AI Sigil Logo
Contact Us
Back to all insights
A compass illustrating guidance in navigating the complexities of AI legislation.

Sections

Reforming AI Regulation: Key Changes to Colorado’s AI Act

Proposed Amendments to the Colorado AI Act

As the regulatory landscape for artificial intelligence (AI) continues to evolve, Colorado is considering significant changes to its recently enacted AI Act. Following nearly a year-long effort by the state’s Artificial Intelligence Impact Task Force, the proposed Senate Bill 318 aims to address concerns that the AI Act was too broad and could stifle innovation. The bill seeks to overhaul the AI Act by narrowing its focus and materially reducing the compliance burden on in-scope businesses.

Key Proposed Changes

  • Revised Definitions: The bill amends several key definitions, including the redefinition of “algorithmic discrimination” to mean “the use of an artificial intelligence system that results in a violation of any applicable local, state, or federal anti-discrimination law.” Additionally, the definition of developer is amended to exclude individuals offering systems with open model weights or those meeting specific conditions, such as not promoting consequential decisions and including disclaimers in documentation.
  • New & Broadened Exemptions: One of the most impactful amendments is the new exemption for deployers using high-risk AI systems solely for recruitment, sourcing, or hiring of external candidates, provided certain conditions regarding employee count and disclosures are met. Given the prevalence of AI-powered recruitment tools across human resource departments, many businesses could benefit significantly from this exemption. Furthermore, certain developer disclosure requirements do not apply to developers meeting specific financial criteria—such as generating less than $10 million from third-party investors and less than $5 million in annual revenue—who sell high-risk AI systems that deployers use for a limited number of consequential decisions per year, with the limit decreasing from 10,000 in 2027 to 2,500 in 2029.
  • Modified Duties: The prior requirement for developers and deployers to notify the attorney general of known or foreseeable risks of algorithmic discrimination appears to have been eliminated, simplifying compliance obligations.
  • Enhanced Deployer Obligations (with limitations): In-scope deployers are now required to implement a risk management policy and program, completing annual impact assessments. The content of these assessments must explicitly analyze risks related to accessibility, unfair trade practices, labor law violations, or violations of the Colorado Privacy Act. Deployers using high-risk AI systems for consequential decisions must provide consumers with disclosures detailing the system’s purpose, developer information, and a plain language description of the system’s role and data evaluation process. For adverse consequential decisions, a single notice must disclose the principal reasons for the decision, the system’s contribution, categories of adverse data, and consumer rights regarding personal data correction.
  • New Notification Requirement for Withheld Information: Businesses that withhold information otherwise subject to disclosure under the AI Act are required to notify the affected individuals, stating the basis for withholding and providing any non-exempt information.
  • Delayed Enforcement: The attorney general will have exclusive authority to enforce the Act; however, this authority will not commence until January 1, 2027. Affirmative defenses are available for businesses that discover and rectify a curable violation within seven days, provided they meet specific criteria such as inadvertence affecting fewer than 1,000 consumers.

This proposed bill represents a significant refinement of Colorado’s approach to AI regulation, exempting more businesses from its scope and adjusting compliance timelines and requirements for developers and deployers. As similar broad AI algorithmic bias laws are pending in other states, these amendments may offer a potential blueprint for navigating the complexities of governing AI systems in the future.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More