Digital Information GovernanceDIG® · The Standard Reference
HomeRegulations › Colorado AI Act
Regulatory context

The Colorado AI Act

Authored by Matthew Bertram · Updated June 2026 · DIG Framework v1.0

Colorado AI Act (SB 24-205)

The Colorado AI Act (SB 24-205) requires developers and deployers of high-risk AI systems to use reasonable care to protect consumers from algorithmic discrimination in consequential decisions.

Colorado enacted SB 24-205 in 2024, one of the first comprehensive US state AI laws. Its high-risk-AI obligations take effect in 2026, with the exact date amended by the legislature. It is enforced by the Colorado Attorney General.

What it covers

The Act applies to AI used in consequential decisions: employment, lending, housing, education, healthcare, insurance, and legal services. Developers and deployers owe a duty of reasonable care to avoid algorithmic discrimination, and deployers must run risk management and impact assessments, notify consumers, and document their controls.

How DIG maps

Reasonable care is provable only if it is documented. Provenance and traceability supply the record of how a high-risk decision was made; audit readiness produces the impact assessment and decision trail the Act expects. DIG is the decision-level discipline behind a Colorado compliance posture. It pairs with Texas's TRAIGA as the US state law moves first.

Frequently asked questions

What does the Colorado AI Act require?

Developers and deployers of high-risk AI must use reasonable care to avoid algorithmic discrimination in consequential decisions, run risk management and impact assessments, notify consumers, and document their controls. It is enforced by the state Attorney General.

When does the Colorado AI Act take effect?

It was enacted in 2024 and its high-risk-AI obligations take effect in 2026; the legislature amended the effective date, so confirm the current date before relying on it.

Put DIG to work in your organization.Governance Readiness Assessment →Book a keynote on DIG →

References

  1. NIST AI Risk Management Framework (AI RMF 1.0): Govern, Map, Measure, Manage. National Institute of Standards and Technology, 2023. View source ↗
  2. Information governance: the records and data lifecycle discipline (storage, retention, disposition), distinct from AI decision governance. ARMA International, Generally Accepted Recordkeeping Principles; AIIM. View source ↗
  3. EU AI Act, Regulation (EU) 2024/1689 (Official Journal of the European Union); ISO/IEC 42001:2023; Texas Responsible AI Governance Act (TRAIGA). View source ↗
  4. USPTO Trademark Reg. No. 99559923, Digital Information Governance / DIG, owner Matthew Bertram. View source ↗

Related

All regulationsTRAIGAStatistics