AI Talk
Last week, Colorado’s legislature passed their Colorado AI Law, called “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems”, and Governor Jared Polis signed the law that same week. This makes Colorado the first state legislature to pass general AI legislation. Here, I’ll outline this legislation’s objectives, who it regulates, and general compliance requirements.
The overarching goal is to protect consumers by requiring certain technologies to avoid “algorithmic discrimination” in the deployment of “high risk” AI systems. Notably, these laws do not require intent for liability.
Developers and Deployers must comply by February 1, 2026, giving about 18 months for companies to create compliant policies and processes for AI design.
Consumers who are CO residents. They have certain transparency rights, the right to correct data used to make certain decisions, and the right of appeal to a human reviewer in certain scenarios.
Legal and natural persons (i.e. humans and companies) operating in Colorado who develop and/or use “High-Risk Artificial Intelligence Systems” must comply with these laws. These include Developers (those who develop or intentionally and substantially modify an AI System), and Deployers (a user of an HAIS).
Some key obligations imposed on Developers include:
Some key obligations imposed on Deployers include:
The legislation does not apply to an HAIS that is approved, developed or otherwise used or acquired by a US federal agency.
There is no private right of action; only the Colorado Attorney General has the authority to enforce the Colorado AI Law, with a violation being an unfair trade practice under Colorado’s consumer protection laws.
In my next post, I’ll compare the Colorado AI law with the Colorado Privacy Act and EU AI Act, as well as how this may affect or serve as a model for federal legislation.