What You Need to Know
Overview
The Colorado AI Act is one of the most comprehensive AI regulations in the United States. It requires businesses using "high-risk AI systems" to implement risk management programs, conduct impact assessments, and provide extensive consumer notifications.
What is a "High-Risk AI System"?
Any AI system that makes or is a "substantial factor" in making a "consequential decision." In employment, this includes decisions about:
- Hiring and recruiting
- Promotions and demotions
- Termination
- Compensation
- Work assignments
- Performance evaluation
Key Requirements
- Reasonable Care Standard: Use reasonable care to protect consumers from algorithmic discrimination
- Risk Management Program: Implement programs aligned with NIST AI Risk Management Framework
- Impact Assessments: Complete annually or within 90 days of substantial modification
- Consumer Notifications: Notify before making consequential decisions using AI
- Adverse Decision Requirements: Provide statement of reasons, opportunity to correct data, and appeal with human review
Small Business Exemption
Businesses with fewer than 50 full-time employees may qualify for a limited exemption if they:
- Do not use their own data to train AI systems
- Use AI systems only as intended by the developer
- Make available the developer's impact assessment
Note: Even small businesses must still notify consumers of AI use.
Impact Assessment Requirements
Impact assessments must be completed annually and include:
Penalties for Non-Compliance
Up to $20,000 Per Violation
Violations are treated as unfair or deceptive trade practices under Colorado law. The Attorney General has exclusive enforcement authority.
- $20,000 maximum per violation
- Each affected consumer may constitute a separate violation
- No private right of action (individuals cannot sue directly)
- Injunctive relief may be sought
Affirmative Defense Available
Businesses may have a defense if they discover and cure violations through internal review or external feedback AND comply with recognized frameworks like NIST AI RMF or ISO/IEC 42001.
How EmployArmor Helps
Impact Assessment Generator
Create Colorado-compliant impact assessments with our guided workflow and templates.
Risk Management Documentation
Document your risk management program with NIST AI RMF-aligned templates.
Consumer Notification Templates
Generate compliant notification language for candidates and employees.
Adverse Decision Process
Set up compliant workflows for appeals and human review of AI decisions.
Get Compliant Today
No credit card required to start.
Starter
Small teams, single state
- ✓1 state compliance
- ✓Up to 50 employees
- ✓Compliance documents
- ✓Risk assessment
- ✓Email support
Growth
Growing companies, multi-state
- ✓Up to 6 states
- ✓Up to 500 employees
- ✓All compliance documents
- ✓Training modules
- ✓Priority support
- ✓Quarterly compliance reviews
Scale
Large organizations, nationwide
- ✓Unlimited states
- ✓Unlimited employees
- ✓All compliance documents
- ✓All training modules
- ✓Dedicated account manager
- ✓Monthly compliance reviews
- ✓Custom integrations
Enterprise
Complex compliance needs
- ✓Everything in Scale
- ✓Multi-entity support
- ✓Custom training content
- ✓API access
- ✓SSO / SAML
- ✓SLA guarantee
Get Ahead of the June Deadline
Colorado's requirements are extensive. Start your compliance journey today.
Disclaimer: This content is for informational purposes only and does not constitute legal advice. Employment laws vary by jurisdiction and change frequently. Consult a qualified employment attorney for guidance specific to your situation. EmployArmor provides compliance tools and resources but is not a law firm.