Reed Smith In-depth

Key takeaways

  • The Colorado law is the first comprehensive law targeting AI in the US, borrowing several principles from the EU AI Act
  • Focused on high-risk AI systems used to make consequential decisions in areas that have a significant impact on consumers
  • Establishes a duty of care to prevent algorithmic discrimination when using high-risk AI systems

On May 17, 2024 Colorado Governor Polis signed into law Senate Bill 24-205 “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (Colorado AI Act), the first comprehensive AI law in the US. Similar to the EU AI Act and the Office of Management and Budget’s Memorandum M-24-10, the Colorado AI Act adopts a risk-based approach, primarily targeting the developers and deployers of high-risk AI systems. The law incorporates now familiar practices of risk management through documentation, impact assessments, and robust governance processes. In particular, the law heavily focuses on the duty of care to mitigate the risk of algorithmic discrimination. Developers and deployers of high-risk AI systems will have until February 1, 2026 to develop processes to comply with the law’s requirements.