CO-AI-Act
Colorado Artificial Intelligence Act (SB 24-205)
- I. Consumer Protections for Artificial Intelligence
- Art. 1701. Definitions (5)
- Art. 1702. Developer Duty to Avoid Algorithmic Discrimination ref
- Art. 1703. Deployer Duty to Avoid Algorithmic Discrimination ref
- Art. 1704. Disclosure of AI System to Consumer (1)
- Art. 1705. Compliance with Other Legal Obligations (4)
- Art. 1706. Enforcement by Attorney General (7)
- Art. 1707. Rules (7)
Title I — Consumer Protections for Artificial Intelligence
Article 1701. Definitions
5 obligations
CO-AIA-1701-01
Prohibition
Prohibition on algorithmic discrimination
Must not use artificial intelligence systems in a manner that results in unlawful differential treatment or impact that
CO-AIA-1701-02
Requirement
Exception for self-testing compliance activities
Developers and deployers may use high-risk AI systems for self-testing purposes to identify, mitigate, or prevent discri
CO-AIA-1701-03
Requirement
Exception for diversity and anti-discrimination initiatives
Developers and deployers may use high-risk AI systems for the sole purpose of expanding applicant, customer, or particip
CO-AIA-1701-04
Requirement
Requirement for initial impact assessment before predetermined changes
When making predetermined changes to high-risk AI systems that result from system learning, deployers or contracted thir
CO-AIA-1701-05
Documentation
Requirement to include predetermined changes in technical documentation
Any predetermined changes made to high-risk AI systems as a result of system learning must be included in the technical
Article 1704. Disclosure of AI System to Consumer
1 obligation
Article 1705. Compliance with Other Legal Obligations
4 obligations
CO-AIA-1705-01
Documentation
Burden of Proof for Exemption Claims
When claiming an exemption under Article 1705, the developer, deployer, or other person must demonstrate that their acti
CO-AIA-1705-02
Requirement
Insurance Sector Compliance with Section 10-3-1104.9
Insurers, fraternal benefit societies, or developers of AI systems used by insurers must comply with section 10-3-1104.9
CO-AIA-1705-03
Monitoring
Financial Institution Anti-Discrimination Auditing
Financial institutions subject to state or federal prudential regulation must regularly audit their use of high-risk AI
CO-AIA-1705-04
Risk Management
Financial Institution Algorithmic Discrimination Mitigation
Financial institutions subject to state or federal prudential regulation must mitigate any algorithmic discrimination ca
Article 1706. Enforcement by Attorney General
7 obligations
CO-AIA-1706-01
Conformity
Submit to burden of proof for affirmative defense compliance
When claiming an affirmative defense under subsection (3), developers, deployers, or other persons must demonstrate to t
CO-AIA-1706-02
Monitoring
Discover and cure violations through feedback mechanisms
To qualify for affirmative defense, developers, deployers, or other persons must discover and cure violations of this pa
CO-AIA-1706-03
Monitoring
Discover and cure violations through adversarial testing or red teaming
To qualify for affirmative defense, developers, deployers, or other persons must discover and cure violations of this pa
CO-AIA-1706-04
Monitoring
Discover and cure violations through internal review processes
To qualify for affirmative defense, developers, deployers, or other persons must discover and cure violations of this pa
CO-AIA-1706-05
Conformity
Maintain compliance with NIST AI Risk Management Framework and ISO/IEC 42001
To qualify for affirmative defense, developers, deployers, or other persons must be in compliance with the latest versio
CO-AIA-1706-06
Conformity
Maintain compliance with equivalent or more stringent AI risk management frameworks
To qualify for affirmative defense, developers, deployers, or other persons may alternatively comply with another nation
CO-AIA-1706-07
Conformity
Maintain compliance with attorney general designated AI risk management frameworks
To qualify for affirmative defense, developers, deployers, or other persons may comply with any risk management framewor
Article 1707. Rules
7 obligations
CO-AIA-1707-01
Requirement
Attorney General Authority to Promulgate Implementation Rules
The attorney general is authorized and may promulgate rules as necessary for the purpose of implementing and enforcing t
CO-AIA-1707-02
Documentation
Rules for Developer Documentation Requirements
The attorney general may establish rules specifying the documentation and requirements that developers must comply with
CO-AIA-1707-03
Transparency
Rules for Notice and Disclosure Contents and Requirements
The attorney general may establish rules defining the contents of and requirements for the notices and disclosures requi
CO-AIA-1707-04
Risk Management
Rules for Risk Management Policy and Program Content
The attorney general may establish rules defining the content and requirements of the risk management policy and program
CO-AIA-1707-05
Risk Management
Rules for Impact Assessment Content and Requirements
The attorney general may establish rules defining the content and requirements of the impact assessments required by sec
CO-AIA-1707-06
Conformity
Rules for Rebuttable Presumption Requirements
The attorney general may establish rules defining the requirements for the rebuttable presumptions set forth in sections
CO-AIA-1707-07
Conformity
Rules for Affirmative Defense Requirements and Framework Recognition
The attorney general may establish rules defining the requirements for the affirmative defense set forth in section 6-1-