Colorado AI Act Rewritten: June 30 Deadline Pushed to 2027

The Colorado AI Act just got completely rewritten — and the June 30 enforcement deadline is gone. Governor Jared Polis signed SB 189 on May 14, 2026, replacing the original risk-based AI regulation framework with a narrower transparency-focused approach and pushing the effective date to January 1, 2027. Companies that spent months preparing for June 30 compliance need to recalibrate.

Here is what changed, what it means for AI companies, and how it compares to the EU AI Act that takes effect in August.

What Just Changed

Colorado’s original AI Act (SB24-205) was set to take effect June 30, 2026, as the first comprehensive US state AI regulation. It required risk management programs, annual impact assessments, disclosure obligations, and appeal rights for anyone affected by AI-driven decisions in employment, healthcare, financial services, education, housing, and legal services.

The new law — SB 189, signed May 14 — replaces almost all of that. The effective date moves to January 1, 2027. The approach shifts from broad risk-based regulation to narrower transparency and disclosure requirements. For companies that were scrambling to comply by June 30, the immediate pressure is off.

But the regulatory direction is clear: AI regulation is coming in the US. Colorado is just debating the form, not the principle.

The Original Colorado AI Act

The original SB24-205 was ambitious. It created a duty of care for deployers and developers of high-risk AI systems, requiring:

Risk management programs for any AI used in consequential decisions
Annual impact assessments evaluating bias, accuracy, and fairness
Disclosure to consumers when AI is used in decisions affecting them
Right of appeal for Colorado residents affected by AI decisions
Reporting obligations to the Colorado Attorney General

This was modeled partly on the EU AI Act and would have been the most comprehensive AI regulation in the United States. The tech industry pushed back hard, arguing it was too broad, too expensive to comply with, and would drive AI companies out of Colorado.

What SB 189 Removes

The rewrite eliminates the most burdensome requirements:

No more duty of care aimed at preventing algorithmic discrimination
No more mandatory risk management programs for AI deployers
No more annual impact assessments
No more reporting obligations to the Colorado Attorney General
Reduced scope — the law applies to fewer types of AI systems

This is a significant rollback. The original law would have required companies using AI in hiring, lending, healthcare, or education to conduct regular audits and maintain compliance documentation. The new law drops those requirements entirely.

What SB 189 Keeps and Adds

SB 189 is not a complete retreat from AI regulation. It keeps and adds:

Transparency disclosures — companies must disclose when automated decision-making technology is used in consequential decisions
Consumer notification — individuals must be informed when AI significantly influences decisions about them
Algorithmic transparency requirements — certain technical disclosures about how automated systems work

The focus shifted from “regulate what AI does” to “tell people AI is being used.” It is a disclosure-first approach rather than a risk-management approach. Whether disclosure alone is sufficient to protect consumers from biased or harmful AI systems is the central debate.

The Federal Preemption Wildcard

Adding to the complexity, the Great American Artificial Intelligence Act — a 269-page federal bill introduced on June 4, 2026 — proposes a three-year preemption of all state AI laws, including Colorado’s. If that bill passes, even the revised SB 189 would be frozen until 2029.

The federal bill has not moved out of committee, and political analysts give it less than a 30% chance of passing in its current form before the next congressional session. But the mere existence of a federal preemption attempt influenced Colorado’s decision to soften its law — legislators did not want to invest enforcement resources in a law that might be preempted within months.

A federal magistrate judge also issued a stay on April 27, 2026, prohibiting enforcement of the original law until the court rules on a preliminary injunction motion. This legal challenge further complicated the June 30 timeline and likely accelerated the legislative rewrite.

What This Means for AI Companies

For AI companies operating in or serving Colorado residents, the practical impact is:

Short-term relief: No June 30 deadline. No risk management programs needed. No impact assessments. Companies that were in compliance sprint mode can redirect those resources.

Medium-term obligation: January 1, 2027 brings transparency and disclosure requirements. These are less burdensome than the original law but still require implementation work — particularly around consumer-facing disclosures and technical transparency documentation.

Long-term uncertainty: The federal preemption attempt, the EU AI Act enforcement in August, and other states potentially introducing their own AI laws create a complex, multi-jurisdictional compliance landscape that is far from settled.

The EU Comparison

Colorado’s retreat stands in sharp contrast to the EU’s advance. The EU AI Act takes effect August 2, 2026, with comprehensive requirements for high-risk AI systems, fines up to 7% of global annual turnover, and explicit bans on certain AI practices including emotion recognition in workplaces and schools.

Where Colorado moved from risk-management to transparency-only, the EU is maintaining its full risk-management framework. Where Colorado delayed to 2027, the EU is enforcing in August 2026. The result: AI companies operating globally face EU-level regulation regardless of what US states do.

The irony is that companies preparing for EU AI Act compliance — which includes every major AI company serving European customers — already have most of what the original Colorado law would have required. Colorado’s retreat mainly benefits smaller US-only AI companies that do not operate in Europe.

What to Do Now

For companies affected by Colorado’s AI regulation:

Pause June 30 compliance efforts — the deadline no longer exists
Plan for January 1, 2027 — transparency and disclosure requirements under SB 189
Continue EU AI Act compliance — August 2 is still happening and is more demanding
Monitor federal legislation — the Great American AI Act could preempt everything
Document your AI systems now — regardless of which law applies, transparency and documentation will be required eventually

The direction is clear even if the timeline and specifics keep shifting: AI regulation is coming to the United States. The question is no longer whether, but when and how strict. Companies that invest in compliance infrastructure now — even without a specific deadline forcing them — will be better positioned than those waiting for the final rule.

Colorado AI Act Rewritten: June 30 Deadline Killed, New Law Pushes to 2027

Table of Contents

What Just Changed

The Original Colorado AI Act

What SB 189 Removes

What SB 189 Keeps and Adds

The Federal Preemption Wildcard

What This Means for AI Companies

The EU Comparison

What to Do Now

29 Million Users Affected in Major Password Manager Breach

AI Is Writing Buggy Code Faster Than Humans Can Fix It — And It Just Created the Biggest Cybersecurity Hiring Boom in History

CISA CI Fortify 2026: US Tells Critical Infrastructure to Prepare for Weeks-Long Cyber Blackouts

Apple Will Be Forced to Let You Replace AirPlay With Google Cast in iOS 27 — The EU Just Won Another Battle

Iran Wants to Tax the Internet: $10 Trillion Hormuz Cable Threat Explained

Google Pixel 11 Specs Leak: Tensor G6, New Cameras, RGB LEDs Revealed

Leave a Reply Cancel reply

Table of Contents

What Just Changed

The Original Colorado AI Act

What SB 189 Removes

What SB 189 Keeps and Adds

The Federal Preemption Wildcard

What This Means for AI Companies

The EU Comparison

What to Do Now

Similar Posts

Leave a Reply Cancel reply