Now Hiring: Humans (No Hardware Required)

In a development that feels equal parts compliance update and rejected "Black Mirror" episode, Washington state has officially banned employers from requiring—or even "requesting"—employees to have "microchips" implanted—that is, an electronic subdermal device, often injected into the body by syringe that has an unique identification number and can store and transmit personal information.

On March 11, 2026, Gov. Bob Ferguson signed House Bill 2303 into law. The legislation—sponsored by Seattle Rep. Brianna Thomas—passed the Senate unanimously and with strong bipartisan support in the House. It takes effect June 11, 2026, and answers a question most employers were probably not asking: Can we implant tracking devices in our workforce? Simply put—no. Washington employers may not mandate, coerce, or even ask employees to have microchips implanted, and they may face some very real and costly penalties if they do.

From Sci-Fi Plotline to Statute

HB 2303 was intended as a preemptive measure to address emerging technology before it becomes a workplace issue.

As Rep. Thomas explained: "Microchips may seem like science fiction, but the technology is here. The concept is pretty simple. Don't chip me, bro!"

Consistent with that view, the legislation emphasizes that decisions about a person's body belong to the individual—not the employer—and that employers should compete for talent through wages, benefits, and working conditions (rather than invasive and embedded "hardware").

What the Law Prohibits

HB 2303 amends Washington law to prohibit employers from:

• Requiring, requesting, or coercing employees to have a microchip implanted; and
• Using subdermal tracking or identification technology for workplace management or surveillance.

The law targets microchips implanted under the skin—typically between the thumb and index finger—that:

• Carry a unique ID
• Store personal information
• Transmit data to external scanners

Violations come with consequences:

• $10,000 minimum fine for a first offense
• $20,000 for each additional violation
• A private right of action, allowing employees to sue for damages and injunctive relief

(Consider that your compliance "hard reset.")

Is This Actually Happening?

Not in any widespread way—at least not yet. But the technology is real, approved, and increasingly normalized in certain contexts.

These implants are part of the broader Internet of Things (IoT)—a rapidly expanding ecosystem of connected devices that communicate wirelessly. In this case, the "device" just happens to be a microchip implanted under the skin.

There are two primary types of microchips:

• RFID (radio-frequency identification) chips, which use electromagnetic fields and act as identifying transponders carrying a unique ID attached to the objects tracked, which potentially store user data for these purposes; and
• NFC (near-field communication) chips, which use short-range, low-powered electromagnetic fields to communicate with nearby readers and transfer data without physical contact (think smartphones or contactless payment terminals).

In practice, both operate similarly to the technology behind tap-to-pay systems—just with a more…permanent installation (and no "log out," "airplane mode," or convenient reboot option).

The U.S. Food and Drug Administration approved implantable microchips for use in humans as early as 2004, primarily to help healthcare providers access patient medical records.

Outside healthcare, these implants—typically about the size of a grain of rice—can function as ID badges or enable contactless payments. In practical terms, an RFID chip could replace access badges, unlock doors, access computer networks, enable cashless purchases, and streamline everyday workplace tasks. From an employer perspective, proponents point to potential benefits like reduced administrative costs, improved efficiency, and even the ability to track certain aspects of employee activity.

Importantly, even though these chips generally store limited data and do not have their own power source, the information they transmit can still be used to build a detailed picture of employee behavior—such as when employees arrive, how often they move through certain areas, and the frequency or duration of breaks. (Think less "tiny chip," more "surprisingly robust analytics platform.")

Some also point to potential wellness applications: In theory, implanted devices could track health-related data such as sleep patterns, activity levels, or even blood pressure, and generate recommendations aimed at improving employee health—and, not coincidentally, reducing employer healthcare costs. The new law does not apply to devices that are used solely for the "diagnosis, monitoring, treatment, or prevention of a health condition."

Internationally, adoption has gone a step further. In 2015, digital startup workspace Epicenter began offering Biohax chip implants to employees in Stockholm. The appeal was convenience: Workers could unlock doors, operate printers, share digital business cards, and even buy snacks—all with a wave of the hand. The chips could also be used outside the workplace anywhere NFC readers were accepted, which are increasingly common in Sweden.

In the U.S., experimentation has also reached the workplace. In 2017, Wisconsin-based tech company Three Square Market (32M) offered employees the option to receive RFID microchip implants in the hand—specifically between the thumb and forefinger. With a simple wave, participating employees could open doors, log into computers, and even pay for snacks at the office vending machine.

