Colorado AI Act: Consumer Disclosure
Enforce consumer notice and disclosure requirements for consequential AI decisions under Sec. 6-1-1703(4) and 6-1-1704.
About This Policy Template
Policy for the Colorado AI Act consumer-facing disclosure obligations. Section 6-1-1703(4)(a) requires deployers to notify consumers before a high-risk AI system makes or is a substantial factor in a consequential decision — including the system purpose, contact information, description, and opt-out rights. Section 6-1-1704 requires any AI system interacting with Colorado consumers to disclose that the consumer is interacting with AI, regardless of high-risk classification. This policy detects consumer-facing AI interactions missing required disclosures and consequential decisions without consumer notice. Note: insurers regulated under the Colorado Division of Insurance are subject to separate AI governance requirements and are generally exempt from these provisions.
Policy Rules(3)
Critical Severity
(1)Consequential Decision Without Consumer Notice
Detect consequential decisions made by AI without required consumer notification (Sec. 6-1-1703(4)(a))
High Severity
(2)Adverse Decision Without Appeal Information
Detect adverse consequential decisions without information about correction and appeal rights (Sec. 6-1-1703(4)(b))
Undisclosed AI Consumer Interaction
Detect AI systems interacting with consumers without disclosing AI nature (Sec. 6-1-1704)
Enforcement by Integration
What happens when a violation is detected, based on the enforcement mode and integration type.
| Integration | Block | Approval | Warn | Monitor |
|---|---|---|---|---|
Version Control GitHub, GitLab, Bitbucket | Fail check run / merge request status | Pending check run — held for review | Neutral check run / comment on PR | Pass check run (silent) |
Email — Gmail Gmail | Quarantine label; + violation label (outbound) | Quarantine label — held for review | Add warning label | Log only |
Email — Outlook Outlook | Move to quarantine folder; + flag (outbound) | Move to quarantine — held for review | Flag + categorize | Log only |
Messaging Slack, Teams | Post violation warning in channel | Post 'held for review' warning | Post warning in channel | Log only |
Storage Google Drive, Dropbox, OneDrive | Move file to quarantine folder | Quarantine file — held for review | Log only | Log only |
AI Proxy OpenAI, Anthropic, Gemini, MCP, Agent | Block request (return 403) | Hold request — return review ID | Allow request + audit trail | Log only |
API REST API | Return BLOCK outcome (client decides) | Return APPROVAL_REQUIRED + poll URL | Return WARN outcome | Log only |
Version History
1 version published
Initial release
Colorado vendor assessment?
Answer with SB 24-205 controls Aguardic enforces
Ready to Install Colorado AI Act: Consumer Disclosure?
Get started with pre-built governance policies in minutes.