Colorado AI Act

Consumer Protections for Artificial Intelligence, also known as the Colorado AI Act (CAIA), is a Colorado state law that regulates the development and deployment of high-risk artificial intelligence (AI) systems. ^[1] The CAIA places obligations on deployers and developers of high-risk AI systems to protect Colorado residents from algorithmic discrimination in the context of employment, education, financial services, government services, healthcare, housing, insurance, or legal services. ^[2] The CAIA drew national attention for being the first comprehensive, state-level framework in the United States that legislates high-risk AI systems. ^{[3] [4] [5]}

Colorado AI Act
Colorado State Legislature
Long title Consumer Protections for Artificial Intelligence
Enacted	May 17, 2024
Commenced	June 30, 2026
Introduced	April 10, 2024
Status: Current legislation

Provisions

The CAIA covers high-risk AI systems that play a substantial role in making a "consequential decision" that impacts Colorado residents. ^{[6] [7]} Consequential decisions are defined as those with significant impacts related to education, employment, financial services, government services, healthcare, housing, insurance, or legal services. ^[8] The bill takes effect on June 30, 2026. ^[9]

The CAIA places obligations on developers and deployers who conduct business in Colorado to avoid algorithmic discrimination against Colorado residents. ^[10] Developers are entities who "develop or intentionally and substantially" modify high-risk AI systems. ^[8] Deployers are organizations who use high-risk AI systems. ^[9] Algorithmic discrimination is defined as "any condition in which the use of an artificial intelligence system results in an unlawful differential treatment or impact that disfavors an individual or group of individuals on the basis of" protected characteristics. ^{[8] [2]}

Developer duty

Under CAIA, developers must produce documentation for the deployers or other developers that outlines the purpose, purported benefits, limitations, and foreseeable risks of their high-risk systems, as well as the data used to train them. They also must document how they evaluated their systems, how these should or shouldn’t be used, measures taken to mitigate harms, and other materials to assist deployers in upholding their legal obligations. ^[10] Developers must disclose the types of high-risk systems they provide and how they manage discrimination risks on their websites or in other public repositories. ^[8]

Finally, if developers learn that their high-risk AI systems may have caused algorithmic discrimination, they must alert the Colorado Attorney General and all known deployers within 90 days. ^[11]

Deployer duty

Deployers covered by the CAIA must create risk management policies that include details on the internal processes employed to mitigate the harm of high-risk AI systems, which should be updated and reviewed regularly. Policies should be reasonable considering existing frameworks, such as the AI Risk Management Framework by the National Institute of Standards and Technology (NIST) or ISO/IEC 42001. These policies can vary depending on deployers' operations and their use of high-risk AI systems. ^{[2] [6]}

Developers or third parties must complete regular impact assessments. These should include, among other criteria, the purpose, use case, and benefit of high-risk AI systems, the known risks and steps to mitigate harms, metrics used to evaluate them, and a description of safeguards. ^{[9] [8]}

Deployers must disclose to consumers if a high-risk AI system is a substantial factor in making a consequential decision. The notification should provide a plain language description of the system and the nature of the decision, contact information of the deployer, and the right to opt out. ^[10] If consequential decisions are adverse, deployers must provide consumers with a description of the reasons for the decision, the degree to which AI contributed to it, and the type and source of data used. Where applicable, consumers have the right to correct personal data used by the system and appeal the decisions made. ^[6]

Deployers must notify the Colorado Attorney General within 90 days if they learn that their high-risk AI systems caused algorithmic discrimination. ^[11]

Enforcement

Enforcement of the CAIA rests with the Colorado Attorney General. ^[9] Under Colorado's consumer protection legislation, a violation of the CAIA can incur a maximum $20,000 fine per violation. ^[12]

Exemptions

The CAIA doesn’t include systems that perform "narrow procedural tasks" or those that supplement, but don’t replace, human decision-making. ^[10] The bill states that certain technologies, unless substantially involved in making a consequential decision, are exempt, including anti-fraud, cybersecurity, spam filters, and other kinds of software. ^[13]

The CAIA's transparency requirements do not require deployers or developers to share trade secrets, information protected by other federal or state legislation, or information that would present security risks for developers. ^[14]

Deployers are exempt from creating risk management policies, impact assessments, and certain transparency disclosures if they don’t train their high-risk systems with their own data, have fewer than 50 full-time staff members, use the system for the intended uses as per developer documentation, and publish impact assessments from developers. ^[12]

History

On April 10, 2024, Colorado State Senator Robert Rodriguez introduced Consumer Protections for Artificial Intelligence (Senate Bill 205), which passed the Senate Judiciary Committee 3-2 along party lines. ^[15] Rodriguez described the bill as a "framework for accountability, for biases and discrimination and just making sure that people know when they’re interacting with" high-risk AI systems. ^[16]

