Aguardic logoAguardic
Start Free Trial
Takes Effect June 30, 2026

The Colorado AI Act Takes Effect in Weeks. Will You Show Reasonable Care?

SB 24-205 creates an affirmative duty to prevent algorithmic discrimination in consequential decisions, enforced by the Colorado Attorney General. Aguardic enforces your Colorado AI Act policies in real time and generates the impact assessment evidence to defend reasonable care.

Start Free TrialTake the Free Audit

14-day free trial · No credit card · Free Colorado AI Act policy pack

Enforcement Timeline

What Takes Effect June 30, 2026 — and What's Coming Next

June 30, 2026Takes Effect

Duty of Reasonable Care

Developers and deployers of high-risk artificial intelligence systems will be required to exercise reasonable care to protect Colorado consumers from known or reasonably foreseeable risks of algorithmic discrimination. Rebuttable presumption of reasonable care available for deployers who implement a risk management policy, complete impact assessments, and comply with disclosure requirements.

Penalty: Up to $20,000 per violation, enforced by the Colorado Attorney General

June 30, 2026Takes Effect

Consumer Notice & Disclosure Requirements

When a high-risk AI system makes or is a substantial factor in a consequential decision, consumers must be notified. Any AI system interacting with Colorado consumers must disclose the AI nature of the interaction. Adverse decisions trigger rights to correction, appeal, and explanation.

Penalty: Unfair trade practice under the Colorado Consumer Protection Act

June 30, 2026Takes Effect

Annual Impact Assessments

Deployers must complete impact assessments annually and within 90 days of any substantial modification to a high-risk AI system. Records must be maintained for at least three years following final deployment.

PendingLegislative Watch

SB 4 Colorado AI Sunshine Act

Proposed amendment introduced in the August 2025 special legislative session. Would grant consumers who receive adverse decisions the right to request a list of up to 20 personal characteristics that most influenced the decision, and introduce joint and several liability for developers and deployers alongside safe harbor provisions. Passed committee 4-3. Status pending as of April 2026.

Does This Apply to You?

The Colorado AI Act Applies if You Make or Enable Consequential Decisions About Colorado Consumers

You're a Developer if you:

  • Build or substantially modify AI systems that make or influence consequential decisions
  • Sell, license, or provide AI systems to deployers operating in Colorado
  • Offer foundation models or AI APIs used by downstream deployers for high-stakes decisions
  • Integrate third-party AI into a product deployed in Colorado with material modifications

You're a Deployer if you:

  • Use AI to make or substantially influence consequential decisions about Colorado consumers
  • Deploy AI in hiring, credit, housing, healthcare, education, insurance, legal services, or essential government services
  • Integrate third-party AI into workflows affecting Colorado residents
  • Operate AI systems that interact directly with Colorado consumers (broader disclosure obligation under Sec. 6-1-1704)

Consequential decisions cover:

Education enrollment or opportunityEmployment or employment opportunityFinancial or lending servicesEssential government servicesHealth care servicesHousingInsuranceLegal services

The jurisdictional test isn't where your company is based — it's whether the AI is deployed in connection with consequential decisions about Colorado residents. Small deployers (under 50 FTE) may qualify for a limited exemption under specific conditions.

The Cost of Non-Compliance

Colorado AI Act Penalties Stack Per Violation

$20,000

Maximum penalty per individual violation

Enforceable from June 30, 2026

Per Consumer

Violations can stack per affected Colorado consumer, not per AI system. A single discriminatory model affecting thousands of consumers creates exposure in the millions.

Enforceable from June 30, 2026

Unfair Trade

Violations are deemed unfair or deceptive trade practices under the Colorado Consumer Protection Act, enabling additional state remedies and consumer-facing reputational damage.

Enforceable from June 30, 2026

The Colorado Attorney General has exclusive enforcement authority. There is no private right of action under SB 24-205, but the AG's office has signaled active monitoring from June 30, 2026.

Requirements Coverage

Colorado AI Act Coverage Matrix

No single tool covers every SB 24-205 requirement. This is the full statute-to-control reference — what Aguardic enforces, the evidence it produces, and the judgment work your counsel and operators still own.

5Covered
4Partial
1Not Covered
Total: 10
Covered·

Sec. 6-1-1702(1)

Developer Duty of Reasonable Care

Developers must use reasonable care to protect consumers from foreseeable algorithmic discrimination risks in high-risk AI systems.

How Aguardic helps

Continuous policy enforcement logs every evaluation with full decision reasoning, creating a defensible record of reasonable care.

Evidence produced

Policy enforcement logs · continuous evaluation records · violation detection and remediation trail

What you handle

Approve the risk framing and sign off on the defensibility narrative for your specific use case.

Partial·

Sec. 6-1-1702(2)

Developer Documentation & Disclosure

Developers must give deployers a statement of intended uses, foreseeable risks, training data summary, and mitigation measures.

How Aguardic helps

AI System Registry captures intended purpose, risk classification, and deployment context. Training data summary and performance evaluation need manual enrichment.

Evidence produced

AI System Registry exports · policy configuration records · risk classification documentation

What you handle

Author the training data summary and performance evaluation narrative. Maintain developer-deployer disclosure contracts.

Partial·

Sec. 6-1-1702(4)

Disclosure of Algorithmic Discrimination to AG (90-day window)

Developers must disclose discovered algorithmic discrimination to the Colorado AG and known deployers within 90 days.

