WeVote

Bill

Bill

SB 1077

Labor: fair employment practices; use of electronic monitoring or automated decisions tools by an employer; prohibit except for certain purposes.

2025-2026 Regular Session Introduced by Sarah Anthony and 17 co-sponsors

SB 1077 restricts employers from using automated decision tools for employment, requires strict monitoring/data practices, independent impact assessments, and strong notice, opt-ou

REFERRED TO COMMITTEE ON LABOR
0
WeVote Research Nonpartisan
Bill Summary · SB 1077

Summary of SB 1077 (Michigan, 2025-2026)

Purpose and intent

SB 1077, titled the “responsible artificial intelligence security for employees act,” establishes a regulatory framework for when and how employers, third parties, or service providers may use electronic monitoring tools and automated decisions tools in employment-related contexts. The bill aims to protect covered individuals (employees and applicants) from intrusive data collection, ensure transparency, require impact assessments, and provide remedies for violations. It also creates obligations for notices, consent, data retention, security breach responses, and liaison with labor organizations.

Key definitions (scope and terminology)

  • Automated decisions tool: Any computational process (including machine learning, AI, data analytics) that outputs a score, classification, or recommendation used to substantially assist or replace discretionary employment decisions.
  • Electronic monitoring tool: Systems collecting data on a covered individual’s activities/communications by means other than direct observation (e.g., computer, camera, sensors).
  • Covered individual: An employee or an applicant.
  • Labor organization: A defined labor group or bargaining representative.
  • Impact assessment: A rigorous, independent evaluation of a tool’s objectives, data, algorithms, potential biases, disparate impact, accessibility, privacy, and legal risk.

Main provisions and changes

  1. Prohibition and limited use of automated decisions tools (Section 4)

    • General rule: Employers may not use automated decisions tools to make employment-related decisions.
    • Exception: Agencies may screen large volumes of applications to identify criteria or assess job skills for hiring.
  2. Limitations on data collection via electronic monitoring (Section 5)

    • Broad prohibition on collecting data outside permitted purposes.
    • Permitted purposes include: enabling essential job functions, monitoring production/quality, periodic performance assessment, ensuring compliance with labor/employment law, health and safety, wage/benefit administration under geographic constraints, and other department-approved business purposes.
  3. Requirements when using monitoring/tools (Section 5(3))

    • Written notice to all covered individuals.
    • Written, voluntary consent.
    • Data accuracy and correction rights.
    • Narrow, least-invasive, and limited-use application (avoid excess data collection; minimize the number of covered individuals monitored).
  4. ** Prohibited data categories (Section 5(4))**

    • No collection of health/medical data, qualified characteristics (protected classes), HR data, productivity/process data, communications, device usage, geolocation, audio/video, or any outputs linked to a tool, and no online activity data.
    • Prohibition on monitoring private areas (bathrooms, changing rooms, etc.) and on using tools with facial, gait, voice, or emotion recognition technologies (Section 5(4)-(5)).
  5. Data retention, sale, and sharing (Section 7)

    • Data retention: Not more than 3 years after the tool’s purpose is achieved (unless a collective bargaining agreement specifies otherwise); if not used, data must be deleted.
    • Prohibition on sale or licensing of covered individuals’ data.
    • Data sharing with state/local government is limited to compliance or legal processes.
  6. Impact assessments (Section 9)

    • Employers must conduct a comprehensive impact assessment before implementation or within 6 months of enactment for existing tools.
    • Assessments must be by an independent third party and cover objectives, data, biases, disparate impact, accessibility, privacy, safety, and compliance risks.
    • Requires consideration of disparate impact, data training biases, and alternative, less discriminatory methods.
    • Post-implementation: annual subsequent assessments describing any changes in validity or impact.
    • Documentation requirements: maintain data science and development records; make them accessible; share with labor organizations as appropriate.
  7. Security breach response (Section 11)

    • Prompt remediation and mitigation after a breach; notice to affected individuals within 48 hours of discovery.
    • Required remedies for affected individuals include 10 years of paid identity theft protection (including a policy of at least $5,000,000 per person), comprehensive credit monitoring (including dependents), dark web monitoring, breach alerts, a three-bureau credit freeze, fraud remediation, Social Security monitoring, and bank transaction monitoring.
    • Post-breach audit by a third party to verify vulnerabilities are fixed.
  8. Notice and opt-out requirements (Section 13)

    • Employers must display a conspicuous poster at the workplace.
    • At least 30 days before implementation, provide written notice to all employees, include notice in job postings, post on the website, and provide to applicants in accessible formats, with an opt-out option. If opted out, no employment decisions may be made about that individual using the tool.
  9. Enforcement and penalties (Sections 15 and 17)

    • Private right of action for aggrieved individuals and labor organizations, with damages, injunctive relief, costs, and attorney fees.
    • Civil fines up to $500 per violation; enforcement by county prosecutors or the Attorney General.
    • The act sets minimum standards but does not prevent more stringent protections through collective bargaining agreements.
  10. Labor relations and collective bargaining (Section 17)

    • The act preserves and harmonizes with existing collective bargaining rights.
    • Employers must provide bargaining notice and data for negotiations when employees are represented, and information for bargaining is to be provided before bargaining cycles.
    • Provisions clarify that existing bargaining agreements that exceed these standards remain enforceable.
  11. Rulemaking (Section 19)

    • The Department of Labor and Economic Opportunity must promulgate implementing rules under the Administrative Procedures Act.

Who would be affected

  • Employers, third-party vendors, and service providers using electronic monitoring or automated decision tools in Michigan.
  • Covered individuals: current employees and applicants subjected to such tools.
  • Labor organizations and bargaining representatives, due to notice and information-sharing requirements and bargaining rights.
  • State and local governments, to the extent data sharing is required for compliance or investigations.

Procedural and timeline aspects

  • Introduced June 24, 2026; referred to the Senate Committee on Labor.
  • Requirements for impact assessments: tool not implemented more than 1 year after enactment; for tools already in use, within 6 months after the act’s effective date.
  • Annual post-implementation impact assessments required for ongoing tools.
  • Notice and opt-out provisions: minimum 30 days prior notice before implementation; opt-out preserves indivdual protection against tool-based decisions.
  • Breach response timelines: 48-hour notice to affected individuals; remediation and third-party audit following a breach.
  • Rulemaking: department to issue implementing rules under the Administrative Procedures Act.

Potential impact and considerations

  • Enhances privacy and civil-liberties protections for workers regarding data collection and surveillance.
  • Creates a framework for transparency, consent, and accountability in the use of AI and monitoring tools in employment decisions.
  • Establishes robust post-breach protections and remedies for harmed individuals.
  • Could influence hiring practices by limiting automated screening, except for criteria-based candidate screening in large-volume applications.
  • May increase compliance costs for employers due to impact assessments, data management, and reporting requirements.
  • Encourages collective bargaining inputs and preserves existing bargaining rights to shape tool use.

Note: This summary reflects the bill text as introduced and is not a refinement of eventual amendments.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.