AI Sigil Logo
Contact Us
Back to all insights
A shattered glass prism reflecting a digital landscape

Sections

Revised Colorado AI Act: A Shift Towards Business-Friendly Regulations

Privacy and Cybersecurity Client Alert: Proposed Modifications to the Colorado AI Act

A proposed overhaul of the Colorado AI Act aims to replace expansive AI governance mandates with a more targeted, business-friendly framework focused on notice, human review, and post-adverse decision accountability.

Background

Colorado’s legislature enacted one of the first comprehensive U.S. artificial intelligence (AI) laws in 2024, known as the Consumer Protections for Artificial Intelligence. Recently, a working group convened by Governor Jared Polis proposed a near-total rewrite of that law, indicating a significant shift in AI regulation and legal risk management.

Current Regulation Overview

The existing Colorado AI Act emphasizes “high-risk AI” systems, imposing heavy governance requirements, impact assessments, and risk programs. The new proposal narrows the focus to automated tools that materially influence meaningful decisions, shifting compliance toward consumer notice, disclosures after adverse decisions, and meaningful human review.

Key Provisions of the New Proposal

  • Narrowed Scope: It focuses on significant uses of AI.
  • Shifted Compliance Burden: Moves from pre-use assessments to post-adverse decisions.
  • Rulemaking Emphasis: Significant rulemaking will be introduced to clarify core concepts.
  • Developer Risk Focus: Liability will be based on how products are marketed and sold.
  • Execution Over Paperwork: Emphasizes clear rules over extensive documentation.

Historical Context

In May 2024, Colorado became the first state to pass a comprehensive AI law, mandating that companies:

  • Use reasonable care to avoid algorithmic discrimination in high-risk AI systems.
  • Share information about AI systems, including their purpose, training, and known risks.
  • Conduct impact assessments for high-risk AI uses.
  • Maintain a risk-management program.
  • Provide consumers with pre- and post-use notices.
  • Notify the attorney general of known or foreseeable algorithmic discrimination.

Despite the law being hailed as a pioneering effort, calls for reform quickly emerged, leading to multiple legislative attempts to amend it. A working group has now proposed solutions to the legislative deadlock.

Changes Proposed

The new proposal simplifies compliance by eliminating vague standards and governance requirements:

  • Duty of Care: The obligation to use “reasonable care” to protect consumers from algorithmic discrimination is eliminated.
  • AI Governance: The requirement for annual impact assessments and risk-management programs is removed.
  • Algorithmic Discrimination: References to algorithmic discrimination are eliminated, leaving enforcement to existing anti-discrimination laws.

New Business-Friendly Provisions

The proposal introduces several provisions that clarify business liabilities:

  • Cure Period: A 90-day cure period for civil penalties is added, meaning companies have time to rectify issues.
  • Fault Allocation: Requires allocation of fault among developers and deployers, moving away from joint liability.
  • Developer Liability: Limits liability to claims based on intended uses, protecting developers from liability for rogue actions by users.
  • Record Retention: Deployers must retain records for three years to demonstrate compliance.
  • Indemnification Limits: Invalidates contract provisions that seek to indemnify for liability arising from violations of the proposal.

Modifications to Existing Provisions

Some existing provisions have been tweaked for better clarity and compliance:

  • Scope Limitation: Focuses on cases where AI is a significant factor in consequential decisions.
  • Developer Disclosures: Reduces the number of disclosures required, only necessitating them when the AI is intended to influence significant decisions.
  • Appeals Process: Reframes the right to appeal adverse decisions to emphasize human review.
  • Effective Date Delay: The new effective date is pushed to January 1, 2027.
  • Consumer Notices: More flexible provisions for consumer notifications and disclosures post-adverse decision.
  • HIPAA Exemption: Expands exemptions for healthcare entities’ AI activities, requiring general notices about AI usage.

Next Steps

A legislator must file the proposal as a bill, which is expected to proceed smoothly given the backing from various stakeholders. However, potential hurdles remain, especially with the looming uncertainty of federal regulations and executive orders that could impact state laws. Time is of the essence as the legislature closes on May 13.

This proposal represents a significant shift in the landscape of AI regulation in Colorado, and its success could set a precedent for future legislation across the United States.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More