Policy Briefing — May 17, 2024

Executive briefing: Colorado Governor Jared Polis signed SB24-205, the Colorado Artificial Intelligence Act, on May 17, 2024. The law takes effect February 1, 2026 and regulates developers and deployers of high-risk AI systems that make consequential decisions about employment, education, finance, insurance, housing, and essential services. Covered entities must implement risk management programs, conduct impact assessments, and notify individuals of AI use and adverse decisions.

Key requirements

Risk management program. Deployers must maintain governance policies that assess and mitigate algorithmic discrimination risks, including data quality reviews and human oversight.
Impact assessments. Annual documentation must describe system purpose, training data, evaluation results, and safeguards, with summaries provided to the Colorado Attorney General upon request.
Transparency obligations. Deployers must disclose AI use to affected individuals, provide appeal mechanisms, and notify the Attorney General within 90 days of discovering algorithmic discrimination.

Operational priorities

Inventory systems. Catalog AI applications that influence consequential decisions and classify them against Colorado's high-risk definition.
Program design. Build cross-functional risk management frameworks covering data governance, testing, monitoring, and human review workflows.
Documentation readiness. Prepare impact assessment templates, decision notices, and incident reporting playbooks aligned with statutory timelines.

Program assurance

Supplier oversight. Update procurement contracts to require developers to share system documentation, known limitations, and mitigation recommendations.
Monitoring cadence. Establish model performance monitoring and bias testing schedules that feed the annual assessment and Attorney General reporting obligations.
Multi-jurisdiction strategy. Harmonize Colorado obligations with existing EU AI Act, NIST AI RMF, and sector regulator requirements to avoid duplicative controls.

Sources

Zeph Tech is preparing AI governance programs to satisfy Colorado's SB24-205 requirements with risk management blueprints, assessment templates, and notification workflows.