Overview & Requirements: Colorado’s AI Act (SB 205)

Effective February 1, 2026

Accountability For AI Outputs

Mandatory Consumer Disclosures

Regular Impact Assessments

Utah AI Policy Act Compliance

AI Compliance doesn’t have to be so complicated.

Use FairNow’s AI governance platform to:

Effortlessly ensure your AI is in harmony with both current and upcoming regulations

Ensure your LLMs and GenAI are transparent, reliable, and unbiased

Stay ahead of compliance requirements before fees and fines become commonplace

FAQs About Colorado’s Artificial Intelligence Act (SB 205)

What are the core concepts of the Colorado Artificial Intelligence Act?

The Colorado Artificial Intelligence Act (SB 205) introduces comprehensive regulations for using high-risk AI systems, setting a precedent for other states. The core concepts of the Act are:

  1. Accountability for AI Outputs: Developers and deployers of high-risk AI systems will be held accountable for algorithmic discrimination and must use reasonable care to protect consumers from foreseeable risks.
  2. AI Risk Management: Developers and deployers must implement detailed risk management policies and programs, including regular impact assessments to mitigate risks associated with high-risk AI systems.
  3. Mandatory Consumer Disclosures: Businesses must clearly inform consumers when they are interacting with AI systems, especially if the AI is used for making consequential decisions.
  4. Exclusive Enforcement by Attorney General: The Act is enforced by the Colorado Attorney General, with no private right of action. Compliance with NIST or ISO risk management frameworks provides an affirmative defense.
  5. Proactive Risk Mitigation: The Act encourages proactive risk mitigation by allowing companies to defend themselves if they follow established frameworks and fix any violations.

As AI continues to integrate into various aspects of life and business, the need for comprehensive frameworks to manage its use, deployment, and implications becomes increasingly critical.

FairNow is honored to play a crucial role in preparing companies for this future, ensuring they’re compliant today and ready for tomorrow’s regulatory landscapes.

What is the Colorado Artificial Intelligence Act (SB 205)?

The Act establishes legal liability and transparency obligations for the developers and deployers of high-risk AI systems operating in Colorado.

It mandates that users of these systems must clarify interactions involving AI and holds them liable for any legal offenses committed by or with the assistance of AI.

The Act also requires implementing risk management programs and impact assessments to manage and mitigate risks.

Who does the Colorado Artificial Intelligence Act (SB 205) apply to?

The requirements of the Act apply to developers and deployers of high-risk AI systems operating in Colorado.

A high-risk AI system is defined as an AI system that makes or substantially factors into making consequential decisions affecting consumers in areas such as education, employment, financial services, healthcare, housing, insurance, government services, and legal services.

Here are some possible examples of AI systems that make “consequential decisions”:

  • Education: An AI system that determines student admissions or scholarship eligibility.
  • Employment: An AI system that screens job applicants or decides promotions.
  • Financial Services: An AI system that evaluates credit scores or loan approvals.
  • Healthcare: An AI system that aids in medical diagnoses or treatment plans.
  • Housing: An AI system that influences rental applications or mortgage approvals.
  • Insurance: An AI system that sets insurance premiums or assesses claims.
  • Government Services: An AI system used for eligibility determinations for social services.
  • Legal Services: An AI system that assists in legal research or case predictions.
What are the compliance requirements of the Colorado Artificial Intelligence Act?

The Act imposes several compliance requirements:

  1. Transparency Requirements: Developers and deployers must provide clear disclosures to consumers when they interact with AI systems, especially in consequential decision-making scenarios.
  2. Risk Management Programs: Deployers must implement and regularly review risk management policies and programs.
  3. Impact Assessments: Deployers must complete annual impact assessments and additional assessments within 90 days of significant modifications to the AI systems.
  4. Public Statements: Both developers and deployers must publish information on their websites about the high-risk AI systems they develop or use and how they manage risks of algorithmic discrimination.
What are SB 205's non-compliance penalties?

Violations of the Act can result in enforcement actions by the Colorado Attorney General, including administrative fines and legal consequences for offenses committed with the assistance of AI systems.

The Act also provides an affirmative defense for entities that discover and cure violations and comply with recognized AI risk management frameworks.*

*This means that The Act allows companies to defend themselves against penalties if they identify and correct any violations of the Act and adhere to established AI risk management frameworks, such as those from the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO). By discovering and fixing issues promptly and following recognized standards, companies can protect themselves from legal consequences under the Act.

What is the status of the Colorado Artificial Intelligence Act (SB 205)?

On May 17, 2024, Governor Jared Polis signed the Colorado Artificial Intelligence Act (SB 24-205) (CAIA). The law becomes effective February 1, 2026

How can companies best implement Colorado's AI Policy Act requirements?

We’re so glad you asked! Here are seven practical steps to ensure compliance:

  1. Inventory Models and Assess Risk: Compile a detailed inventory of all AI technologies in use, assess associated risks, and establish accountability for AI operations.
  2. Invest in AI Governance Tools: Utilize tools that support compliance with the AI Policy Act, managing AI effectively within regulatory requirements.
  3. Automate Audits and Compliance Checks: Implement automated systems to ensure consistent compliance with the Act, maintaining transparency and accountability.
  4. Consider the Use of Synthetic Data: Leverage synthetic data to fulfill objectives without compromising personal data privacy.
  5. Implement Mandatory Disclosures: Modify interfaces to clearly disclose when consumers are interacting with AI, and train employees on how to communicate about AI use.
  6. Engage in Continuous Learning and Adaptation: Stay informed about legislative changes and industry standards, and participate in voluntary programs during the Act’s implementation period.
  7. Voluntary Commitment to Standards: Actively participate in frameworks and commitment layouts introduced during the Act’s implementation to demonstrate leadership in AI governance.

Staying informed and engaged will be key to achieving Colorado SB 205 compliance.