Governor Jared Polis signed Colorado Senate Bill 26-189 on 14 May 2026. The bill repeals Senate Bill 24-205 - the original Colorado AI consumer protections statute enacted in 2024 - and reenacts its provisions in revised form under the title Automated Decision-Making Technology. The new law takes effect 1 January 2027 and appropriates $100,403 to the Colorado Department of Law for FY 2026-27 enforcement functions.
SB 26-189 regulates the use of automated decision-making technology by developers and deployers in consequential decisions, defined as decisions producing legal or similarly significant effects on consumers. The statute retains a risk-tiered structure derived from SB 24-205 but separates obligations for developers and deployers into distinct compliance tracks. Colorado's AI Policy Workgroup, convened under Governor Polis, delivered unanimous support for the revised policy before the bill reached the Governor's desk. The prior statute, SB 24-205, had not entered into force; the revision process extended and then superseded its pending effective date.
Deployers making consequential decisions affecting Colorado consumers must conduct impact assessments for high-risk automated systems, implement risk management programmes, and disclose to consumers when automated decision-making is used in covered decisions. Developers must provide deployers with technical documentation sufficient to enable compliance. The law applies to entities deploying AI in employment decisions, financial services, housing, education, healthcare, and access to public accommodation in Colorado.
The statute retains carve-outs for low-risk applications present in the original SB 24-205. The 1 January 2027 effective date gives companies approximately seven months to align internal processes, contracts, and documentation. The law operates without an equivalent federal AI statute; companies subject to SB 26-189 should build compliance programmes that can be adjusted if Congress enacts preemptive federal AI legislation before the Colorado law takes effect.
Licentium advises clients on US state AI regulatory obligations, including Colorado SB 26-189 compliance. Work we undertake includes automated decision-making impact assessment design, developer-deployer contractual allocation, algorithmic discrimination risk analysis, and AI governance documentation for US-regulated entities.