinations, sentencing recommendations, parole decisions, case prioritization |
Deployers (organizations using high-risk AI systems) must conduct impact assessments, provide consumer notice, honor opt-out requests, and maintain records. Developers (organizations building AI systems) must provide deployers with documentation of capabilities, limitations, intended uses, data practices, and known risks sufficient for the deployer to fulfill their own obligations.
SB 2 requires deployers to complete an algorithmic impact assessment before deploying a high-risk AI system, and to reassess annually thereafter. The assessment must document:
Assessments must be retained for a minimum of three years after the last date the high-risk AI system was deployed. The Attorney General may request access to impact assessments during an investigation.
Each SB 2 obligation maps to SWT3 witness procedures that produce cryptographically anchored evidence of compliance activity.
| CT SB 2 Requirement | SWT3 Procedure | What It Witnesses | Evidence Produced |
|---|---|---|---|
| Algorithmic Impact Assessment | AI-DPIA.1 | Impact assessment completion and findings | Factor A: assessment scope, Factor B: risk rating, Factor C: review authority |
| Fairness Testing | AI-FAIR.1 | Demographic parity evaluation | Factor A: protected attribute, Factor B: disparity ratio, Factor C: threshold |
| Consumer Notification | AI-EXPL.1 | Decision explanation generation | Factor A: explanation method, Factor B: confidence, Factor C: factors cited |
| Factor Disclosure | AI-EXPL.2 | Counterfactual explanation delivery | Factor A: decision outcome, Factor B: alternative path, Factor C: feature sensitivity |
| Human Oversight | AI-HITL.1 | Human-in-the-loop review execution | Factor A: reviewer identity, Factor B: override decision, Factor C: rationale |
| Assessment Documentation | AI-AUDIT.1 | Audit log integrity verification | Factor A: log source, Factor B: integrity hash, Factor C: retention period |
| Automation Scope | AI-AUTO.1 | Automated decision boundary attestation | Factor A: decision type, Factor B: automation level, Factor C: human fallback |
| Data Governance | AI-DATA.1 | Training data provenance attestation | Factor A: data source, Factor B: record count, Factor C: collection method |
SB 2 requires: Deployers must complete an algorithmic impact assessment before deploying a high-risk AI system, and reassess annually. The assessment must document purpose, risks, data practices, outputs, human oversight, and fairness testing results.
How SWT3 addresses it: The witness_dpia() call captures the assessment scope, overall risk rating, and the identity of the reviewing authority. Each pre-deployment and annual assessment generates a timestamped anchor proving the assessment occurred on a specific date. The anchor chain creates a longitudinal record of annual reassessments that the Attorney General can verify without accessing the full assessment document.
Filter the witness ledger for AI-DPIA.1 anchors. The first anchor must predate the AI system's deployment date. Subsequent anchors should appear at intervals no greater than 12 months. Factor A identifies the assessment scope. Factor B shows the risk rating. Factor C identifies the reviewing authority. Cross-reference with AI-FAIR.1 anchors to confirm fairness testing was incorporated into the assessment.
SB 2 requires: Impact assessments must include evaluation of risks of algorithmic discrimination, including disparate impact across protected classes.
How SWT3 addresses it: The witness_fairness() call records the protected attribute being evaluated, the measured disparity ratio, and the threshold applied. Each evaluation produces an anchor documenting that fairness testing was performed and what the results were, without requiring the examiner to re-run the analysis.
AI-FAIR.1 anchors should cover all protected classes relevant to the deployment domain (e.g., race, gender, age for employment decisions). Factor B (disparity ratio) should be within the deployer's stated threshold (Factor C). Anchors should be present for each annual reassessment cycle, paired with AI-DPIA.1 anchors from the same period.
SB 2 requires: Deployers must notify consumers when a high-risk AI system is used to make or substantially contribute to a consequential decision. The notification must include a description of the AI system's purpose and contact information for the deployer.
How SWT3 addresses it: The witness_explanation() call records the explanation method used, the confidence level of the decision, and the factors cited. Each consumer-facing decision that triggers notification generates an anchor proving that notification content was generated and delivered.
AI-EXPL.1 anchors should correspond to consumer-facing decisions. Factor A identifies the explanation method (e.g., feature importance, rule-based, natural language). Factor C lists the factors cited in the consumer notification. Volume of AI-EXPL.1 anchors should be proportional to the volume of consequential decisions made by the system.
SB 2 requires: Impact assessments must document the human oversight measures in place, including the ability for consumers to request human review of AI-assisted decisions and opt out of AI-only decision-making.
How SWT3 addresses it: The witness_human_override() call records the reviewer identity, the override decision (affirm or reverse the AI recommendation), and the rationale. Each human review generates an anchor that proves the opt-out mechanism is operational and that human reviewers are actively exercising oversight.
AI-HITL.1 anchors prove the opt-out and human review pathway exists and is being used. Factor B shows whether the human affirmed or reversed the AI decision. A pattern of 100% affirmation may warrant scrutiny -- it could indicate rubber-stamping rather than genuine oversight. Factor C captures the rationale, which should reflect independent judgment.
SB 2 requires: Deployers must understand and document the degree to which AI contributes to consequential decisions -- whether the system makes the decision autonomously, provides a recommendation, or acts as one input among many.
How SWT3 addresses it: The witness_automated_decision() call records the decision type, the automation level (fully automated, recommendation, advisory), and the human fallback mechanism. This creates an attestation record of how each decision category is handled, establishing the boundary between automated and human-directed outcomes.
AI-AUTO.1 anchors define the automation boundary. Factor B (automation level) determines which consumer notification requirements apply -- fully automated decisions require stronger disclosure than advisory inputs. Factor C identifies the human fallback, which the examiner can cross-reference with AI-HITL.1 anchors to verify the fallback is operational.
| Examiner Question | Where to Look |
|---|---|
| Was an impact assessment completed before deployment? | AI-DPIA.1 anchor timestamp must predate the first AI-INF.1 (inference) anchor for the same system. Factor B shows the risk rating assigned. |
| Has the annual reassessment been completed? | AI-DPIA.1 anchors at intervals no greater than 12 months. Gap of >365 days between AI-DPIA.1 anchors indicates a missed reassessment. |
| Was fairness testing performed? | AI-FAIR.1 anchors paired with each AI-DPIA.1 assessment. Factor A identifies the protected attribute. Factor B shows the disparity ratio. Multiple AI-FAIR.1 anchors per assessment cycle indicate testing across multiple protected classes. |
| Are consumers being notified of AI involvement? | AI-EXPL.1 anchors corresponding to consequential decisions. Factor C lists the factors disclosed to the consumer. Volume should align with system usage. |
| Is the opt-out mechanism functional? | AI-HITL.1 anchors prove human review is occurring. Factor B shows whether the reviewer affirmed or reversed the AI recommendation. Absence of AI-HITL.1 anchors may indicate no opt-out pathway exists. |
| What is the automation level for each decision type? | AI-AUTO.1 anchors. Factor B documents the automation level (fully automated, recommendation, advisory). Factor C identifies the human fallback mechanism. |
| How long are assessment records retained? | AI-AUDIT.1 anchors with Factor C showing the retention period. SB 2 requires a minimum of 3 years after last deployment. SWT3 Enclave tier retains for 7 years. |
| What data does the system use? | AI-DATA.1 anchors. Factor A identifies data sources. Factor B shows record counts. Factor C documents the collection method. Cross-reference with the impact assessment for consistency. |
Full SDK documentation: sovereign.tenova.io/docs
Create a free account: sovereign.tenova.io/signup