---
title: "Connecticut CTDPA July 2026 — AI/LLM Disclosure, Sensitive Data, and Minors"
description: "Connecticut Public Act 25-113 amends the CTDPA effective July 1, 2026, adding AI/LLM disclosure, expanded sensitive-data categories, and broad minor protections. AI voice and chat get a new training-data notice obligation."
canonical: https://callsphere.ai/blog/vw6f-connecticut-ctdpa-2026-ai-llm-disclosure
category: "AI Strategy"
tags: ["CTDPA", "Connecticut", "LLM", "AI Voice", "Minors"]
author: "CallSphere Team"
published: 2026-03-25T00:00:00.000Z
updated: 2026-05-07T16:46:06.473Z
---

# Connecticut CTDPA July 2026 — AI/LLM Disclosure, Sensitive Data, and Minors

> Connecticut Public Act 25-113 amends the CTDPA effective July 1, 2026, adding AI/LLM disclosure, expanded sensitive-data categories, and broad minor protections. AI voice and chat get a new training-data notice obligation.

> Connecticut was an early state-privacy leader and now adds an explicit AI training-data disclosure requirement — small in word count, large in operational impact for any LLM-backed voice or chat agent.

## What the law says

The Connecticut Data Privacy Act (CTDPA) has been in force since 1 July 2023. Public Act 25-113, signed by Governor Lamont on 25 June 2025, amends the CTDPA effective 1 July 2026. The amendment expands sensitive data to include disability or treatment, status as nonbinary or transgender, neural data, financial information, and government IDs. The minor age band moves to 13–17 with a flat ban on targeted advertising and sale of minors' data, regardless of consent. Design features that significantly increase or extend a minor's use of an online service are prohibited, with explicit application to chatbots and LLMs.

The marquee AI provision: businesses that use personal data to train an AI system, particularly an LLM, must disclose that use in their privacy notice. Impact assessments must accompany profiling that produces legal or similarly significant effects and must include intended use, deployment context, benefits, risks, input categories, output description, performance metrics, known limits, transparency measures, and post-deployment monitoring. The Attorney General's enforcement report, released in 2026, signaled heightened action on minors' privacy.

## What AI voice/chat must do

LLM-backed voice and chat agents must publish, in their privacy notice, a statement that personal data is or may be used to train the underlying model — including the categories of data, the providers, and any third-party model training. Sensitive-data processing requires consent. Minor-facing channels must implement a hard ban on targeted advertising and sale and remove engagement-extending design features. The impact assessment becomes a long-form document; copy/paste from a CCPA risk assessment will not satisfy CTDPA's enumerated elements.

## CallSphere posture

CallSphere — 37 agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, 4.8/5, HIPAA and SOC 2 aligned — generates the CTDPA training-data disclosure automatically from each tenant's model and provider configuration. Sensitive-data flags are first-class in the schema; consent capture is wired into every relevant intake. Minor-facing flows route to a non-engagement variant with no upsell prompts. The CTDPA impact assessment template covers all 10 enumerated elements. Pricing $149 / $499 / $1,499; [14-day trial](/trial); 22% lifetime affiliate via [/affiliate](/affiliate); detail at [/pricing](/pricing) and [/contact](/contact).

```mermaid
flowchart LR
A[CT Caller] --> B[Voice Agent]
B --> C[Training-Data\nNotice]
B --> D[Sensitive Data\nConsent]
B --> E[Minor Check]
E --> F[No Targeted Ads]
B --> G[Impact Assessment]
```

## Compliance checklist

1. Add an LLM training-data section to every privacy notice naming categories and providers.
2. Refresh sensitive-data lists to include neural, disability, gender identity, and government IDs.
3. Capture consent for every sensitive-data intake; do not bury it in a banner.
4. Identify minor-facing channels; ban targeted advertising and sale outright.
5. Remove engagement-extending design features from minor flows.
6. Complete impact assessments with all 10 elements; do not reuse CCPA templates.
7. Honor opt-out via UOOM at every consumer surface.
8. Refresh DPIA on every model swap or fine-tune.
9. Track AG enforcement guidance — Connecticut publishes annual reports.
10. Review B2B exemptions carefully — the 2026 amendments narrowed several.

## FAQ

**Do we need to name the model vendor?**
Yes — the disclosure must name the categories of providers and the categories of data used in training.

**Is fine-tuning "training"?**
The amendment uses broad language; treat fine-tuning as in scope unless your counsel concludes otherwise.

**Does the LLM disclosure apply to inference-only deployments?**
Inference on a third-party model that does not train on your inputs is outside the training disclosure but inside other CTDPA obligations.

**Are HIPAA-covered entities exempt?**
Entity-level exemption applies; verify each data flow because not all data is PHI.

**What is the cure-period status?**
The 60-day cure period sunsetted; the AG can move directly to enforcement.

## Sources

- CT AG CTDPA Page: [https://portal.ct.gov/ag/sections/privacy/the-connecticut-data-privacy-act](https://portal.ct.gov/ag/sections/privacy/the-connecticut-data-privacy-act)
- Public Act 25-113: [https://www.cga.ct.gov/asp/cgabillstatus/cgabillstatus.asp?selBillType=Public+Act&which_year=2025&bill_num=113](https://www.cga.ct.gov/asp/cgabillstatus/cgabillstatus.asp?selBillType=Public+Act&which_year=2025&bill_num=113)
- CT AG 2026 CTDPA Report: [https://portal.ct.gov/ag/press-releases/2026-press-releases/attorney-general-tong-releases-updated-report-on-connecticut-data-privacy-act](https://portal.ct.gov/ag/press-releases/2026-press-releases/attorney-general-tong-releases-updated-report-on-connecticut-data-privacy-act)
- Hunton AI Compliance Under CTDPA: [https://www.hunton.com/privacy-and-cybersecurity-law-blog/connecticut-ag-clarifies-ai-compliance-obligations-under-ctdpa](https://www.hunton.com/privacy-and-cybersecurity-law-blog/connecticut-ag-clarifies-ai-compliance-obligations-under-ctdpa)
- Wiley July 2026 CTDPA Alert: [https://www.wiley.law/alert-Major-Changes-to-Connecticut-Consumer-Privacy-Law-Will-Take-Effect-July-1-2026](https://www.wiley.law/alert-Major-Changes-to-Connecticut-Consumer-Privacy-Law-Will-Take-Effect-July-1-2026)

---

Source: https://callsphere.ai/blog/vw6f-connecticut-ctdpa-2026-ai-llm-disclosure