Although it was initially unclear whether Governor Jared Polis would sign the bill, he did so on May 17, 2024 with the expectation that it would be further revised before going into effect on February 1, 2026. ^{[17] [15]} In an accompanying letter, he expressed his concern "about the impact this law may have on an industry that is fueling critical technological advancements across our state for consumers and enterprises alike." ^[18]

After facing pressure from the business and technology community, Governor Polis, Senator Rodriguez, and Attorney General Phil Weiser committed to revising the CAIA to address the concerns of the business community, including by lessening the disclosure obligations on smaller companies. ^[19]

On April 28, 2025, shortly before the end of the year’s legislative session, Senator Rodriguez and Representative Brianna Titone introduced Senate Bill 318. ^{[20] [21]} The bill would have delayed implementation of the CAIA and expanded exemptions for companies based on their size and revenue, as well as narrow the scope of the CAIA. ^[20] The bill did not advance, as consumer rights advocates, industry groups, and policymakers proved unable to reach consensus. Shortly after, Governor Polis and other lawmakers called on the Colorado General Assembly to use the final hours of the legislative session to delay the implementation of the CAIA. ^[22]

When Senate Bill 318 was abandoned, several Democrats sought to postpone the implementation date of the CAIA by introducing an amendment through Senate Bill 322. However, Representative Titone filibustered the attempt. ^[23]

In early August 2025, Governor Polis called for a special legislative session to address the budget shortfall caused by the One Big Beautiful Bill and consider revisions to the CAIA. ^{[24] [25]} Senate Bill 4, called the Colorado Artificial Intelligence Sunshine Act, was introduced by Senator Rodriguez, Representative Titone, and Representative Jennifer Bacon. ^{[5] [25] [26]} It passed with a 4-3 vote out of the Senate Business, Labor and Technology Committee. ^[27] Under Senate Bill 4, Colorado residents who receive adverse decisions from employers, insurers, and other covered industries could request a list of up to 20 personal characteristics that most influenced the decision. ^[27] It also proposed creating joint and several liability for developers and deployers, alongside safe harbor provisions. ^[5] While it was supported by consumer and labor rights organizations, business associations argued that the proposed liability regime would pose heavy burdens for companies. ^{[27] [28]}

House Bill 1008, introduced by Representative William Lindstedt, Representative Michael Carter, State Senator Judy Amabile, and State Senator Lisa Frizell, proposed reducing compliance requirements and clarifying that the state Attorney General, rather than consumers, can sue for rights violations. ^{[27] [29] [25]} This was supported primarily by tech and business industry groups, while opponents criticized House Bill 1008 for limiting the public’s ability to pursue legal action. ^{[25] [30]} The bill ultimately cleared the House Business Affairs and Labor Committee on an 8-5 vote with bipartisan support. ^[27]

Both bills underwent revisions during the special session; ^[27] however, amid unresolved debates between stakeholders, lawmakers ultimately abandoned efforts to negotiate substantive compromises. ^[31] In its final form, Senate Bill 4 delayed enforcement of the Act from February 1, 2026 to June 30, 2026. ^[5] The bill was signed into law on August 28, 2025. ^[26] Legislators may make further adjustments to the Act. ^[32]

In December 2024, the Trump administration issued the executive order "Ensuring a National Policy Framework for Artificial Intelligence," which sought to establish a national approach to AI governance and preempt state-level AI regulations. The order specifically criticized the Colorado AI Act, stating that its requirements could be onerous and "may even force AI models to produce false results in order to avoid a 'differential treatment or impact' on protected groups." ^{[33] [34]}

Reception

Colorado received national media and legal attention for being the first state to pass a comprehensive law specific to AI. ^{[5] [4] [35]} Especially given the difficulty of passing AI legislation in Congress, the CAIA serves as a model for other states. ^{[36] [5]} Colorado’s approach also stands out because other states have pursued narrower, sector-specific regulations. ^{[37] [35]}

The legislative process also drew notice for the scale of involvement by industry representatives, consumer advocacy groups, and other stakeholders. ^{[32] [4]} According to Axios , "more than 100 companies and organizations hired roughly 150 lobbyists to shape" the bill. ^[38] Other states, including Connecticut, have introduced AI legislation but have faced difficulties advancing proposals in the face of industry lobbying. ^{[39] [19]}

