The Colorado AI Act — What Changed and What Didn't
Colorado SB 24-205 was signed on May 17, 2024 with an original effective date of February 1, 2026. That date came and went without enforcement because SB 25B-004 (signed August 28, 2025) pushed the effective date to June 30, 2026. The delay changed exactly one thing: the enforcement date. Zero substantive requirements were modified. Every obligation that existed in the original statute still applies.
That means the window between "this law isn't enforced yet" and "this law is being enforced" is closing fast. As of March 2026, you've got roughly 100 days. Deployers must complete their initial algorithmic impact assessment within 90 days of enforcement (by September 28, 2026). If you haven't started your assessment process, you're already behind on the timeline.
One important monitoring note: the 2026 Colorado regular legislative session could introduce further amendments. Industry lobbying has focused on narrowing the "high-risk AI system" definition, reducing deployer documentation burdens, and expanding exemptions. None of these have been enacted as of this writing, but organizations should track the General Assembly for any changes before June 30.
The definition of "high-risk AI system" deserves particular attention because it determines whether your systems fall within the Act's scope at all. The Act covers AI systems that make, or are a substantial factor in making, "consequential decisions" in eight enumerated domains: education enrollment or opportunity, employment or employment opportunity, financial or lending services, essential government services, healthcare services, housing, insurance, and legal services. If none of your AI systems operate in these domains, the Act's obligations don't apply to you. But the determination itself should be documented—if the AG asks why you didn't comply, "we determined our systems weren't high-risk" is only a valid answer if you can produce the analysis that supports it.
A subtlety that many organizations miss: an AI system doesn't need to make the final decision to be "a substantial factor." If your chatbot triages customer service requests and routes certain requests to denial workflows, that chatbot may be a substantial factor in the consequential decision even though a human makes the final call. The "substantial factor" test catches AI systems that influence decisions, not just systems that make them autonomously.
Key dates: Enforcement begins June 30, 2026. Initial impact assessments due by September 28, 2026 (90 days after enforcement). Penalty: up to $20,000 per violation. Cure period: 60 days after AG notice. Record retention: 3 years.
Complete Obligation Checklist — Developers vs Deployers
The Act distinguishes between developers (organizations that build or substantially modify AI systems) and deployers (organizations that use AI systems to make consequential decisions). Most technology SMEs are deployers—they're consuming AI systems built by others (OpenAI, Anthropic, Google, Microsoft) and embedding them into their products or operations. Some organizations are both.
Developer obligations include: exercising a duty of reasonable care to protect consumers from algorithmic discrimination, providing technical documentation to deployers describing the system's capabilities and limitations, publishing public transparency statements about high-risk systems, and reporting known or reasonably foreseeable risks of algorithmic discrimination to the Attorney General within 90 days of discovery.
Deployer obligations are more extensive: implementing a risk management policy for high-risk AI systems, conducting algorithmic impact assessments for each high-risk system, providing consumer transparency notices when AI substantially contributes to consequential decisions, establishing appeal and human review mechanisms for consumers who receive adverse decisions, maintaining all compliance documentation for 3 years, and submitting annual impact assessment reports if a material adverse incident occurs.
The distinction matters because deployer obligations are operational—they require ongoing processes, not just documentation. A deployer can't satisfy the Act by collecting developer documentation and filing it. They need active risk management, assessment, monitoring, and consumer-facing mechanisms.
For SMEs that are both developers and deployers—building AI features into their own products and also using third-party AI APIs—both sets of obligations apply simultaneously. A fintech startup that builds a proprietary credit-scoring model (developer) and integrates GPT-4 for customer service (deployer of OpenAI's system) has obligations on both sides. Don't assume you fall neatly into one category. Map each AI system in your inventory to the correct obligation set.
One nuance that catches organizations: the definition of "deployer" isn't limited to companies headquartered in Colorado. If your AI system makes consequential decisions affecting Colorado residents, you may be a deployer under the statute regardless of where you're located. A California-based SaaS company whose lending platform serves Colorado customers is subject to deployer obligations for those Colorado-affecting decisions. Consult legal counsel on jurisdictional applicability for your specific situation.
The Safe Harbor in Practice
The affirmative defense has two parts. Both must be satisfied. Miss one, and the safe harbor doesn't apply.
Part 1: Qualifying Framework Compliance
You must comply with NIST AI RMF, ISO/IEC 42001, or another nationally or internationally recognized AI risk management framework (or one designated by the Colorado Attorney General). "Comply" means demonstrable, ongoing implementation with evidence—not a policy statement saying you've adopted the framework. An auditor or regulator reviewing your defense would expect to see: governance policies, risk assessments, impact assessments, monitoring records, corrective actions, and training evidence. If you've implemented ISO 42001 and achieved certification, that's the strongest form of evidence. If you've implemented NIST AI RMF with documented profiles and evidence per subcategory, that's also strong.
The practical question is which framework path to take. ISO 42001 certification provides the most defensible evidence because it involves third-party verification—an accredited auditor has confirmed your management system meets the standard's requirements. But it takes 6–9 months and costs $8,000–$25,000 for the audit alone. NIST AI RMF implementation is faster and cheaper but doesn't come with third-party verification—your evidence is self-assessed. For organizations under immediate time pressure (100 days to enforcement), starting with NIST AI RMF implementation while planning ISO 42001 certification in parallel is the pragmatic path. Both qualify for safe harbor. See our ISO 42001 guide and NIST AI RMF guide for implementation details.
Part 2: Discovery and Correction Measures
Even with framework compliance, you must also show that you've implemented measures to discover violations (consumer feedback mechanisms, adversarial testing, internal review processes) and measures to correct violations (documented corrective action logs, nonconformity handling, remediation evidence, system modification records). This second part is what separates the safe harbor from a checkbox exercise. The legislature wanted to see active vigilance, not passive certification.
In practical terms, "discovery measures" means you've built channels for consumers to report concerns about AI-driven decisions, you've conducted adversarial testing to probe for discriminatory outcomes before they reach production, and you've established an internal review cadence (quarterly at minimum) that examines AI system performance against fairness benchmarks. "Correction measures" means that when you find a problem—whether through consumer feedback, internal testing, or monitoring alerts—you have a documented process for investigating it, determining the root cause, implementing a fix, and verifying the fix worked. If you're ISO 42001 certified, Clause 10.2 (nonconformity and corrective action) already covers this. If you're using NIST AI RMF, MANAGE function MG.3.1 addresses it.
The safe harbor is not automatic. It's a defense you raise after the AG initiates enforcement. You need evidence ready before enforcement begins, not scrambled together after you receive a notice. Build the evidence pipeline now.
Run the free readiness assessment to see where your gaps are.
Colorado Obligation → NIST AI RMF → ISO 42001 Mapping
This table maps each Colorado obligation to the specific NIST subcategory and ISO 42001 clause that satisfies it. If you've already implemented either framework, this tells you where you're covered and where you've got gaps.
| Colorado Obligation | NIST AI RMF | ISO 42001 | Evidence Required |
|---|---|---|---|
| Risk management policy | GV.1.1, GV.1.2 | 5.2, 6.1 | AI governance policy with risk criteria |
| Algorithmic impact assessment | MP.3.5, MS.2.5 | 6.1.4, 8.4 | Per-system impact assessment (signed by executive) |
| Consumer transparency notice | GV.4.2 | A.8 | Published notice explaining AI use in decisions |
| Appeal and human review | MG.3.1 | A.9.2 | Documented appeal procedure + review logs |
| Bias/discrimination testing | MS.2.5, MS.3.3 | A.7, A.6.4 | Bias evaluation reports with methodology |
| Ongoing monitoring | MG.2.2 | 9.1 | Monitoring dashboard + alert logs |
| Incident response | MG.3.1 | 10.2 | AI incident response plan + incident logs |
| 3-year record retention | GV.6.1 | 7.5 | Document control procedure with retention schedule |
| Public disclosure of high-risk systems | GV.4.2 | A.8 | Published list on company website |
Need the full mapping as a working tool? The AI Controls Toolkit (ACT) Tier 1 unified controls matrix includes a Colorado column mapping every NIST subcategory and ISO 42001 clause directly to the corresponding Colorado obligation. The AI Controls Toolkit (ACT) Tier 2 Professional adds Colorado-specific impact assessment templates and policy language.
Colorado AI Act vs EU AI Act
If your organization operates in both the US and EU markets, you need both. Here's how they compare.
| Dimension | Colorado AI Act | EU AI Act |
|---|---|---|
| Geographic scope | Colorado residents | EU market (global extraterritorial reach) |
| Risk categories | Binary: high-risk or not (domain-based) | 4 tiers: unacceptable, high, limited, minimal |
| Enforcement body | Colorado Attorney General (exclusive) | National authorities + EU AI Office |
| Certification | No certification; framework compliance for safe harbor | CE marking for high-risk via conformity assessment |
| Impact assessment | Algorithmic impact assessment (deployers) | Fundamental rights impact assessment (deployers of high-risk) |
| Effective dates | June 30, 2026 (enforcement) | August 2, 2026 (high-risk obligations) |
| Transparency | Consumer notice for consequential decisions | Mandatory disclosure for high-risk and limited-risk |
| Safe harbor | NIST AI RMF / ISO 42001 affirmative defense | Harmonized standards (CEN/CENELEC developing) |
| Penalties | Up to $20,000 per violation (CCPA) | Up to €35 million or 7% of global turnover |
The timing is notable: Colorado enforcement begins June 30, 2026 and EU AI Act high-risk obligations kick in August 2, 2026. Organizations with exposure to both jurisdictions have a two-month window where compliance architecture built for one can be extended to the other. The underlying control frameworks (ISO 42001, NIST AI RMF) serve both. For EU AI Act specifics, see EU AI Compass.
One practical difference worth noting: Colorado uses "algorithmic discrimination" as its primary harm category, which focuses on disparate impact against protected classes. The EU AI Act uses a broader risk taxonomy that includes safety, fundamental rights, and societal impacts beyond discrimination. If you're building a unified compliance programme for both jurisdictions, your impact assessment methodology needs to cover both the narrow Colorado definition and the broader EU categories. The AI Controls Toolkit (ACT) Tier 2 Professional includes assessment templates that cover both jurisdictions.
Impact Assessment in Practice
The algorithmic impact assessment is the single most critical deliverable for deployer compliance. It must be completed within 90 days of enforcement (by September 28, 2026) for existing high-risk systems, and before deployment for new systems after that date.
The assessment should cover: a description of the AI system's purpose and intended use, the data categories processed (including any protected characteristics), identified risks of algorithmic discrimination, mitigation measures implemented, testing results for bias and fairness, human oversight mechanisms, affected groups and potential impacts, and the review and approval chain (signed by a senior executive). The assessment isn't a one-time exercise—it must be updated annually or when the system undergoes material changes.
If you've already implemented ISO 42001 Clause 6.1.4 (AI system impact assessment) or NIST AI RMF MAP 3.5 (stakeholder impact assessment), you've done most of the analytical work. The Colorado-specific addition is the explicit focus on algorithmic discrimination against protected classes and the executive sign-off requirement. Adapt your existing assessment template to include these elements rather than building from scratch.
Retention is mandatory: all impact assessment documentation must be preserved for three years and made available to the Attorney General upon request. If an adverse incident occurs involving a high-risk system, you must submit an annual impact assessment report to the AG's office. The format and submission process haven't been specified by the AG yet—monitor for rulemaking guidance.
One practical consideration for the assessment process: involve your legal counsel early. The impact assessment creates a written record of risks you've identified and mitigations you've implemented. If a consumer later alleges algorithmic discrimination, the assessment becomes both your strongest defense (we identified and mitigated this risk) and your biggest liability (we identified this risk and our mitigation was inadequate). Legal privilege considerations may affect how you structure the assessment process. Some organizations conduct the assessment under attorney-client privilege and produce a separate, compliance-ready version for regulatory purposes. Discuss this with your counsel before starting.
90-Day Compliance Sprint to June 30, 2026
If you're starting from scratch today, here's what the next 12 weeks look like.
Weeks 1–2: Identification. Identify every AI system that makes or substantially contributes to consequential decisions in the enumerated domains (education, employment, financial services, government services, healthcare, housing, insurance, legal services). Document the determination for each system—why it qualifies as high-risk, or why it doesn't. This determination itself is evidence the AG may request.
Weeks 3–5: Impact Assessment. Conduct the algorithmic impact assessment for each identified high-risk system. Document: purpose, data categories, discrimination risks, mitigation measures, testing results, oversight mechanisms, affected groups. Get executive sign-off. You've got a head start if you've already produced ISO 42001 impact assessments or NIST AI RMF MAP outputs.
Weeks 6–8: Consumer-Facing Mechanisms. Publish transparency notices explaining how AI contributes to consequential decisions. Set up appeal and human review mechanisms for adverse decisions. Build the consumer-facing workflow: how does someone challenge an AI-influenced decision, who reviews the appeal, what's the timeline for response, and how is the outcome documented?
Weeks 9–10: Framework Implementation. If you haven't already, implement NIST AI RMF or begin ISO 42001 to qualify for the safe harbor. Minimum viable safe harbor: governance policy, risk assessments, impact assessments, monitoring procedures, corrective action process, feedback mechanisms, and adversarial testing schedule. This isn't full certification—it's enough to demonstrate credible framework compliance.
Weeks 11–12: Monitoring and Evidence Assembly. Deploy monitoring for high-risk systems. Establish the 3-year retention protocol. Assemble all evidence into an organized compliance folder that could be produced to the AG's office on short notice. Run a tabletop exercise: if the AG sent a notice tomorrow, could you demonstrate compliance within the 60-day cure period?
The tabletop exercise is worth the two hours it takes. Gather your governance lead, legal counsel, and the owner of each high-risk AI system. Walk through a scenario: the AG's office notifies you that a consumer has alleged algorithmic discrimination by your credit-scoring model. Can you produce the impact assessment within 48 hours? Can you show the bias testing results? Can you demonstrate the appeal mechanism is operational and that a human reviewed the consumer's case? If any of these answers is "no," you know exactly what to fix before June 30.
100 days to enforcement. The AI Controls Toolkit (ACT) Tier 1 Starter ($399) includes the unified controls matrix with the Colorado column mapping every obligation to NIST and ISO 42001. The AI Controls Toolkit (ACT) Tier 2 Professional ($1,299) adds the impact assessment template, consumer transparency notice template, appeal mechanism framework, and the full 6-month implementation project plan.
Compare Tier 1 and Tier 2 →