Mandatory impact assessments for high-risk AI systems before and during deployment. Here is what Colorado businesses need to know in 2026.
Colorado SB 205 is the most comprehensive US AI law. It requires risk assessments for "high-risk" AI, annual bias audits, consumer disclosures, and appeal rights. Final rules published April 18, 2026.
State law does not replace federal law — you must comply with both. These federal rules apply to ai risk assessment nationwide:
Colorado's SB 205 — AI Consumer Protection applies to most businesses with limited exemptions. Even businesses with under 50 employees should review requirements. Always review the specific statute for employee count and revenue thresholds.
The key deadline in Colorado is June 30, 2026. The law is enacted and compliance is required by the deadline above.
Colorado penalties for AI non-compliance: Civil penalties under Colorado Consumer Protection Act. Enforcement is active. The state AG has authority to investigate and fine without prior warning.
Federal law does not currently preempt state AI laws. Colorado's SB 205 — AI Consumer Protection applies independently of federal rules. Federal laws like ECOA, FCRA, and HIPAA also apply alongside state law — so you must comply with both.
Best practice: document all AI systems used, conduct an internal audit, implement required disclosures, and keep records for at least 3 years. For high-risk uses like ai risk assessment, consider hiring an independent third-party auditor to validate compliance.
Take the free 4-question risk snapshot. See which laws apply, your risk level, and the first actions to take — no signup required.
Take the Free Assessment →