Colorado SB 24-205 applies 30 June 2026 (delayed from 1 February 2026 by SB 25B-004) and imposes duties on both developers and deployers of high-risk AI used for consequential decisions.
Last updated April 21, 2026 · Every fact traceable to a public source
SB 24-205, signed May 2024, is the first comprehensive US state law on AI. It originally took effect 1 February 2026 but was delayed by SB 25B-004 (signed 28 August 2025) and now takes effect 30 June 2026. It regulates "high-risk AI systems" used to make or substantially influence "consequential decisions" affecting Colorado residents — in areas like employment, housing, lending, insurance, healthcare, education, and legal services.
Both developers (those who build or substantially modify high-risk AI systems) and deployers (those who use high-risk AI to make consequential decisions) must comply. There are safe harbors and lighter obligations for small deployers, but the core duties attach at both ends of the supply chain.
Developers must provide documentation to deployers (intended uses, training-data summary, evaluation of discrimination risk, appropriate use). Deployers must implement a risk-management policy (a NIST AI RMF-aligned program is explicitly acceptable), complete impact assessments, give consumer notice, offer opportunities to correct data, and report algorithmic discrimination to the Colorado Attorney General.
Narrower scope (limited to consequential decisions), no conformity assessment or CE-marking regime, and enforcement is by the Colorado Attorney General rather than a dedicated AI authority. But the core ideas — risk categorization, provider/deployer split, documentation duties, impact assessments — track the EU AI Act closely. Organizations doing EU AI Act work can reuse much of the output for Colorado.
Violations are treated as unfair trade practices under Colorado law. The Attorney General has exclusive enforcement. There is an affirmative defense if a company discovers a violation via internal testing or a certified AI risk management framework and cures it within a specified period.
This FAQ is editorial. No vendor can pay to be highlighted or ranked in answers, and the written commentary on this page is payment-free. Featured slots in directory listings are always labeled where they appear. Read our methodology for details.