Understanding Colorado’s Consumer Protections for Artificial Intelligence Act

On May 17, 2024, the state of Colorado took a significant step in regulating artificial intelligence (AI) with the signing of the Consumer Protections for Artificial Intelligence Act. This bill, which goes into effect on February 1, 2026, aims to protect consumers by ensuring that high-risk AI systems operate without causing algorithmic discrimination. As businesses and developers prepare to comply with this new law, it’s crucial to understand its key components and implications.

Key Requirements of the Act

  1. Definition and Scope

The bill defines a “high-risk artificial intelligence system” and outlines the responsibilities of both developers and deployers of such systems. High-risk systems are those that have significant impacts on consumers, potentially affecting areas such as employment, credit, housing, and other critical decisions.

  1. Reasonable Care to Avoid Algorithmic Discrimination

Both developers and deployers are required to exercise reasonable care to avoid algorithmic discrimination. This includes making certain disclosures, conducting impact assessments, and implementing risk management policies.

  1. Responsibilities of Developers

Developers of high-risk AI systems must:

  • Provide deployers with statements and documentation necessary for impact assessments.
  • Make public statements summarizing the types of high-risk systems developed and how risks of algorithmic discrimination are managed.
  • Disclose known or foreseeable risks of algorithmic discrimination to the attorney general and deployers within 90 days of discovery.
  1. Responsibilities of Deployers

Deployers must:

  • Implement risk management policies and conduct annual reviews of high-risk systems.
  • Notify consumers when a high-risk system makes a consequential decision affecting them.
  • Offer consumers the ability to correct personal data and appeal adverse decisions through human review.
  • Make public statements on the types of high-risk systems deployed and how risks are managed.
  1. Consumer Disclosure

AI systems intended to interact with consumers must disclose to consumers that they are interacting with an AI system.

Interpreting “Substantial Factor” and Algorithmic Discrimination

The term “substantial factor” in the context of algorithmic discrimination requires careful interpretation. It implies that the AI system’s algorithm played a significant role in causing discriminatory outcomes. To mitigate this risk, developers and deployers should ensure their systems are designed and tested to minimize biases. For example, a credit scoring system that disproportionately denies loans to a particular demographic group based on biased data would be considered discriminatory.

Impact of Algorithmic Discrimination

Discrimination by algorithms can have severe repercussions, including legal liabilities and reputational damage. An AI system that inadvertently discriminates can lead to unequal treatment in crucial areas like hiring, lending, and law enforcement. Therefore, companies must be vigilant in monitoring and adjusting their algorithms to ensure fairness and compliance with the law.

Compliance Strategies for Developers

Developers should adopt best practices to comply with the new law, such as:

  • Adopting Risk Management Frameworks: Utilize nationally or internationally recognized frameworks to manage risks associated with AI systems.
  • Conducting Regular Audits: Perform regular audits and impact assessments to identify and mitigate potential biases.
  • Transparency and Documentation: Maintain clear documentation and make necessary disclosures to deployers and regulatory bodies.


The Consumer Protections for Artificial Intelligence Act represents a significant advancement in AI regulation, emphasizing the importance of avoiding algorithmic discrimination and ensuring transparency. By understanding and complying with the requirements of this new law, companies can protect themselves from legal risks while fostering trust and fairness in their AI systems. As the implementation date approaches, businesses should take proactive steps to align their practices with the bill’s provisions and prepare for the evolving regulatory landscape.

Full text of the bill can be found here.

Tom Preece

About The Author

Tom Preece

Director of Pre-Sales Consultancy

Tom Preece works directly with clients, partners, internal Product Development and Marketing to improve, sell, and deliver Rational Enterprise technologies. He converses daily with executive- and director-level practitioners in Legal, Compliance, InfoSec, Privacy, and KM departments to better understand their problems and relate the multi-layered value that in-place supervised machine learning technology can provide.