State AI Regulations

Colorado's Landmark AI Regulation

Colorado Senate Bill 24-205, the Colorado Artificial Intelligence Act, represents one of the most comprehensive state-level AI regulations in the United States. Effective February 1, 2026, this legislation establishes strict requirements for developers and deployers of "high-risk artificial intelligence systems" that make or are substantial factors in consequential decisions affecting Colorado residents.

Key Requirements for Deployers:

• Impact Assessments: Conduct and document annual impact assessments evaluating algorithmic discrimination risks, including testing methodologies and mitigation strategies
• Risk Management: Implement comprehensive risk management policies and procedures specifically designed to protect consumers from algorithmic discrimination
• Transparency: Provide clear notifications to consumers when consequential decisions are made using high-risk AI systems, including information about appeal rights
• Documentation: Maintain detailed records of AI system usage, performance metrics, and compliance activities for regulatory review

Developer Obligations:

AI system developers must provide deployers with comprehensive documentation, including technical specifications, intended uses, known limitations, and guidance for conducting impact assessments. Developers are also required to make reasonable efforts to avoid algorithmic discrimination in their systems and provide deployers with adequate information to comply with the Act's requirements.

The Colorado Attorney General has enforcement authority and can impose civil penalties up to $20,000 per violation. The Act includes a cure period allowing businesses to remediate violations within 60 days of notice, provided they haven't committed the same violation within the previous two years. Understanding these requirements now allows companies to build compliant systems rather than retrofitting existing AI deployments.