Bossware Laws 2026: Your Legal Rights When Your Employer Monitors You
Complete guide to bossware laws in 2026. Know your legal rights when employers use monitoring software, from California's No Robo Bosses Act to the EU AI Act. Includes interactive state-by-state calculator.
By James Crawford
Key Takeaways
- 📊 71% of employees are now digitally monitored — up from 30% just two years ago (Gartner)
- ⚖️ California, Illinois, Colorado, and Maine enacted new AI and monitoring laws in 2025–2026
- 🚫 EU AI Act bans emotion recognition in workplaces — fines up to €35 million or 7% of global revenue
- 🏛️ California's No Robo Bosses Act (SB 947) would prohibit AI-only firing decisions
- 📱 Microsoft Teams now tracks your office location via WiFi — experts call it "creepy"
On March 11, 2026, Fortune reported that Microsoft Teams had quietly introduced a feature called "Automatic Update of Work Location" — capable of detecting not just whether an employee is in the office, but which specific room they are sitting in, using WiFi triangulation. Nine days later, Inc. revealed that JP Morgan had begun comparing junior bankers' keystroke activity to their reported working hours. By the end of March, a New York Times investigation found that eight of the ten largest employers in the United States track employee productivity in real time.
These are not isolated incidents. They represent the culmination of a surveillance infrastructure that has been expanding since the pandemic — and that is now colliding with a wave of new legislation designed to protect workers. This article is a comprehensive guide to the legal landscape of workplace monitoring in 2026: what your employer can track, what the law says about it, and what you can do to protect yourself.
What Is Bossware? A 2026 Definition
"Bossware" is a term popularized by the Electronic Frontier Foundation in 2020 to describe software tools that employers use to surveil and monitor employees. In 2026, the category has expanded far beyond simple time-tracking. According to Gartner research, 71% of employees are now digitally monitored — up from just 30% in 2024. The employee monitoring software market was valued at $3.3 billion in 2024 and is projected to reach $7.61 billion by 2029, growing at an 18.1% compound annual growth rate.
Modern bossware encompasses a wide range of surveillance capabilities: keystroke logging that records every key pressed, screen capture that takes periodic or continuous screenshots, location tracking via GPS or WiFi, email and messaging monitoring, webcam and microphone access, application usage analytics, productivity scoring algorithms, and — most controversially — emotion recognition systems that attempt to infer a worker's emotional state from facial expressions or biometric data.
Types of Bossware in Use (2026)
The Monitoring Explosion: 2020–2026
The growth of digital employee monitoring has been staggering. According to data compiled from Gartner and MIT research, the share of employees subject to digital monitoring has more than doubled in just six years. The pandemic accelerated adoption, but the return-to-office trend has not reversed it — instead, surveillance has followed workers back into the physical office.
Percentage of Employees Digitally Monitored (2020–2026)
Sources: Gartner (2024–2026), MIT (2025–2026), Fortune analysis
"This is a solution in search of a problem when we already have existing solutions. Do these companies ever put these ideas through a creepy assessment?"
US State Laws: The New Patchwork of Employee Protections
The United States has no federal law specifically governing employee monitoring. Instead, a patchwork of state laws has emerged — and in 2025–2026, several states enacted groundbreaking AI-specific employment legislation. The gap between what companies monitor and what they are legally allowed to do has never been wider, according to a comprehensive legal analysis by SuperSee.
