Colorado AI Act: SB26-189 (ADMT Act) Replaces SB 24-205 — New January 1, 2027 Deadline

What It Does (As Amended)

Colorado SB 24-205, the original Colorado Artificial Intelligence Act, was repealed and replaced by SB26-189 on May 14, 2026. The amended law is now the Colorado Automated Decision-Making Technology (ADMT) Act, taking effect January 1, 2027. The amended Act requires developers to provide deployers with technical documentation, requires deployers to give clear and conspicuous notice at the point of interaction and a plain-language description within 30 days of any adverse consequential decision, and gives consumers the right to correct data and request meaningful human review. The Colorado Attorney General has exclusive enforcement authority.

Who It Applies To

The amended law applies to two categories: developers (entities that design, code, or substantially modify ADMT) and deployers (entities that use ADMT to make or materially influence consequential decisions). Consequential decisions cover seven domains under SB26-189: education, employment, housing, financial or lending services, insurance, healthcare, and essential government services. SB26-189 also clarifies that the Act does not apply to independent contractors or non-Colorado residents, and applies only to employers “doing business in Colorado.”

Key Provisions (Updated for SB26-189)

• Developer documentation: Must provide deployers with technical documentation sufficient to understand intended use, training data categories, known limitations, and consequential-decision use cases; must notify deployers of material updates.
• Deployer notice: Must provide a clear, conspicuous notice at the point of interaction whenever ADMT makes or materially influences a consequential decision.
• Adverse-outcome disclosure: Within 30 days of an adverse consequential decision, deployers must provide a plain-language description of how ADMT was used and the principal reason(s) for the outcome.
• Consumer rights: Consumers may correct personal data used by ADMT and request meaningful human review.
• Record retention: 3 years for developers and deployers.
• Removed by SB26-189: Algorithmic-discrimination duty of care, annual impact assessments, formal risk-management program, 90-day AG notification, and website disclosures.
• AG enforcement: The Colorado Attorney General has exclusive enforcement authority under the Colorado Consumer Protection Act. There is no private right of action. A 60-day cure period applies for curable violations and sunsets January 1, 2030.

Compliance Checklist

If you develop or deploy ADMT affecting Colorado consumers, before January 1, 2027 you should:

1. Classify your ADMT systems to determine which make or materially influence consequential decisions.
2. Build a point-of-interaction notice wherever ADMT is used in consequential decisions.
3. Build an adverse-outcome disclosure workflow able to deliver a plain-language description within 30 days. Watch for the Colorado AG’s rulemaking due by Jan 1, 2027.
4. Build consumer-rights workflows to correct personal data and route adverse-outcome appeals to meaningful human review.
5. If you are a developer: Prepare technical documentation packages for deployers covering intended use, training data categories, known limitations, and consequential-decision use cases.
6. Set 3-year record retention for documentation, notices, and human-review records.
7. Evaluate governance tooling: The AI Compliance Vendors directory profiles platforms supporting ADMT documentation, consumer-notice workflows, and adverse-outcome disclosures.

How This Compares

Colorado’s ADMT Act remains one of the broadest state AI laws in the U.S. as of June 2026, but is now narrower than the original SB 24-205. It goes further than NYC Local Law 144, which covers only hiring AI. It is more focused on documentation and consumer notice than the EU AI Act’s risk-based framework. The amendments also reflect federal preemption pressure — see our federal AI preemption guide covering the December 2025 executive order and the DOJ’s April 2026 intervention in xAI v. Colorado.

Effective Date Countdown

Compliance deadline: January 1, 2027. Companies preparing for the original June 30, 2026 deadline should pause work tied to the removed obligations (algorithmic-discrimination duty of care, impact assessments, NIST AI RMF program) and redirect to ADMT documentation, point-of-interaction notice, adverse-outcome disclosure within 30 days, and consumer-rights workflows.

Read the Bill

• Colorado SB 24-205 on AI Laws by State
• Official bill text (Colorado General Assembly)

Author: AI Laws by State. This is not legal advice. For compliance questions specific to your operation, consult an attorney licensed in Colorado.