Business and technology community

The business and technology community was generally critical of the CAIA, contending that the provisions would curtail innovation, cause companies to leave the state, create a fragmented national legislative landscape, and place disproportionate financial strain on small businesses and startups. ^{[40] [41] [42]} The Chamber of Progress, for instance, argued that "pinpointing the sorts of catalysts of discriminatory outcomes of AI systems is not always possible, nor is consistently determining who or what is responsible for the act of discrimination." The organization instead urged policymakers to strengthen existing civil rights legislation. ^[16] The Colorado Technology Association, which represents over 300 companies based in the state, criticized the bill for being "vague and very broad" and for creating legal uncertainty. ^[17] Whereas local technology and business associations were most opposed to the legislation, Google, IBM, and Microsoft were generally supportive, but provided suggestions for narrowing certain provisions. ^[40] With the enforcement date postponed, these stakeholders hope to further revise the bill. ^[32]

Civil society

Civil society organizations, including the Center for Democracy and Technology (CDT), Consumer Reports, the Electronic Privacy Information Center (EPIC), the American Federation of Labor and Congress of Industrial Organizations (AFL-CIO), and others, were broadly supportive of the CAIA for establishing foundational protections and providing some degree of transparency to consumers. ^{[19] [43] [41] [17] [44]} According to CDT, the law represents an "important basic step for AI accountability." ^[45] On the other hand, these groups contend that the bill could be strengthened by closing exemption loopholes, more precisely defining "narrow procedural tasks," ^[44] requiring independent auditing, and having stronger enforcement mechanisms and transparency provisions. ^{[17] [45] [43]} Several organizations also noted that the industry interest groups mischaracterized the CAIA’s provisions and disproportionately influenced legislative discussions. ^{[19] [40] [22]}

See also

• ELVIS Act
• Regulation of AI in the United States
• Safe and Secure Innovation for Frontier Artificial Intelligence Models Act