| State | Law | Status | Key Provision |
|---|---|---|---|
| California | FEHA ADS Regulations | Active Oct 2025 | AI tools cannot discriminate; 4-year record retention; employer liable for vendor AI bias |
| California | SB 947 (No Robo Bosses) | Pending 2026 | Bars sole AI decision-making for firing; bans predictive behavior analysis |
| California | AB 1883 | Committee Mar 2026 | Bans surveillance tools inferring protected status; $500/employee/violation |
| Illinois | HB 3773 | Active Jan 2026 | Broadest AI employment law in US; covers 1+ employees; ZIP code proxy ban |
| Colorado | SB 24-205 (AI Act) | Enforcement Jun 2026 | First comprehensive AI regulation in US; annual impact assessments; appeal rights |
| Maine | LD 61 | Active Jan 2026 | Strictest monitoring law; bans monitoring in homes/vehicles; personal device refusal right |
| New York | S2628 + Local Law 144 | Active | Written notice + workplace poster; AI hiring bias audits required (NYC) |
| Connecticut | Existing statute | Active | Written or email notice required before monitoring electronic communications |
Check Your State's Monitoring Laws
The table above covers the states with the most significant legislation. But what about yours? Select your state below to get a personalized breakdown of employee monitoring laws, your specific rights, and what your employer is legally required to do — covering all 50 states and DC.
Select Your State
Protection Levels
Select a State to Begin
Choose your state from the list to see a personalized breakdown of employee monitoring laws, your rights, and what your employer is required to do.
State Protection Overview
How all 50 states + DC compare on employee monitoring protections.
Legal Disclaimer: This tool provides general information about employee monitoring laws and is not legal advice. Laws change frequently. Consult a qualified attorney for advice specific to your situation. Information is current as of March 2026.
California's No Robo Bosses Act: The Landmark Bill
California is at the epicenter of the bossware regulation movement. The state's labor unions announced they would sponsor or support two dozen bills this legislative session to address how AI negatively impacts workers, according to Hard Reset Media's investigation. The most ambitious package targets surveillance, algorithmic discipline, and job displacement simultaneously.
The centerpiece is SB 947, the No Robo Bosses Act of 2026. The bill would bar employers from relying solely on automated decision-making systems to fire or discipline workers, and would require human oversight and independent verification when those systems assist in termination decisions. It would also prohibit employers from using systems that employ predictive behavior analysis — collecting personal data to profile an employee and potentially take adverse action based on what the AI "predicts" they will do.
"Right now, there are absolutely no restrictions on how employers can use artificial intelligence to arbitrarily discipline and fire their workers. Employers are devastating workers' livelihoods and taking no responsibility for the callous decisions of this unchecked technology."
The bill is a reintroduction of SB 7, which passed both chambers last year before Governor Newsom vetoed it. Labor leaders have made clear they are conditioning their public support for Newsom's widely expected 2028 presidential run on his willingness to sign this legislation. Other notable California bills in the package include:
Prohibits employers from using surveillance tools to infer a worker's protected status under California civil rights law. Penalties up to $500 per employee per violation.
Requires employers to notify workers in writing whenever AI tools are used to make employment-related decisions or to surveil the workplace.
Limits surveillance in employee-only areas, prohibits monitoring in bathrooms and during off-duty hours, and gives workers the right to leave wearable surveillance devices behind.
Prohibits employers from using worker data to train AI systems designed to replicate, automate, or replace workers' jobs.
Requires 90 days' written notice to affected workers when AI-related layoffs impact 25 or more workers.
The EU AI Act: Global Impact on Workplace Monitoring
While the United States relies on a patchwork of state laws, the European Union has taken a comprehensive approach. The EU AI Act, which began phased enforcement in February 2025, directly regulates how AI can be used in the workplace. The Act applies even to non-EU companies when their AI systems affect EU-based workers — meaning American multinationals must comply.
The most significant provision for workers is the outright ban on emotion recognition systems in workplaces. Article 5(1)(f) of the AI Act prohibits AI systems from inferring the emotions of a natural person in the workplace based on biometric data. This means that any technology attempting to gauge employee mood, stress levels, engagement, or attention through facial analysis, voice patterns, or physiological sensors is illegal in the EU. Violations carry fines of up to €35 million or 7% of global annual revenue — whichever is higher.
"There is enough that can be read and that is being read and decoded that it already is a risk. Brain and body data is our last frontier of what it means to be human."
