Colorado Artificial Intelligence Act (SB24-205)
Citation: SB24-205 (Colorado Revised Statutes § 6-1-1701 et seq.)
Effective: June 30, 2026 (delayed from original February 1, 2026 date)
Jurisdiction: Colorado — applies to any employer hiring for Colorado positions
Enforced by: Colorado Attorney General
Cure Period: 60 days after AG notice before civil penalties
Official Source: Colorado General Assembly – SB24-205
Overview
Colorado's Artificial Intelligence Act (SB24-205) is one of the most comprehensive AI employment laws in the United States. Effective June 30, 2026, it requires employers that use high-risk AI systems in employment decisions to conduct impact assessments, provide candidate disclosures, offer opt-out rights, maintain human oversight, and file annual accountability reports with the Colorado Attorney General.
Why this matters: With penalties up to $20,000 per violation — the highest of any U.S. AI hiring law — SB24-205 carries significant financial stakes. Employers using AI in hiring for Colorado positions must begin compliance preparation immediately.
Who must comply: Any employer deploying a high-risk AI system in employment decisions affecting Colorado workers — regardless of where the employer is headquartered.
What Is a "High-Risk AI System" in Employment?
Under SB24-205, a high-risk AI system in employment is one that:
- Makes or substantially influences a "consequential decision" about employment
- Consequential decisions include: hiring, firing, promotion, demotion, compensation, scheduling, and performance evaluation
- Poses a "reasonable foreseeable risk of algorithmic discrimination"
In practice, covered tools include:
| Tool Type | Covered? |
|---|---|
| Resume screening and ranking AI | ✓ High-risk |
| Video interview behavioral AI | ✓ High-risk |
| Candidate fit-scoring platforms | ✓ High-risk |
| AI-powered background check analysis | ✓ High-risk |
| Automated performance management | ✓ High-risk |
| Research/testing AI (not deployed) | Exempt |
Key Requirements for Employers
1. Impact Assessment (Pre-Deployment + Annual)
Before deploying a high-risk AI system — and annually thereafter — employers must conduct a written impact assessment covering:
- Description of the AI system and its intended purpose
- Analysis of known and reasonably foreseeable risks of algorithmic discrimination
- Description of data used to train or operate the system
- Performance evaluation across protected classes: race, color, ethnicity, sex, religion, age, national origin, disability, and veteran status
- Mitigation measures for identified risks
- Summary of oversight and governance policies
The assessment must be available to the Colorado AG upon request.
2. Disclosure to Applicants and Employees
Employers must provide clear notice before a high-risk AI system is used in a consequential employment decision:
- That a high-risk AI system is being used
- The type of decision it informs
- Contact information for requesting human review or explanation
Timing: Must be provided before AI use or at the time of decision notification.
3. Opt-Out Rights and Alternative Process
Candidates and employees have the right to:
- Opt out of having a high-risk AI system influence a consequential decision
- Request a non-AI alternative evaluation process
- Request human review if they believe algorithmic discrimination occurred
Employers cannot penalize individuals for exercising these rights.
4. Human Oversight
SB24-205 requires meaningful human oversight of automated decisions:
- Humans must be able to review, override, or supplement AI-driven decisions
- AI systems cannot be implemented in ways that remove human accountability
- Human review processes must be documented
5. Annual Report to Colorado Attorney General
Deployers of high-risk AI systems must file an annual algorithmic accountability report with the Colorado AG:
- Types of high-risk AI systems deployed
- Results of impact assessments
- Discrimination incidents identified and corrective actions taken
This transparency requirement has no equivalent in most other state AI laws.
6. AI Governance Policies
Employers must establish and maintain documented policies covering:
- How high-risk AI systems are selected and vetted
- Ongoing monitoring for discriminatory outcomes
- Incident response if algorithmic discrimination is detected
- Employee training on AI system limitations and oversight
Developer Obligations (Custom AI Builders)
If your organization builds or significantly customizes AI tools for internal hiring use, developer requirements also apply:
- Provide deployers with documentation about the AI system's purpose, limitations, and known risks
- Share results of bias testing and validation
- Inform deployers of updates that materially change risk profiles
- Maintain records of disclosures made to deployers
Penalties
| Violation Type | Maximum Penalty |
|---|---|
| Single violation | Up to $20,000 |
| Pattern of violations | Aggregated per violation |
| Enforcement authority | Colorado Attorney General |
| Cure period | 60 days after notice to cure before AG action |
The $20,000 per-violation penalty is the highest of any U.S. AI hiring law. For large hiring operations using non-compliant AI, aggregate liability could reach millions of dollars.
