← Back to all briefings

Policy · Credibility 93/100 · · 2 min read

Policy Briefing — Colorado AI Act compliance runway narrows ahead of February 2026 enforcement

Colorado’s Artificial Intelligence Act (SB24-205) takes effect on 1 February 2026, leaving November 2025 to finalise high-risk system inventories, impact assessments, consumer notices, and Attorney General registration workflows.

Executive briefing: Colorado SB24-205 regulates developers and deployers of high-risk AI systems that make consequential decisions about employment, housing, education, insurance, finance, and essential services. Enforcement begins 1 February 2026, but the Attorney General expects inventories, risk management policies, and impact assessments to be ready for review well in advance. November is the last full month to complete documentation, validate bias testing procedures, and rehearse incident reporting before statutory deadlines.

Key statutory duties

  • Risk management programmes. Section 6-1-1704 requires deployers to adopt governance policies covering risk identification, mitigation, and ongoing monitoring aligned to recognised frameworks.
  • Impact assessments. Section 6-1-1706 mandates pre-deployment and annual assessments describing system purpose, training data provenance, evaluation results, safeguards, and human oversight.
  • Transparency and reporting. Sections 6-1-1705 and 6-1-1708 demand consumer notices for consequential decisions, appeal pathways, and Attorney General notification within 90 days of discovering algorithmic discrimination.

Program actions

  • Inventory and classification. Catalogue AI systems across business units, flag those meeting the Act’s high-risk definition, and assign accountable owners for mitigation plans.
  • Assessment production. Build reusable templates capturing model lifecycle details, testing artefacts, and mitigation steps; schedule board or executive certification reviews.
  • Registration readiness. Prepare data needed for Attorney General filings, including points of contact, system descriptions, and documentation storage locations.

Enablement moves

  • Integrate Colorado obligations with EU AI Act, NIST AI RMF, and sector regulator requirements to avoid duplicate testing.
  • Train customer-facing teams on notice scripts, appeal handling, and escalation triggers for suspected algorithmic discrimination.

Sources

  • Colorado AI Act
  • Algorithmic accountability
  • Impact assessments
  • AI governance
Back to curated briefings