Phase 2 of the EU AI Act, taking effect in August 2026, will classify AI systems used for employment decisions — including hiring, performance review, task allocation, and dismissal — as "high-risk." These systems will require human oversight, worker notification, detailed operational logging, and full risk documentation. The EU AI Office also launched a whistleblower reporting system in November 2025, significantly increasing enforcement risk for non-compliant employers.
The real-world impact is already visible. In 2024, France's data protection authority (CNIL) fined Amazon €32 million for second-by-second scanner tracking in its warehouses, ruling that "it was illegal to set up a system measuring work interruptions with such accuracy, potentially requiring employees to justify every break or interruption."
Maximum Fines by Jurisdiction: A Comparison
The financial consequences of non-compliance vary dramatically across jurisdictions. While US state fines are measured in hundreds or thousands of dollars per violation, European penalties can reach tens of millions — creating a two-tier enforcement landscape.
Maximum Fines for Monitoring Violations (log scale)
Note: US fines are per-violation; EU fines are total maximums. Sources: EU AI Act, state statutes, CNIL enforcement records.
What Employers Must Disclose: Your Right to Know
One of the most significant shifts in 2026 is the expansion of employer disclosure requirements. Across multiple jurisdictions, the trend is clear: employers must tell workers what they are monitoring, how, and why. The specific requirements vary, but the direction of travel is unmistakable.
| Jurisdiction | When | How | What |
|---|---|---|---|
| Maine (LD 61) | During hiring + annually | Written notice | All monitoring in place; right to refuse personal device installation |
| New York (S2628) | At hire + ongoing | Written notice + workplace poster | Electronic monitoring of communications |
| Illinois (HB 3773) | Every AI decision | Individual notification | Whenever AI influences any employment decision |
| California (AB 1898) | Before AI use | Written notice | AI tools used for employment decisions or surveillance |
| EU AI Act (Phase 2) | Before deployment | Documented notification | All high-risk AI systems; risk documentation; human oversight details |
The Human Cost: When Monitoring Becomes Harmful
Behind the legal frameworks and compliance checklists are real people experiencing the daily reality of workplace surveillance. Inside an Amazon fulfillment center in Beaumont, California, a worker named Amari told The Bureau of Investigative Journalism that he spends 42 hours a week under surveillance. "It's kind of demeaning," he said, "to have someone watching over your shoulder at every second." He was not being watched by his manager — he was being watched by a machine that logs his movements, flags his errors, and can initiate discipline without a human ever weighing in.
A 2025 report from the National Employment Law Project found that 24% of monitored employees admitted to using tactics to fake productivity — including mouse jigglers, scheduled emails, and browser extensions that simulate activity. Research from Allwork.Space confirms what psychologists have long warned: surveillance creates a culture of compliance, not performance. Workers optimize for the metric, not the outcome.
"When employees know they are being watched, they shift their focus from doing meaningful work to performing for the surveillance system. The result is a workplace where the appearance of productivity replaces actual productivity."
The Washington State Department of Labor fined Amazon $60,000 after finding that its monitoring-driven pace requirements contributed to worker injuries. France's CNIL fined Amazon €32 million for second-by-second scanner tracking. These enforcement actions signal that regulators are increasingly willing to hold employers accountable — not just for what they monitor, but for the consequences of how they use that data.
"The issue isn't monitoring itself — it's the asymmetry of power. When an algorithm can fire you but you can't question the algorithm, something fundamental about the employment relationship has broken."
Practical Guide: Protecting Yourself in 2026
Regardless of where you work, there are concrete steps you can take to understand and protect your rights. The following recommendations are based on current law and expert guidance:
Use the interactive calculator above to check what protections apply in your state. Laws vary dramatically — from Maine's strict LD 61 to states with no monitoring-specific legislation at all.
In states like New York, Connecticut, and Maine, employers are legally required to provide written notice. Even in states without such requirements, you can ask HR for the company's monitoring policy.
Keep personal communications, browsing, and accounts on personal devices. Company-owned devices are almost universally subject to monitoring under federal law.
If you suspect illegal monitoring, document what you observe — screenshots, timestamps, and any communications about monitoring. This evidence is critical for any legal action.