References

1. Pozza, Duane; Scott, Kathleen; Lerman, Lauren (20 May 2024). "Colorado Enacts Landmark AI Legislation". Wiley. Retrieved 23 November 2024.
2. Levi, Stuart; Kumayama, Ken; Ridgway, William; Ghaemmaghami, Mana (24 June 2024). "Colorado's Landmark AI Act: What Companies Need To Know". Skadden. Retrieved 23 November 2025.
3. Culhane, Mallory (15 May 2024). "Two unlikely states are leading the charge on regulating AI". Politico. Retrieved 23 November 2025.
4. Frank, John (6 August 2024). "Colorado's AI bill in national spotlight". Axios. Retrieved 16 November 2025.
5. Simon, Michael (6 November 2025). "Colorado's AI Act: Still Standing". American Bar Association. Retrieved 16 November 2025.
6. "Consumer Protections for Artificial Intelligence". Colorado General Assembly. Retrieved 16 November 2025.
7. Stauss, David; Navetta, David; Dolen, Shelby (20 August 2025). "Colorado AI Act Amendment Bills for Special Session Released". Troutman Pepper Locke. Retrieved 16 November 2025.
8. "Consumer Protections for Artificial Intelligence". Colorado General Assembly. 17 May 2024. Retrieved 30 November 2025.
9. Anderson, Jordan. "The Colorado AI Act: What you need to know". Baker Tilly. Retrieved 16 November 2025.
10. Yavorsky, Shannon; Farnsworth, Nicholas; Coleman, Matthew; Graham, Peter; Burke Vail, Catlin (12 September 2025). "Colorado Artificial Intelligence Act: 5 Things You Should Know". Orrick. Retrieved 16 November 2025.
11. Rice, Tatiana; Lamont, Keir; Francis, Jordan (July 2024). "The Colorado Artificial Intelligence Act" (PDF). Future of Privacy Forum. Retrieved 28 November 2025.
12. Zweifel-Keegan, Cobun; Folks, Andrew (21 May 2024). "The Colorado AI Act: What you need to know". IAPP. Retrieved 23 November 2025.
13. "Colorado Becomes the First State to Enact Comprehensive AI Legislation". Blank Rome LLP. 4 June 2024. Retrieved 23 November 2025.
14. Hutson, Jevan; Rice, David; Halm, K.C. (20 May 2024). "Mile-High Risk: Colorado Enacts Risk-Based AI Regulation to Address Algorithmic Discrimination". Davis Wright Tremaine LLP. Retrieved 23 November 2025.
15. "Colorado Senate Bill 205". LegiScan. Retrieved 16 November 2025.
16. Chuang, Tamara (25 April 2024). "Colorado bill to regulate generative artificial intelligence clears its first hurdle at the Capitol". The Colorado Sun. Retrieved 16 November 2025.
17. Chuang, Tamara (18 May 2024). "Colorado becomes first state with law regulating potential consumer harms of artificial intelligence". The Colorado Sun. Retrieved 16 November 2025.
18. Birkeland, Bente (22 June 2024). "In writing the country's most sweeping AI law, Colorado focused on fairness, preventing bias". NPR. Retrieved 16 November 2024.
19. Chuang, Tamara (23 April 2025). "Why Colorado's artificial intelligence law is a big deal for the whole country". The Colorado Sun. Retrieved 2025-11-16.
20. Chuang, Tamara (29 April 2025). "Colorado lawmakers, being watched across the country, scale back artificial intelligence law". The Colorado Sun. Retrieved 16 November 2025.
21. Zacharias, Edward; Chen, Jiayan; Bank, Reuben (15 May 2025). "Colorado Fails to Amend Groundbreaking AI Law: What Happened and What's Next". McDermott, Will & Schulte. Retrieved 16 November 2025.
22. Chuang, Tamara (5 May 2025). "Attempt to tweak Colorado's controversial, first-in-the-nation artificial intelligence law is killed". The Colorado Sun. Retrieved 16 November 2025.
23. Klamann, Seth; Coltrain, Nick (7 May 2025). "Colorado House attempts late-night move to delay AI regulations, but effort fails". The Denver Post. Retrieved 16 November 2025.
24. Frank, John (6 August 2025). "Colorado governor orders hiring freeze and emergency session to fix budget, review AI law". Axios. Retrieved 16 November 2025.
25. Klamann, Seth (20 August 2025). "Colorado's AI regulations split lawmakers as they pitch reforms for special session: 'It's a mess'". The Denver Post. Retrieved 16 November 2025.
26. "Increase Transparency for Algorithmic Systems". Colorado General Assembly. Retrieved 16 November 2025.
27. Sealover, Ed (22 August 2025). "Special session opens with legislators advancing competing AI bills". The Sum and Substance. Retrieved 16 November 2025.
28. Goodland, Marianne (25 August 2025). "Artificial intelligence bill gutted by Colorado Senate as possible deal collapses". Denver Gazette. Retrieved 25 November 2025.
29. "Consumer Protections for Artificial Intelligence Interactions". Colorado General Assembly. Retrieved 16 November 2025.
30. Guilfoil, Jackson (22 August 2025). "Colorado business and lawmakers clash again over AI in special session". Denver Business Journal. Archived from the original on 25 August 2025. Retrieved 23 November 2025.
31. Wilson, Sara (27 August 2025). "Colorado special session leads to further delay of state's AI law". Colorado Newsline. Retrieved 23 November 2025.
32. Paul, Jesse; Doven, Taylor (25 August 2025). "Colorado lawmakers abandon special session effort to tweak AI law, will push back start date to June 2026". The Colorado Sun. Retrieved 16 November 2025.
33. Tobey, Danny; Carr, Ashley; Samp, Tony; Atleson, Michael; Buckley, Karley (December 15, 2025). "New Executive Order aims to preempt state AI regulation: Top points". DLA Piper.
34. "Ensuring a National Policy Framework for Artificial Intelligence". The White House. December 11, 2025. Retrieved December 24, 2025.
35. Bedayn, Jesse (23 May 2024). "Attempts to regulate AI's hidden hand in Americans' lives flounder in US statehouses". AP. Retrieved 28 November 2025.
36. Siegal, Alex; Garcia, Ivan (26 October 2024). "A Deep Dive into Colorado's Artificial Intelligence Act". National Association of Attorneys General. Retrieved 16 November 2025.
37. Bhattacharyya, Suman (15 July 2025). "'Heavy lift': Colorado AI law sets high bar, analysts say". CFO Dive. Retrieved 24 November 2025.
38. Frank, John (26 August 2025). "Big Tech wins in delay of Colorado's AI transparency bill". Axios. Retrieved 16 November 2025.
39. Culhane, Mallory (15 May 2024). "Two unlikely states are leading the charge on regulating AI". Politico. Retrieved 24 November 2025.
40. Chuang, Tamara (22 October 2024). "Google, Microsoft seem OK with Colorado's controversial AI law. Local tech not so much". The Colorado Sun. Retrieved 16 November 2025.
41. Klamann, Seth (24 May 2024). "Colorado's first-in-nation AI regulations are "a major shift," experts say, as tech industry pushes back". The Denver Post. Retrieved 16 November 2025.
42. Chuang, Tamara (14 June 2024). "Governor, lawmakers are already planning big revisions to Colorado's first-in-the nation artificial intelligence law". The Colorado Sun. Retrieved 16 November 2025.
43. "Building on Colorado's AI Act to ensure sound policy". EPIC. Retrieved 16 November 2025.
44. "Consumer Reports backs signing of high-risk AI bill, calls on Colorado General Assembly to strengthen it before it goes into effect". Consumer Reports. Retrieved 16 November 2025.
45. Scherer, Matt (22 May 2024). "Colorado's Artificial Intelligence Act is a Step in the Right Direction. It Must be Strengthened, Not Weakened". Center for Democracy & Technology. Retrieved 16 November 2025.