How Aguardic helps

Real-time violation detection surfaces discrimination signals. Audit trail supports AG disclosure but does not automate the AG notification itself.

Evidence produced

Violation detection logs · incident timestamps · audit trail exports

What you handle

Make the decision to disclose, draft the AG notification, and manage the 90-day window with qualified counsel.

Covered·

Sec. 6-1-1703(2)

Deployer Risk Management Policy & Program

Deployers must run an iterative AI risk management program reasonably aligned with NIST AI RMF or ISO 42001.

How Aguardic helps

Pre-built NIST AI RMF and ISO 42001 packs align to the Sec. 6-1-1706 affirmative defense. Versioned policies, continuously evaluated.

Evidence produced

NIST AI RMF policy pack · ISO 42001 policy pack · policy version history · continuous evaluation logs

What you handle

Ratify the policy with an executive sponsor. Customize per-AI-system controls where your context requires.

Partial·

Sec. 6-1-1703(3)

Annual Impact Assessments

Deployers must complete impact assessments annually and within 90 days of any substantial modification.

How Aguardic helps

AI System Registry, evaluation data, and violation history feed the impact assessment. Final document still requires human authorship.

Evidence produced

AI System Registry exports · continuous evaluation reports · violation trend analysis · policy coverage reports

What you handle

Author the final impact assessment document using Aguardic exports as source data. Assign accountable owners and review cadence.

Covered·

Sec. 6-1-1703(4)(a)

Consumer Notice Before Consequential Decisions

Deployers must notify consumers before a high-risk AI system influences a consequential decision about them.

How Aguardic helps

Pre-built Consumer Notice policy fires at consequential-decision endpoints and blocks actions missing the required disclosure.

Evidence produced

Consumer notice policy evaluation logs · decision-point audit trail · blocked action records

What you handle

Approve the disclosure copy with counsel. Confirm the notice renders at every consequential-decision touchpoint.

Partial·

Sec. 6-1-1703(4)(b)

Right to Correction and Appeal

Deployers must let consumers correct adverse-decision data and appeal via human review where feasible.

How Aguardic helps

The Consumer Disclosure pack flags adverse decisions that ship without appeal pathway information, and escalation modes route flagged decisions for human review. Aguardic surfaces the gap; the end-to-end data-subject appeal workflow still lives in your product.

Evidence produced

Adverse-decision violation logs · escalation records · missing-appeal-info detections

What you handle

Build or procure the consumer data-subject request workflow, staff the human review queue, and maintain the appeal decision log.

Covered·

Sec. 6-1-1703(2)

Post-Deployment Monitoring

Deployers must monitor high-risk AI for algorithmic discrimination across the lifecycle and review annually.

How Aguardic helps

Continuous evaluation logs every AI action against active policies. Annual review exports available on demand.

Evidence produced

Continuous evaluation logs · compliance dashboard · annual review exports

What you handle

Conduct the annual review session and sign off on continued deployment decisions.

Covered·

Sec. 6-1-1703(5)

Public Website Disclosure

Deployers must publish a statement naming the high-risk AI systems they deploy and how risks are managed.

How Aguardic helps

AI System Registry exports generate the structured inventory and risk-management narrative regulators expect.

Evidence produced

AI System Registry public exports · policy summary reports · data source documentation

What you handle

Publish the statement on your corporate site and route marketing / legal review before posting.

Not Covered·

Sec. 6-1-1704

Consumer-Facing AI Disclosure (Non-High-Risk)

Developers and deployers must disclose when a Colorado consumer is interacting with an AI system, unless it would be obvious to a reasonable person.

How Aguardic helps

Aguardic flags undisclosed backend AI interactions; UI disclosures are handled by product engineering, not governance infrastructure.

What you handle

Add UI-layer AI disclosure across every consumer-facing AI interaction point (chatbots, recommendations, generative features).

Browse the Colorado AI Act Policy Pack

Coverage mappings reflect Aguardic's current product capabilities mapped to Colorado AI Act (SB 24-205) requirements for high-risk AI systems. Validate with qualified legal counsel for your specific use case. Compliance with NIST AI RMF or ISO 42001 supports the affirmative defense under Sec. 6-1-1706.

Colorado vendor assessment?

Answer with SB 24-205 controls Aguardic enforces

Upload it. We draft answers citing Sec. 6-1-1703 + NIST AI RMF function mappings — describing the controls that support the Sec. 6-1-1706 rebuttable-presumption defense. Aguardic produces the underlying audit evidence on an ongoing basis.

Upload questionnaire

Explore Other Frameworks

HIPAAHealthcareEU AI ActEU RegulationSOC 2Trust ServicesISO 42001AI ManagementNIST AI RMFUS FederalAIUC-1AI Agent Security

View all compliance frameworks

Show reasonable care before June 30.

Install the Colorado AI Act policy pack with NIST AI RMF alignment, connect your AI systems, and generate the impact assessment evidence the Colorado AG will request.

14-day free trial
No credit card required
Colorado AI Act policy pack included
Start Free Trial

Or explore the documentation

This page summarizes key provisions of the Colorado Artificial Intelligence Act (SB 24-205) for informational purposes only. Aguardic is not a law firm and this is not legal advice. Consult qualified legal counsel to assess your specific compliance obligations. Coverage mappings reflect Aguardic's current product capabilities as of April 2026 and are subject to change as the statute evolves through Attorney General rulemaking.

Colorado AI Act Compliance — Automate SB 24-205 Enforcement | Aguardic - Aguardic