Colorado AI Act 2026: Why it is the template every Asian Regulator is watching

Article by

GoTrust

Introduction 

Artificial intelligence is significantly transforming modern business operations by providing tailored solutions that address the specific needs of different industries. While nearly all sectors use AI for marketing and sales, companies are strategically applying technology functions that generate the highest value in their fields.  

AI has become an essential, adaptable tool that helps organisations modernise their workflows and achieve substantial growth. It has grown from a simple tool for saving time into an essential foundation for modern business strategy. Today, 85% of executives consider AI necessary for creating entirely new business models, 92% plan to automate their daily operations using AI by 2026. 

In this regard, Colorado became the first U.S. state to enact a comprehensive artificial intelligence law regulating the use of AI systems in consequential decision-making, including employment-related decisions. The law establishes a new compliance framework and obligations of AI Developers and Deployers, due to which it has attracted global attention 

The Act applies to automated decision-making systems that process personal data and generate outputs such as predictions, recommendations, classifications, rankings, scores, or similar information used to make, support, or guide decisions about individuals. 

An important feature of the legislation is the material influence standard. An AI system is considered to materially influence a decision when its output is more than a negligible factor in determining the outcome. This includes situations that substantially shape the decision-making process. Consequently, employers using AI tools that meaningfully affect employment decisions may be subject to the Act's requirements and oversight. 

Algorithmic Bias 

The Colorado AI Act Part 17 to Article 1 of title 6 defines “Algorithmic discrimination” as situations where an AI system results in unlawful differential treatment to individuals or groups based on protected characteristics such as age, disability, ethnicity, race, religion, sex, veteran status, national origin, genetic information, or any other classification protected under state or federal law.  

Algorithmic bias occurs when machine learning systems produce discriminatory or unfair results due to systematic errors. This issue typically stems from human choices rather than the algorithm itself, arising from flawed training data, subjective programming decisions, or improper interpretation of results. 

The Colorado AI Act and the Key Obligations of the Stakeholders 
Section 6-1-1702 of the Act sets out the principal obligations of AI developers 

To support the responsible deployment of an AI system, developers are required to provide deployers with clear information that identifies the intended use cases of the AI system and outlines the foreseeable inappropriate uses or applications for which the system is not designed.  

Developers must also disclose any known limitations of the system, along with identified risks of algorithmic discrimination, bias, unfair treatment, or other discriminatory outcomes, to deployers. Furthermore, developers are required to explain the purpose of the AI system, the benefits it is intended to provide, and the contexts in which it is expected to operate effectively, allowing deployers to assess its suitability for their intended use. 

They must maintain and provide records of the testing and evaluation procedures conducted to assess the AI system’s performance, accuracy, and potential risks of algorithmic discrimination. Moreover, the data governance measures implemented must also be documented to ensure proper data management and reduce the likelihood of biased outcomes.  

In addition, the intended outputs of the AI system must be described so that deployers can understand the scope and limitations of the system’s decision-making capabilities. Furthermore, developers must provide details of the measures adopted to identify, prevent, and mitigate foreseeable risks of algorithmic discrimination before the system is deployed. 

Section 6-1-1703 of the Act sets out the principal obligations of AI Deployer 
Risk Management Program 

Deployers are required to establish and maintain a comprehensive risk management policy and program to identify, document, and mitigate risks of algorithmic discrimination associated with high-risk AI systems. This program must assess potential harms arising from the use of such systems and implement appropriate safeguards to minimise discriminatory outcomes.  

The risk management framework is expected to operate throughout the entire lifecycle of the AI system, ensuring continuous oversight from deployment to its ongoing operation and use. Additionally, deployers must regularly review and update their risk management measures to address emerging risks, technological advancements, and changes in operational contexts.  

Furthermore, to ensure effectiveness and consistency, the program should be aligned with recognised governance frameworks and industry standards, such as the NIST AI Risk Management Framework, ISO/IEC 42001, or other equivalent standards. 

Impact Assessments 

Deployers, or third parties acting on their behalf, must conduct impact assessments before deployment and periodically thereafter. Such assessments must include the purpose, intended use cases, deployment context, and anticipated benefits of the high-risk AI system. They must also evaluate foreseeable risks of algorithmic discrimination and identify the measures adopted to mitigate those risks. Additionally, the assessment must contain details regarding the categories of input and output data processed by the system, information concerning any system customisation or modifications, and performance metrics along with known limitations that may affect the reliability or accuracy of the system.  

The assessment must further outline the transparency measures adopted to inform consumers about the operation and use of the AI system. Deployers are required to retain records of these impact assessments and regularly review deployed systems to ensure that they do not cause algorithmic discrimination. 

Consumer Notice and Rights 

Where a high-risk AI system is used to substantially influence a consequential decision concerning a consumer, a deployer must clearly inform consumers that an AI system has been used in the decision-making process and the information regarding why the AI system is being used, the specific purpose it serves, and the nature of the consequential decision.  

Deployers are also required to provide consumers with contact details through which they may seek further information, raise concerns, or request clarification regarding the AI system. In addition, consumers must be provided with a clear and easily understandable description of the system, including its general functioning, its role in the decision-making process, and the factors it considers, without relying on complex technical terminology.  

If an adverse consequential decision is made, consumers must be provided with meaningful information regarding the personal data and other relevant information used in reaching the decision and must also be allowed to correct inaccurate, incomplete, or outdated personal data that may have influenced the outcome.  

Furthermore, consumers must be provided with an opportunity to appeal the decision, including access to human review where it is technically feasible. All notices provided under these requirements must be in plain language, accessible to persons with disabilities, and made available in the languages ordinarily used by the deployer when communicating with consumers. 

Conclusion 

The Colorado AI Act is set to come into force in January 2027 and marks a significant step towards establishing accountability in the development and deployment of artificial intelligence systems. By imposing clear obligations on both AI developers and deployers, the Act recognises that the responsibility for preventing algorithmic discrimination and other AI-related harms must be shared across the entire AI lifecycle. 

It provides a framework to ensure that AI systems are used in a manner that respects individual rights and minimises the risk of discriminatory outcomes. As AI continues to play a greater role in consequential decisions, such safeguards become increasingly essential. 

The act has been challenged on various grounds, including claims that it is unconstitutionally vague and may permit arbitrary enforcement. It remains to be seen how effectively the Act will be enforced and uniformly complied with in practice. Its success may serve as a model for other jurisdictions and encourage the enactment of similar legislation aimed at regulating high-risk AI systems and addressing algorithmic discrimination. 

Want to stay ahead?  

Reach out to the experts at tsaaro.com today.