Colorado AI Act

Colorado Artificial Intelligence Act (SB 24-205)

First comprehensive US state law regulating high-risk AI systems. Modeled partly on EU AI Act with developer and deployer obligations for consequential decisions.

Jurisdiction

Colorado

Enacted

May 17, 2024

Effective

Jun 30, 2026

Enforcement

Colorado Attorney General (exclusive; no private right of action)

Colorado Legislature

Why It Matters

Template for US state AI regulation. "Consequential decisions" scope captures employment, healthcare, financial services — high-stakes contexts.

Recent Developments

Effective date delayed to June 30, 2026 via SB 25B-004 (Aug 2025). AG rulemaking underway. Affirmative defense available for NIST AI RMF compliance.

At a Glance

Applies to

Automated Decision SystemRecruitment AICredit ScoringHealthcare AI

Harms addressed

Discrimination

Requires

Risk Assessment Transparency Human Oversight

Who Must Comply

Developers of high-risk AI systems
Deployers using AI for consequential decisions in: employment, education, financial services, healthcare, housing, insurance, legal services, government services

Obligations fall on:

Safety Provisions

Developers: reasonable care to avoid algorithmic discrimination
Developers: documentation including training data summaries, limitations
Deployers: risk management programs, annual impact assessments
Deployers: consumer notice that AI used for consequential decisions
Appeal mechanisms with human review where feasible

Compliance & Enforcement

Key Dates

Feb 1, 2026

Developers must publish AI system documentation

Deployers must implement risk management programs

AG rulemaking authority begins

Jun 30, 2026

Full enforcement begins (private cure period ends)

Penalties

Penalties pending regulatory determination

Primary Source

Colorado Legislature

https://leg.colorado.gov/bills/sb24-205

View on map

Colorado

Focus Areas

Algorithmic accountability

Cite This

APA

Colorado. (2024). Colorado Artificial Intelligence Act (SB 24-205).

Related Regulations

Enacted US-NY

NY RAISE Act

Requires large AI developers of frontier models operating in New York to create safety protocols, report critical incidents within 72 hours, conduct annual reviews, and undergo independent audits. Creates dedicated DFS office funded by developer fees.

Enacted US-CT

CT SB 1295

Creates COMPLETE BAN on targeted advertising to under-18s regardless of consent. Requires AI impact assessments. Connecticut issued first CTDPA fine ($85,000) in 2025.

In Effect US-CA

CA CPPA ADMT

California Privacy Protection Agency regulations establishing consumer rights and business obligations for Automated Decision-Making Technology (ADMT) that makes significant decisions including healthcare. Requires pre-use notice, opt-out rights, access rights, appeal rights, and risk assessments.

Enacted US-TX

TX Healthcare AI Law

Requires healthcare practitioners using AI for diagnosis to review all AI-generated records and disclose AI use to patients. Mandates EHR data localization (Texas patient data must be physically stored in US). Applies to covered entities and third-party vendors.

Pending US-LA

LA Healthcare AI Act

Regulates use of artificial intelligence by healthcare providers in Louisiana. Permits AI for administrative tasks but prohibits AI from making treatment/diagnosis decisions without licensed professional review, directly interacting with patients on treatment matters, or generating therapeutic recommendations without professional approval.

Enacted US-VT

VT AADC

Vermont design code structured to be more litigation-resistant: focuses on data processing harms rather than content-based restrictions. AG rulemaking authority begins July 2025.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.