Who is bound by this ruling?

Companies and agencies using automated decision-making technology in employment, education, and financial services decisions

When does this ruling take effect?

The ruling takes effect on Jan 1, 2027.

What does this ruling require?

The ruling requires the bound parties to: Companies must notify job seekers, prospective college students, and loan applicants if AI will be involved in weighing their applications; People whose applications are rejected must be able to request information about what data was used in the decision; Rejected applicants must be able to request meaningful human review and reconsideration; The law applies to consequential decisions made on or after the effective date.

Back to Pulse

May 22, 2026

Colorado replaces AI Act with disclosure law

Colorado Governor Jared Polis signed legislation repealing and replacing the Colorado AI Act with a disclosure-based regime that requires companies to notify people when AI is used in consequential decisions and allows rejected applicants to request data information and human review.

Issuing body: Colorado General Assembly
Jurisdiction: Colorado
Binding status: State statute
Enforcement: Civil penalty, Colorado Attorney General
Who is bound: Companies and agencies using automated decision-making technology in employment, education, and financial services decisions
Decided: May 14, 2026
Effective: Jan 1, 2027

Key obligations

1Companies must notify job seekers, prospective college students, and loan applicants if AI will be involved in weighing their applications
2People whose applications are rejected must be able to request information about what data was used in the decision
3Rejected applicants must be able to request meaningful human review and reconsideration
4The law applies to consequential decisions made on or after the effective date

What's now different

Colorado's regulatory pivot ends a two-year policy tug-of-war over how tightly the state should regulate AI. The original Colorado AI Act, passed in 2024, required companies to undertake preemptive risk assessments to limit AI's potential to facilitate discrimination. That law never took effect—its June 30, 2026 effective date was weeks away when the replacement was signed. The new regime removes the risk assessment mandate and substitutes disclosure requirements and human review rights.

The compliance cost for companies is significantly lower under the new law. Instead of conducting algorithmic impact assessments and documenting bias mitigation measures, companies must implement notification systems and data access mechanisms. The law appropriates $100,403 for state fiscal year 2026-27 to support implementation. Enforcement remains with the Colorado Attorney General, who can impose civil penalties for violations.

This replacement matters because it signals a broader retreat from the European Union-style risk-based approach that Colorado pioneered at the state level. The original law was the first in the U.S. to impose broad obligations on developers and deployers of high-risk AI systems. Its replacement with a disclosure framework suggests that comprehensive AI governance may face practical implementation challenges even in jurisdictions that initially embraced it.

Next observable signals

as of May 22, 2026

First enforcement action under the new disclosure-based regime
Other states following Colorado's shift from risk assessment to disclosure requirements

Primary record

Read the signed billDenver Post · May 2026 →