Summary of article from IAPP, by Cobun Zweifel-Keegan:
The Colorado AI Act, the first U.S. cross-sector AI governance law, was signed into law on May 17, 2024, with key provisions effective from Feb. 2026. The law focuses on high-risk AI systems, defined as those making consequential decisions, and introduces stringent requirements to prevent algorithmic discrimination. The Act imposes responsibilities on both developers and deployers of AI systems, requiring them to use reasonable care to avoid algorithmic discrimination and mandating comprehensive documentation and impact assessments. The law also requires incident reporting, public disclosure of risk management, and direct consumer notifications. The law exempts entities covered by HIPAA if they provide AI-generated recommendations that require a health care provider to take action to implement that recommendation. Enforcement of the law, which treats violations as breaches of Colorado’s general consumer protection statute, will be carried out by the Colorado attorney general starting 1 Feb. 2026.