SB24-205 vs. Other State AI Hiring Laws
| Requirement | Colorado SB24-205 | Illinois AIVIA | NYC Local Law 144 | California AB 2930 |
|---|---|---|---|---|
| Impact assessment | ✓ (pre-deploy + annual) | — | — | — |
| Bias audit | — | — | ✓ (annual, independent) | ✓ (annual) |
| Disclosure | ✓ | ✓ | ✓ | ✓ |
| Opt-out rights | ✓ | ✓ | ✓ | ✓ |
| Human review | ✓ | — | — | ✓ |
| AG reporting | ✓ (annual) | — | ✓ (publication) | — |
| Max penalty | $20,000/violation | $2,500/violation | $1,500/day | $7,500/violation |
Compliance Timeline
| Date | Milestone |
|---|---|
| May 2024 | SB24-205 signed into law |
| June 30, 2026 | Law takes effect (delayed from Feb 1, 2026) |
| Ongoing | Annual impact assessments and AG reports required |
Employers should begin compliance preparation immediately — including auditing AI vendors, drafting impact assessments, and building disclosure workflows.
Compliance Checklist
- Inventory all AI systems used in employment decisions affecting Colorado workers
- Determine which systems qualify as "high-risk" under SB24-205
- Conduct pre-deployment impact assessments for each high-risk system
- Document assessment methodology and results
- Draft and implement candidate/employee disclosure notices
- Build opt-out and alternative process workflows
- Establish human review procedures for AI-influenced decisions
- Create annual AG reporting infrastructure
- Review AI vendor contracts for SB24-205 compliance documentation
- Develop and train staff on AI governance policies
How EmployArmor Helps
EmployArmor supports Colorado employers with SB24-205 compliance:
- Impact assessment templates pre-built for common AI hiring tools
- Automated disclosure generation integrated into hiring workflows
- Vendor compliance tracking for SB24-205 documentation requirements
- AG reporting assistance for annual algorithmic accountability reports
- Regulatory alerts as the Colorado AG issues guidance and enforcement actions
Get your Colorado AI Compliance Assessment →
Colorado Employer Resources
- Colorado Employment Law Compliance Hub
- Colorado AI Hiring Laws Overview
- Colorado AI Act — Employer Resource
Frequently Asked Questions
Does SB24-205 apply to small businesses in Colorado?
Answer: Yes, with limited exceptions. The law applies to any deployer of a high-risk AI system regardless of company size, though the AG has indicated it will prioritize larger deployments in initial enforcement.
What is the difference between an impact assessment and a bias audit?
Answer: An impact assessment (required by Colorado SB24-205) is an internal analysis conducted by the employer before deployment and annually. A bias audit (required by NYC Local Law 144) is an independent third-party analysis. Colorado does not require third-party audits but encourages them.
If we use a vendor's AI tool, are we responsible for compliance?
Answer: Yes. As a "deployer" under SB24-205, you bear responsibility for ensuring the AI system you use complies with the law. Obtain compliance documentation from your vendor and include SB24-205 obligations in vendor contracts.
When does the 60-day cure period apply?
Answer: If the Colorado AG issues a notice of violation, employers have 60 days to cure the violation before the AG can seek civil penalties. Willful violations may not qualify for the cure period.
Does SB24-205 apply to employers headquartered outside Colorado?
Answer: Yes — if you hire for Colorado positions or your AI systems make consequential decisions affecting Colorado workers, SB24-205 applies regardless of where your company is based.
What must an annual impact assessment include?
Answer: The assessment must describe the AI system and its purpose, analyze foreseeable risks of algorithmic discrimination, describe training data, evaluate performance across protected classes (race, sex, age, disability, etc.), document mitigation measures, and summarize governance policies.
Last updated: March 2026. This content is for informational purposes only and does not constitute legal advice. Consult qualified employment counsel for guidance specific to your organization.
Related Laws and Resources: