Skip to main content
EFROS

Primary Research · State Profile · CO

Colorado AI Law Tracker — 2026

Colorado was the first US state to enact a comprehensive AI consumer protection law — the Colorado Artificial Intelligence Act (SB 24-205), signed by Governor Jared Polis in May 2024 — but that original deployer-developer regime was repealed and replaced before it ever took effect. SB 26-189, signed May 14, 2026 and effective January 1, 2027, dropped the risk-management program, annual impact assessments, and duty of care, narrowing Colorado's AI law to a transparency and disclosure regime for automated decision systems used in consequential decisions about Colorado consumers (employment, education, financial services, healthcare, housing, insurance, legal services, or government services).

Colorado's regulatory posture in 2026 shifted decisively toward disclosure rather than prescriptive risk management. The amended law no longer imposes the impact-assessment, reasonable-care, or algorithmic-discrimination-notification obligations that defined SB 24-205; instead it focuses on telling consumers when an automated decision system materially informs a consequential decision. Enforcement still sits with the Colorado Attorney General under the Colorado Consumer Protection Act, and there is no private right of action. Organizations that operationalized NIST AI RMF or ISO/IEC 42001 for the original act keep a strong governance posture, but the binding Colorado obligation as of the 2027 effective date is transparency, not a documented risk-management program.

By Stefan Efros, CEO & Founder, EFROS
Updated ·

Enacted Colorado AI laws

Colorado AI law, as amended (SB 26-189 — repealed and replaced SB 24-205)

enacted, awaiting effective date
Citation
Colo. Rev. Stat. § 6-1-1701 et seq. (as amended by SB 26-189)
Effective date
2027-01-01

Key provisions

Transparency/disclosure for automated decision systems used in consequential decisions about Colorado consumers. SB 26-189 (signed May 14, 2026) repealed and replaced SB 24-205, dropping the risk-management program, annual impact assessments, and duty of care; the remaining core obligation is disclosing to consumers when an automated decision system is used.

Pending Colorado AI legislation

SB 26-189 implementing guidance

Status
Enacted May 14, 2026; awaiting 2027 effective date
Expected enactment
AG guidance likely before Jan 1, 2027

The long-anticipated cleanup arrived as SB 26-189, which repealed and replaced SB 24-205 outright — removing the risk-management program, impact assessments, and duty of care, and leaving a narrow transparency/disclosure regime. The open watch item is now Attorney General implementing guidance on the disclosure obligations ahead of the January 1, 2027 effective date.

Sector overlays in Colorado

Sector-specific frameworks layer on top of state AI laws and frequently impose stricter or earlier-binding obligations. These are the sectors most exposed in Colorado.

Healthcare

Section 1557 nondiscrimination overlay applies on top of the Act when AI influences clinical decisions or coverage determinations for Colorado patients.

Employment

EEOC algorithmic discrimination guidance and ADA accommodations overlay employment-AI obligations. Colorado deployers should integrate the amended law's disclosure obligation with existing federal hiring-AI documentation.

Financial services

SR 11-7 model risk management is the practical anchor for banks; insurance carriers fall under Colorado Division of Insurance Regulation 10-1-1 (the 2023 AI insurance rule that pre-dates the Act).

Insurance

Colorado already had the country's first state insurance AI rule (Reg 10-1-1, 2023). The Act layers on top, not in place of, that rule.

Compliance checklist for Colorado

Practical operational checklist for organizations subject to Colorado AI laws. Items are ordered by typical sequence of implementation, not by importance — most steps depend on the inventory work in the first item.

  1. 1

    Identify all automated decision systems touching Colorado consumers in the covered categories

    Inventory must include both internally built and third-party AI; vendor systems that materially inform consequential decisions count even if you didn't build them.

  2. 2

    Determine where disclosure is triggered under the amended law

    SB 26-189's core obligation is telling consumers when an automated decision system is used in a consequential decision. Map each system to the decision points where disclosure applies.

  3. 3

    Build consumer-facing disclosure language and delivery channels

    Disclosure must be clear and reach the consumer at the relevant decision. Treat this as a UX engineering task, not just a policy update.

  4. 4

    Confirm what is no longer required under SB 26-189

    The risk-management program, annual impact assessment, reasonable-care duty, annual public HR-AI summary, and 90-day algorithmic-discrimination notification from SB 24-205 were repealed. Do not build compliance around the old regime.

  5. 5

    Keep NIST AI RMF / ISO/IEC 42001 governance as good practice, not a Colorado mandate

    Documented AI governance remains valuable for procurement, other states, and federal frameworks — but it is no longer the basis of a Colorado safe-harbor presumption.

  6. 6

    Watch for Attorney General implementing guidance before January 1, 2027

    The AG retains enforcement under the Colorado Consumer Protection Act. Track guidance that clarifies disclosure scope and timing ahead of the effective date.

How EFROS helps Colorado businesses comply

EFROS operates the AI governance program against Colorado's amended AI law (SB 26-189 — transparency/disclosure, effective 2027) for clients running automated decision systems that touch Colorado consumers — automated-decision-system inventory, consumer disclosure language and delivery, vendor BAA matrices for AI subprocessors, and a NIST AI RMF / ISO/IEC 42001 governance baseline for procurement and multi-state exposure. We are US-anchored and do not retrofit EU AI Act frameworks onto US deployments.

EFROS AI Governance service →Talk to Stefan Efros →Run AI Risk Score →

Disclaimer: this profile is a research dataset, not legal advice. Compliance determinations for Colorado businesses require analysis of specific facts and should be made in consultation with qualified legal counsel licensed in Colorado.

Cite this resource

Reference this resource with attribution under CC-BY-4.0. Copy any of the formats below for academic papers, blog posts, AI citations, or vendor evidence packages.

APA (7th edition)
Efros, S. (2026, May). Colorado AI Law Tracker — 2026. EFROS. https://efros.com/research/state-ai-law-tracker/colorado/
MLA (9th edition)
Efros, Stefan. "Colorado AI Law Tracker — 2026." EFROS, May 2026, https://efros.com/research/state-ai-law-tracker/colorado/.
Chicago (author-date)
Efros, Stefan. 2026. "Colorado AI Law Tracker — 2026." EFROS. https://efros.com/research/state-ai-law-tracker/colorado/.
IEEE
S. Efros, "Colorado AI Law Tracker — 2026," EFROS, May 2026. [Online]. Available: https://efros.com/research/state-ai-law-tracker/colorado/
BibTeX
@misc{efros2026coloradoailawtra,
  author = {Stefan Efros},
  title = {Colorado AI Law Tracker — 2026},
  year = {2026},
  month = {May},
  publisher = {EFROS},
  url = {https://efros.com/research/state-ai-law-tracker/colorado/},
  note = {Accessed: May 2026}
}
Plain text URL
https://efros.com/research/state-ai-law-tracker/colorado/

Site-wide citation metadata is also published as a CITATION.cff file at /CITATION.cff for citation-management tools and academic indexers.

Related EFROS resources

More state AI law profiles & adjacent research

US State AI Law Tracker — full index

All tracked US state AI laws in a single citation-ready dataset.

Open

AI Vendor Governance Index

20 AI vendors scored on 12 US AI governance axes — including state-law overlays.

Open

NIST AI RMF Implementation Guide

Federal framework that anchors most state AI law deployer obligations.

Open

EFROS AI Governance service

Operating program that implements multi-state AI law compliance.

Open

AI Risk Score

5-minute classification across Colorado SB 26-189 (amended AI law), NYC LL144, CA AB 2013, and NIST AI RMF.

Open