In California (CCPA), Colorado, Virginia, and other states with privacy laws, you have the right to request what data your employer has collected about you. Use it.
Report violations to your state's labor department, attorney general, or — in the EU — through the AI Office's whistleblower system. Many states have progressive penalty structures that increase with each reported violation.
What's Next: The 2026–2027 Outlook
The regulatory landscape is evolving rapidly. Colorado's AI Act enforcement begins June 30, 2026. The EU AI Act's high-risk provisions take full effect in August 2026. California's CCPA automated-decision regulations are scheduled for January 1, 2027. A National AI Legislative Framework was announced in March 2026, though no draft federal legislation exists yet.
The direction is clear: more transparency, more accountability, and more worker rights. Whether you are an employee navigating surveillance, an HR professional building compliance programs, or a technology vendor developing monitoring tools, the message from legislators and regulators is the same — the era of unchecked workplace surveillance is ending.
"We are witnessing a fundamental rebalancing of the employer-employee relationship around data and AI. The question is no longer whether regulation will come, but whether it will come fast enough to protect the workers who need it most."
Frequently Asked Questions
What is bossware and is it legal in 2026?
Bossware is a collective term for software tools employers use to monitor employee activity, including keystroke loggers, screen capture tools, location trackers, and productivity scoring systems. In 2026, bossware is legal in most US jurisdictions, but new laws in California, Illinois, Colorado, and Maine impose disclosure requirements, bias testing obligations, and restrictions on AI-driven employment decisions. The EU AI Act bans certain forms of workplace surveillance, including emotion recognition, entirely.
Can my employer monitor my keystrokes without telling me?
It depends on your jurisdiction. In New York, Connecticut, Delaware, and Maine, employers must provide written notice before monitoring electronic communications. California's FEHA ADS regulations require disclosure when AI tools influence employment decisions. However, at the federal level, the Electronic Communications Privacy Act (ECPA) generally permits employers to monitor company-owned devices without explicit consent. Always check your state's specific requirements.
What does California's No Robo Bosses Act (SB 947) do?
SB 947, the No Robo Bosses Act of 2026, would bar employers from relying solely on automated decision-making systems to fire or discipline workers. It requires human oversight and independent verification when AI systems assist in termination decisions. The bill also prohibits predictive behavior analysis — using personal data to profile employees and take adverse action based on AI predictions. It is a reintroduction of SB 7, which Governor Newsom vetoed in 2025.
Can my employer fire me based solely on AI monitoring data?
Under California's proposed SB 947, no — employers would be prohibited from relying solely on automated systems for termination decisions. Illinois HB 3773 requires notification whenever AI influences employment decisions. Colorado's AI Act (effective June 30, 2026) mandates meaningful appeal rights when high-risk AI systems affect employment. In the EU, the AI Act classifies AI used in hiring and dismissal as 'high-risk,' requiring human oversight. However, in most US states without specific AI laws, there are currently no restrictions on AI-only termination decisions.
Does the EU AI Act apply to US companies?
Yes. The EU AI Act applies to any organization whose AI systems affect EU-based workers, regardless of where the company is headquartered. If a US company employs workers in the EU or uses AI tools that process data of EU residents, it must comply with the Act's requirements, including the ban on emotion recognition in workplaces and the high-risk AI provisions taking effect in August 2026. Violations can result in fines of up to €35 million or 7% of global annual revenue.
Can my employer track my location through Microsoft Teams?
Microsoft's new 'Automatic Update of Work Location' feature, scheduled for April 2026 rollout, can detect your location via WiFi and broadcast it to colleagues. While Microsoft states it is 'opt-in' and 'not a monitoring tool,' privacy experts have raised concerns. Professor Jessica Vitak of the University of Maryland called it 'a solution in search of a problem.' There is currently no federal law prohibiting employer location tracking, though some state laws and the EU AI Act may impose restrictions depending on how the data is used.
What are the penalties for illegal employee monitoring?
