AI Compliance · Colorado AI Act

The Colorado AI Act, read from your code.

Colorado's SB 24-205 was the first comprehensive US state AI law. In 2026 it was repealed and reenacted as SB 26-189, which reframes the law around automated decision-making technology (ADMT) used in consequential decisions about people, with obligations from January 1, 2027. Before your counsel can assess compliance, someone has to know which of your systems the law reaches. That's the read we produce.

Get an AI Compliance Audit → Three weeks · Fixed price · Read-only

What the law is

An automated-decision law, reenacted for 2027.

Signed in 2024, the Colorado Artificial Intelligence Act (SB 24-205) was the first comprehensive AI law passed by a US state. In 2026 the legislature repealed and reenacted it as SB 26-189 (signed May 14, 2026), reframing the law around automated decision-making technology, with obligations beginning January 1, 2027. Statutes and dates still move — confirm what currently applies with counsel.

The law now targets automated decision-making technology (ADMT) used to materially influence a consequential decision — one affecting access to education, employment, housing, financial or lending services, insurance, health care, or essential government services and benefits.

Developers of covered ADMT must give deployers technical documentation: intended uses, training-data categories, known limitations and human-review instructions.
Deployers must give consumers clear, conspicuous notice at the point of interaction with a covered ADMT.
After an adverse consequential decision, deployers owe a plain-language explanation within 30 days, plus a right to meaningful human review and reconsideration.
Consumers can access, and request correction of, the personal data an ADMT used.
Developers and deployers must retain compliance records for at least three years; the Attorney General enforces, with a cure period before Jan 1, 2030.

Every one of these obligations starts in the same place: knowing exactly which AI systems you run and what they touch. That's the read we produce.

The compliance gap

You can't assess what you can't see.

Every obligation in the law hinges on a classification question: which of your systems are automated decision-making technology, and which of their decisions are “consequential”? You cannot document a system, notify a consumer, or stand up human review for an ADMT you haven't identified.

Most companies can't answer that from memory. The model that scores applicants, the AI that ranks leads, the third-party API buried in a dependency — these are exactly the systems the law reaches, and exactly the ones a manual inventory misses.

Surface the AI

Every model, API and LLM call in your code — including the shadow AI nobody reported.

Trace the data

Which systems make consequential decisions, and what regulated data flows into each one.

Hand counsel the evidence

A signed, source-traced map your counsel turns into the documentation, notices and human-review processes the Colorado AI Act requires.

Colorado AI Act, answered

Common questions.

What is the Colorado AI Act (SB 205)?

Colorado's AI law began as SB 24-205 (2024), the first comprehensive US state AI law. In 2026 the legislature repealed and reenacted it as SB 26-189, reframing the law around automated decision-making technology (ADMT) used to materially influence consequential decisions. It requires developers to provide technical documentation, deployers to give consumers notice, and a right to meaningful human review after an adverse decision, with obligations beginning January 1, 2027.

When does the Colorado AI Act take effect?

The original SB 24-205 was slated for early 2026, but its date was repeatedly amended. In 2026 it was repealed and reenacted as SB 26-189, with obligations beginning January 1, 2027. Confirm the current effective date with your counsel rather than relying on any single published date. The underlying work does not change: you need to know which of your systems the law reaches before any deadline.

What does the Colorado AI Act cover now?

As reenacted by SB 26-189, the law covers automated decision-making technology (ADMT) used to materially influence a consequential decision: one affecting access to education, employment, housing, financial or lending services, insurance, health care, or essential government services. Identifying which of your systems meet that bar is the first step, and it has to come from the code, not from a questionnaire.

How does an AI compliance audit help with Colorado SB 205?

We surface every AI and ADMT system in your codebase, trace what data each one touches, and flag the ones making consequential decisions about people. That source-traced map is the evidence base your counsel uses to produce the law's technical documentation, consumer notices and human-review processes.

This page is general information, not legal advice. AI statutes and their effective dates are moving targets; confirm what applies to you with your own counsel. We produce the technical read — the source-traced map of the AI in your code — that your counsel maps to the obligations that actually bind you.