Source: Progressive Policy Institute

The Progressive Policy Institute provides an analysis of the Colorado Artificial Intelligence Act (SB 24-205), signed into law on May 17, 2024, positioning the state as a pioneer in AI regulation within the United States. The author, Jordan Shapiro, explains that the law, set to take effect on February 1, 2026, primarily targets the issue of algorithmic discrimination in high-risk AI systems that make consequential decisions impacting consumers. These decisions pertain to critical areas such as employment, housing, credit, healthcare, insurance, and legal services. The legislation imposes specific obligations on both the developers and the "deployers" (the entities using the AI systems) to exercise reasonable care to protect consumers from known or foreseeable risks of bias. This duty of care is a central tenet of the law, aiming to ensure fairness and prevent discriminatory outcomes based on protected characteristics like age, race, and disability.

A key requirement for deployers of these high-risk systems is the implementation of a comprehensive risk management program. This program must include, but is not limited to, impact assessments, regular reviews, and clear documentation outlining how the AI system is managed and how its potential discriminatory impacts are mitigated. The law also mandates transparency; deployers must notify consumers when a high-risk AI system has been used to make a consequential decision about them. They must also provide an explanation of the decision and disclose the consumer's right to correct any inaccurate personal data used by the system. The Colorado Attorney General is granted exclusive enforcement authority, and the law establishes a rebuttable presumption of compliance for developers and deployers who adhere to nationally or internationally recognized risk management frameworks. This provision aims to provide a degree of certainty for businesses while promoting the adoption of best practices in AI governance and risk mitigation.