From the journal

Colorado Governor Polis Signs SB 26-189 Replacing the Colorado AI Act on 14 May 2026

Colorado Governor Jared Polis signed SB 26-189 on 14 May 2026. The act repeals and replaces Colorado's 2024 artificial intelligence statute. It removes the prior duty of care, risk management programs and impact assessments. New disclosure, notice, and human-review obligations bind developers and deployers of automated decision-making technology used in consequential decisions. The Attorney General enforces violations as deceptive trade practices under the Colorado Consumer Protection Act. The law takes effect 1 January 2027.

3 min read

Colorado Governor Jared Polis signed Senate Bill 26-189 on 14 May 2026. The Senate passed the bill 34-1 and the House passed it 57-6 during the 2026 legislative session. The act repeals Senate Bill 24-205 in full. The new statute reaches automated decision-making technology used in consequential decisions and takes effect on 1 January 2027.

SB 26-189 defines automated decision-making technology as ADMT. ADMT processes personal data and uses computation. It produces predictions, recommendations, classifications, rankings, scores, or other outputs that make, guide, or assist a decision. Developers must publish technical documentation. The documentation lists intended uses, categories of training data, known limitations, and instructions for human review. Deployers must give clear and conspicuous notice to consumers at the point of interaction with covered ADMT. Consumers may request meaningful human review of an adverse consequential decision. Both sides must retain compliance records for at least three years.

The repeal lifts the prior duty of care, the risk management program requirement, and the impact assessment regime that Senate Bill 24-205 had created. Employers, lenders, insurers, housing providers, healthcare providers, education institutions, and government deployers escape those programs. They still owe consumers a disclosure when ADMT informs a hiring, lending, insurance, housing, education, or essential service decision. Vendors selling AI tools into Colorado must hand deployers the technical documentation needed for the deployer side notices.

The Colorado Attorney General enforces SB 26-189 through the Colorado Consumer Protection Act. Violations count as deceptive trade practices. The statute carries no private right of action. Deployers gain a delayed compliance date of 1 January 2027, which pushes the effective date back from the prior June 2026 trigger. The act exempts smaller deployers below set thresholds and preserves general anti-discrimination statutes that already reach algorithmic harms.

Licentium advises on AI act compliance for vendors and deployers, and works with a partner network where local Colorado counsel is required. We help crypto, AI, and digital asset businesses on disclosure design, model documentation, and consumer notice flows. Work we undertake includes AI governance reviews, AI policy drafting, vendor diligence on automated decision systems, regulator engagement, and incident response planning. Contact us to discuss SB 26-189 readiness for your Colorado operations.

Source: Colorado General Assembly, Senate Bill 26-189, Automated Decision-Making Technology, signed 14 May 2026, https://leg.colorado.gov/bills/sb26-189

The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

AI Regulatory

More from the journal

See all

EU Council Formally Adopts AI Omnibus, Extending High-Risk AI Deadlines to December 2027

On 29 June 2026, the Council of the European Union formally adopted the AI Omnibus regulation, completing co-legislative passage following the European Parliament's plenary vote on 16 June 2026. The regulation amends Regulation (EU) 2024/1689 to extend compliance deadlines for high-risk AI systems, introduce new prohibited AI practices, and establish a transitional watermarking period for systems already on the market. The act enters into force on the third day after publication in the Official Journal.

FCA Finalises UK Cryptoasset Regime Rules, Authorisation Window Opens 30 September 2026

On 30 June 2026, the Financial Conduct Authority published five policy statements setting out final rules for the full range of regulated cryptoasset activities in the UK. The rules cover admissions and disclosures, market abuse, stablecoin issuance, prudential requirements, and FCA Handbook application. Firms must apply for authorisation between 30 September 2026 and 28 February 2027 to retain access to transitional provisions until the regime takes full effect on 25 October 2027.

European Commission Publishes Code of Practice on Marking and Labelling AI-Generated Content, June 2026

On 10 June 2026, the European Commission published the Code of Practice on Marking and Labelling of AI-Generated Content. The Code supports compliance with Article 50(2) and (4) of Regulation (EU) 2024/1689 and sets technical marking standards aligned with C2PA specifications. Adherence is voluntary, but the Code establishes the benchmark against which providers and deployers of generative AI systems will be assessed from the 2 August 2026 Article 50 compliance date.