Colorado SB 26-189, the Automated Decision-Making Technology Act, has been enacted. It repeals and reenacts consumer AI provisions previously contained in SB 24-205. The act governs the use of covered automated decision-making technology (CADT) in consequential decisions, a term the act defines to cover decisions affecting employment, housing, education, credit, and healthcare. Developer compliance obligations under the act take effect 1 January 2027.
Sections 6-1-1801 through 6-1-1808 of the Colorado Revised Statutes, as amended by SB 26-189, establish four categories of obligation. Developers must provide deployers with technical documentation describing the system's intended uses, categories of training data, known limitations, and instructions for appropriate use and human oversight. Deployers must deliver clear and conspicuous notice to consumers at the point of interaction with a CADT. Consumers who receive an adverse consequential decision retain the right to request meaningful human review and reconsideration; deployers that cannot facilitate human review must cease using the CADT for that decision type.
AI system developers selling to Colorado-based deployers must prepare compliant technical documentation packages before 1 January 2027. Deployers in sectors the act covers, including employers, financial institutions, landlords, insurers, and healthcare providers, must audit vendor agreements to confirm that documentation delivery obligations are contractually allocated to the developer. Deployers who use CADT in consequential decisions without the required consumer notice violate Section 6-1-1806(1) and expose themselves to enforcement under the Colorado Consumer Protection Act, where a violation constitutes a deceptive trade practice.
The act does not classify rule-based systems operating without machine learning or statistical inference as covered automated decision-making technology. Exempt categories include CADT used for fraud detection, network and information security, and law enforcement investigative tools. The Attorney General retains rulemaking authority to designate additional exempt categories and has not yet published proposed regulations under the new act.
Licentium advises technology companies, AI developers, and regulated businesses on US state AI legislation compliance, including consumer notice obligations, technical documentation requirements, and human review programme design. We may advise on this matter or refer you to our partner network for US state AI regulatory counsel. Work we undertake includes AI governance gap assessments, vendor agreement audits, US state AI legislation mapping, and compliance programme implementation.
Source: Colorado General Assembly, SB26-189 Automated Decision-Making Technology, 2026