And then there's the next frontier. In 2016, Elon Musk co-founded Neuralink to develop brain-computer interface technology—implantable devices designed to connect the human brain directly to computers. While the stated goal is to treat neurological conditions, the broader trajectory of implantable technology is clearly accelerating (no software update required—at least not yet).

Why Lawmakers Care

The issue isn't just the tech—it's the workplace dynamic and the broader implications to worker surveillance and individual autonomy.

Employees already operate in a world of significant workplace monitoring. According to the American Management Association, 66% of U.S. companies monitor internet usage, 45% track keystrokes, and 43% monitor employee emails. And given the relatively limited expectation of privacy in many workplace settings—and the absence of comprehensive federal, state, or local laws broadly prohibiting employee surveillance—employers often have wide latitude to monitor productivity.

At the same time, there is generally little expectation of privacy in employer-owned, sensor-generated data. The challenge with implanted technology is that it blurs the line between work and personal life even further. Much like BYOD policies, where personal devices become work tools, microchip implants could operate continuously—collecting data at all hours of an employee's life.

Because these devices are embedded and not easily turned off (or removed), it becomes far less clear where an employee's privacy rights begin and end—particularly for workers expected to remain connected or responsive outside traditional working hours.

HB 2303 reflects the legislature's efforts to "hardwire" boundaries before that monitoring crosses from devices employees carry to the bodies they inhabit.

As Rep. Thomas noted, true consent is difficult in an employment setting. Or, translated: If your boss says, "Totally optional, but…," it may not feel all that optional.

And the risks go beyond privacy. These chips can store sensitive personal data—potentially including identification credentials, financial information, or health data—and can be used to infer detailed behavioral patterns. If combined with wellness tracking, that data becomes even more sensitive.

Compounding the concern, some technologists warn that IoT vulnerabilities—whether in sensors, readers, or network architecture—could expose implanted devices to hacking, creating risks not just to corporate systems but to individuals themselves (a data breach that is, quite literally, close to home).

There are also health considerations. A 2020 study from the American Society for Surgery of the Hand found that RFID implants may cause adverse tissue reactions and could be incompatible with certain MRI technologies—raising additional concerns that go beyond privacy and into physical safety.

In other words, it's not just invasive—it's an IoT, cybersecurity, data privacy, workplace surveillance, and health-risk conversation all rolled into one (and not something you can simply "uninstall").

Not a Total Ban, but Part of a Bigger Trend

Washington now joins a growing group of states addressing workplace microchipping. Currently, at least 13 other states—California, Arkansas, Missouri, Montana, Nevada, New Hampshire, North Dakota, Oklahoma, Utah, Wisconsin, Indiana, Alabama, and Mississippi—have enacted laws banning mandatory human microchips.

Washington did not go as far as some other states. Under HB 2303:

• Employees can still choose to be microchipped on their own;
• The law applies only to implants beneath the skin; and
• Medical devices used solely for diagnosis, treatment, or monitoring are not covered.

Other states have taken different approaches. Nevada, for example, goes further by prohibiting even voluntary implantation, while Alabama imposes particularly steep penalties—treating violations as a felony.

The message is clear: If your compliance strategy involves waiting to see whether something becomes a problem, regulators may beat you to it.

And as implantable technologies evolve—from RFID chips to NFC to brain-computer interfaces—this likely won't be the last time lawmakers step in early.

Practical Takeaways for Employers

Even if microchipping was not on your 2026 HR roadmap, the law underscores broader themes:

• Invasive employee monitoring is under a microscope;
• "Voluntary" programs can still create legal risk; and
• Privacy, data security, bodily autonomy—and now health risks—are not optional considerations.

Employers should:

• Avoid anything that could be interpreted as encouraging implanted tech (even jokingly—this is now one of those jokes that won't hold up well over time);
• Evaluate workplace technologies with a critical eye toward consent, privacy, cybersecurity, and safety;
• Train managers not to get overly creative with "efficiency upgrades"; and
• Keep watching this space as other states follow suit.

Bottom Line

No, this is not a widespread workplace issue. But Washington has made one thing clear: If your innovation strategy involves implanting your employees, it's time to rethink.

Because while the microchip itself may be small, the questions it raises are not: How much control over our own bodies are we willing to trade for greater surveillance, productivity, efficiency, and convenience?

+++

If you have questions about Washington's new law restricting workplace microchips or about evaluating emerging workplace technologies that may raise privacy, surveillance, or cybersecurity concerns, please contact Scott Prange or another member of DWT's employment services or privacy and security teams. In the meantime, DWT will continue to monitor developments in workplace monitoring and emerging technologies and provide updates as additional guidance becomes available. To stay informed, sign up for our alerts.