Penalties vary significantly by jurisdiction. The EU AI Act imposes fines of up to €35 million or 7% of global revenue for prohibited practices like workplace emotion recognition. France fined Amazon €32 million for second-by-second scanner tracking. In the US, New York fines range from $500 to $3,000 per offense. California's AB 1883 proposes $500 per employee per violation for using surveillance tools to infer protected status. Maine's LD 61 carries fines of $100 to $500 per violation.
Can I refuse to install monitoring software on my personal device?
In Maine, yes — LD 61 (effective January 2026) explicitly gives employees the legal right to decline installing monitoring software on personal devices, and employers cannot retaliate for such refusals. The law also prohibits audiovisual monitoring in employee residences and personal vehicles. In other states, the legal landscape is less clear, but generally employers cannot require monitoring on personal devices unless it is a condition of employment agreed to in writing.
Does my employer have to tell me what monitoring tools they use?
Requirements vary by state. New York requires written notice and a conspicuous workplace poster. Connecticut and Delaware require written or email notice before monitoring begins. Maine requires disclosure during the hiring process and annual written notice thereafter. Illinois HB 3773 requires notification every time AI influences an employment decision. California's proposed AB 1898 would require written notice whenever AI tools are used for employment-related decisions or workplace surveillance.
Is emotion recognition technology legal in the workplace?
In the European Union, no. Since February 2, 2025, the EU AI Act prohibits AI systems from inferring emotions based on biometric data in workplace settings. Violations carry fines of up to €35 million or 7% of global revenue. In the United States, there is no federal ban, but California's FEHA ADS regulations flag productivity systems using emotion detection as 'high-risk,' and several pending bills would impose additional restrictions.
What should I do if I suspect illegal workplace surveillance?
First, review your employment contract and company monitoring policy for disclosure language. Document any monitoring you observe, including screenshots and timestamps. Check your state's specific laws — in states like New York, Connecticut, and Maine, employers must provide written notice. File a complaint with your state's labor department or attorney general's office. In the EU, you can report violations through the EU AI Office's whistleblower system launched in November 2025. Consider consulting an employment attorney specializing in privacy law.
How does Colorado's AI Act differ from California's approach?
Colorado's SB 24-205 is the first comprehensive AI regulation in the US, covering any employer deploying high-risk AI systems affecting Colorado residents with no employee-count threshold. It requires a documented AI risk-management program, annual impact assessments, and meaningful employee appeal rights. California's approach is more fragmented: FEHA ADS regulations cover discrimination, SB 947 targets automated termination decisions, and separate bills address surveillance, notification, and data use. Colorado enforcement begins June 30, 2026.
Can monitoring data be used against me in a performance review?
In most US jurisdictions, yes — employers can use monitoring data in performance evaluations. However, Illinois HB 3773 requires that employees be notified whenever AI influences employment decisions, including performance reviews. Colorado's AI Act mandates appeal rights when high-risk AI affects employment outcomes. The EU AI Act classifies AI used in performance management as 'high-risk,' requiring human oversight and detailed logging. Experts recommend requesting transparency about what data informs your reviews.
Are remote workers monitored more than office workers?
Yes. According to MIT research, 80% of companies now monitor remote or hybrid workers specifically. Gartner reports that overall digital monitoring has risen to 71% of all employees, but remote workers face disproportionate surveillance. A 2026 survey found that 24% of monitored employees use tactics to fake productivity, including mouse jigglers and scheduled emails. The return-to-office trend has not reduced monitoring — instead, tools like Microsoft Teams' location tracking extend surveillance into physical offices.
What new monitoring laws are expected in 2027?
Several significant developments are anticipated. California's CCPA automated-decision regulations take effect January 1, 2027, adding new requirements for AI-driven employment decisions. The EU AI Act's high-risk AI provisions become fully enforceable in August 2026, with compliance audits expected to intensify in 2027. Additional US states are likely to follow California, Illinois, and Colorado with their own AI employment laws. The National AI Legislative Framework announced in March 2026 may also lead to federal action, though no draft legislation exists yet.
