Colorado Governor Jared Polis signed Senate Bill 26-189 on 14 May 2026. The bill cleared the Colorado Senate on a 34-1 vote and the Colorado House on a 57-6 vote. SB 189 repeals and replaces the Colorado Artificial Intelligence Act (SB 24-205), which Governor Polis had signed in 2024 and which had been delayed from a February 2026 effective date to 30 June 2026 by SB 25B-004. SB 189 takes effect on 1 January 2027.
SB 24-205 imposed a duty of reasonable care on developers and deployers of high-risk AI systems, mandatory pre-deployment impact assessments, annual algorithmic discrimination reviews, an obligation to report discovered discrimination to the Colorado Attorney General within 90 days, and public disclosure of AI system capabilities and risk management practices. SB 189 removes all of those risk-based obligations. The replacement law redefines coverage around automated decision-making technology (ADMT), which the statute defines as technology that processes personal data to make or materially influence a consequential decision. Consequential decisions include determinations affecting access to education, employment, property leases or purchases, financial services, insurance, healthcare, and essential government services.
Developers and deployers of ADMT covered by SB 189 must comply with disclosure obligations and support defined consumer rights, including the right to contest certain ADMT-driven determinations, rather than the impact assessments and risk management programs SB 24-205 required. Employers, lenders, insurers, healthcare providers, and property managers using automated systems to make or inform consequential decisions must review their AI deployments against the ADMT definition and build disclosure mechanisms before 1 January 2027. Entities that had already structured SB 24-205 compliance programs, including impact assessment procedures and annual audit protocols, must reorient those efforts toward the disclosure and consumer rights obligations in SB 189.
SB 24-205 remains in force until 1 January 2027 when SB 189 supersedes it, so the 30 June 2026 effective date for SB 24-205 carries no practical compliance consequence. The shift from a risk-based duty of care to a disclosure-based ADMT model tracks legislative preferences in several other U.S. states, though the exact scope of material influence in the ADMT definition has not been tested by Colorado courts or the Attorney General. Open questions include the relationship between SB 189 and Colorado's existing Colorado Privacy Act, and whether ADMT disclosure requirements interact with or duplicate obligations under Colorado's consumer protection statutes.
Licentium advises AI developers, technology deployers, and regulated entities in the employment, financial services, healthcare, and insurance sectors on U.S. state AI law compliance, automated decision-making governance, and consumer rights obligations. Organizations assessing their SB 189 obligations or comparing Colorado's ADMT requirements against other U.S. state AI laws are invited to contact our team. Work we undertake includes U.S. state AI compliance assessment, automated decision-making governance design, AI discrimination risk review, Colorado Privacy Act intersection analysis, and multi-state AI compliance strategy.
Source: Colorado General Assembly, SB 26-189 Automated Decision-Making Technology, signed 14 May 2026