By State / Colorado
Colorado AI Vendor Governance
AI vendors evaluated against the Colorado AI Act SB 24-205 — the first US comprehensive AI consumer protection law, effective February 1, 2026. Requires high-risk AI system classification, deployer + developer obligations, and impact assessments for consequential decisions.
Colorado — vendors with explicit state engagement, ranked by 4 state-relevant governance axes.
Why this state view
The Colorado AI Act SB 24-205 is the first US comprehensive AI consumer protection law. Vendors serving Colorado customers or developing AI for high-risk consequential decisions need to engage with the deployer-developer model. The Colorado AI Act is the leading indicator for what other state regimes will adopt.
Primary frameworks anchored
- Colorado AI Act SB 24-205 (effective Feb 1, 2026)
- Colorado Consumer Protection Act
- NIST AI RMF 1.0 (anchor framework for Colorado AI Act compliance)
State-relevant scoring axes
Columns marked with an accent dot in the scorecard below are the axes most relevant to Colorado's regulatory frame. The state-relevance ranking in this view averages vendor performance across these axes only.
- Colorado AI Act readiness
- NIST AI RMF self-attestation
- BAA / DPA available
- Subprocessor list public
| # | Vendor | CO Rel. | Score | Grade | •BAA | Opt-out | US Res | SOC 2 | ISO 42001 | •NIST AI | •CO AI | §1557 | SR 11-7 | ABA 512 | •Subproc | TC |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Abridge | 75(4/4) | 87 | A | Yes | Yes | Yes | Yes | Partial | Partial | Partial | Yes | N/A | N/A | Yes | 5/5 |
| 2 | Thomson Reuters CoCounsel | 75(4/4) | 80 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | N/A | Yes | Yes | 4/5 |
| 3 | FICO Falcon Fraud Manager + FICO Score AI | 75(4/4) | 80 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Yes | 4/5 |
| 4 | Microsoft 365 Copilot | 75(4/4) | 75 | B | Yes | Yes | Yes | Yes | Partial | Partial | Partial | Partial | Partial | Partial | Yes | 5/5 |
| 5 | Suki AI | 75(4/4) | 72 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | Partial | N/A | N/A | Yes | 4/5 |
| 6 | Lexis+ AI | 63(4/4) | 76 | B | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | Yes | Yes | 4/5 |
| 7 | Westlaw Precision AI | 63(4/4) | 76 | B | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | Yes | Yes | 4/5 |
| 8 | Harvey | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | N/A | Yes | Partial | 3/5 |
| 9 | Zest AI | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Partial | 3/5 |
| 10 | Upstart | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Partial | 3/5 |
| 11 | Nuance DAX Copilot (Microsoft) | 63(4/4) | 70 | B | Yes | Yes | Yes | Yes | No | Partial | No | Partial | N/A | N/A | Yes | 5/5 |
| 12 | Salesforce Einstein / Agentforce | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | Partial | Partial | N/A | Yes | 5/5 |
| 13 | Glean | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 14 | Arctic Wolf | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 15 | Huntress | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 16 | eSentire | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 17 | Sophos | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 18 | Unit21 | 63(4/4) | 68 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | Partial | N/A | Yes | 4/5 |
| 19 | Ironclad AI | 50(4/4) | 63 | C | Yes | Yes | Yes | Yes | No | No | No | N/A | N/A | Partial | Yes | 4/5 |
| 20 | Anthropic Claude | 50(4/4) | 58 | C | Partial | Yes | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 21 | Google Gemini for Workspace | 50(4/4) | 58 | C | Partial | Partial | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 22 | OpenAI ChatGPT & API | 50(4/4) | 53 | D | Partial | Partial | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 23 | Hummingbird | 38(4/4) | 56 | C | Yes | Yes | Yes | Yes | No | No | No | N/A | Partial | N/A | Partial | 3/5 |
| 24 | ConnectWise | 38(4/4) | 50 | D | Partial | Yes | Partial | Yes | No | No | No | N/A | N/A | N/A | Yes | 3/5 |
| 25 | Spellbook | 38(4/4) | 45 | D | Yes | Yes | Partial | Partial | No | No | No | N/A | N/A | Partial | Partial | 2/5 |
| 26 | Heidi Health | 38(4/4) | 45 | D | Yes | Yes | Partial | Partial | No | No | No | Partial | N/A | N/A | Partial | 2/5 |
| 27 | Notion AI | 25(4/4) | 33 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Yes | 3/5 |
| 28 | Otter.ai | 13(4/4) | 25 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
| 29 | Perplexity AI | 13(4/4) | 19 | F | No | Partial | No | Partial | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
| 30 | Meta Llama | 0(4/4) | 25 | F | No | Yes | Yes | No | No | No | No | N/A | N/A | N/A | No | 2/5 |
How vendors score on Colorado's relevant axes
Yes / partial counts across the full 30-vendor pool, restricted to axes relevant to Colorado's regulatory frame. N/A axes are excluded from the applicable denominator.
CO AI
Colorado AI Act readiness
NIST AI
NIST AI RMF self-attestation
BAA
BAA / DPA available
Subproc
Subprocessor list public
Top 3 vendors on the Colorado-relevant axis subset
Abridge
ACO 75/100Composite 87Ambient clinical AI documentation. Differentiated on clinician-experience design, citation-grounded notes, and deep EHR integration (notably Epic).
Thomson Reuters CoCounsel
BCO 75/100Composite 80Legal AI assistant from Thomson Reuters (the parent of Westlaw and Practical Law). Acquired Casetext in 2023. Tightly integrated with Westlaw and Practical Law content.
FICO Falcon Fraud Manager + FICO Score AI
BCO 75/100Composite 80Decades-deep machine-learning portfolio across fraud detection (Falcon) and credit decisioning (FICO Score 10 T). The reference SR 11-7 documentation in the industry; most US banks already operate against FICO's validation patterns.
Buyer's guide for Colorado
For Colorado-deploying organizations, the highest-leverage axes are explicit Colorado AI Act engagement, NIST AI RMF anchoring (the framework Colorado AI Act references), and BAA/DPA scope for high-risk system contexts. Vendors that score 'No' on Colorado AI Act readiness require deployer-side documentation work.
Operationalize the scoring
Colorado AI Act for Healthcare Deployers
The Index tells you which vendors clear the bar for Colorado engagement. The companion resource tells you how to turn that selection into a deployable governance program with documented evidence.
Colorado AI Act for Healthcare Deployers →Scoring as of 2026-05-13from public information (vendor trust portals, BAAs, SOC report cover pages, model cards, vendor documentation). Posture changes frequently — re-verify with the vendor's trust center before contract. State filter views surface vendors with explicit state engagement on the axes most relevant to that state's regulatory frame; they do not replace deployer-side state compliance work. Methodology: read the full methodology.
Turn the scoring into a deployable program
The Index tells you the posture. These engagements turn the posture into operational evidence for Colorado deployments.