Profile
Colorado has rewritten its sweeping artificial intelligence law before it even took effect. State lawmakers passed Senate Bill 26-189, ...
Colorado Rewrites Its AI Law: What Employers Need to Know Now
May 16 -
4 minutes, 15 seconds
Colorado Rewrites Its AI Law Before It Takes Effect
Colorado has rewritten its sweeping artificial intelligence law before it even took effect. State lawmakers passed Senate Bill 26-189, replacing the original AI Act (SB 24-205) with a new framework focused on how automated systems influence real decisions about people, especially in hiring. If signed by Governor Jared Polis, the new law takes effect January 1, 2027. For employers using AI in hiring, promotion, or compensation, this change is significant.
A Law That Never Quite Settled
Colorado’s original AI law was ambitious. Passed in 2024, it aimed to regulate high-risk AI systems with strict rules on risk management, impact assessments, and public disclosures. But it raised many questions for employers: What counts as high-risk? How do you audit third-party hiring tools? Even Governor Polis worried about unintended consequences.
That skepticism never faded. Implementation was delayed, rewrite efforts emerged, and a special session failed. Now, the replacement bill has cleared the legislature.
The Core Shift: From High-Risk AI to Decision-Focused Regulation
The biggest change is simple: The old law asked if a tool was “high-risk AI.” The new law asks: Is automated decision-making technology materially influencing a consequential decision?
That changes everything for employers. Under the new framework, covered technology includes systems that process personal data and generate predictions, recommendations, rankings, or scores used to guide decisions about people. Employment decisions—like hiring, promotion, and compensation—are explicitly included. Even job applicants are considered consumers.
The term “materially influence” means the system’s output is a non-de minimis factor affecting the outcome—like ranking, scoring, or constraining a decision. For employers, this is a more practical test than simply asking if a vendor calls their tool AI.
Why Employers Should Care
This shift makes the law more functional, but it also changes how you analyze your tools. Instead of focusing on labels like “AI,” you need to look at what your technology actually does. If it ranks candidates, generates recommendations, or influences selection, the law may apply—even if the vendor doesn’t use the term AI.
Governance Burdens May Ease, but Operational Duties Remain
The original law required heavy governance programs, including risk management frameworks and recurring impact assessments. Much of that is gone under SB 26-189. However, new operational duties take their place.
Notice at the Point of Interaction
Before using covered technology, you must provide clear notice to the affected person. This can be done through prominent public notices at points of interaction. For employers, this means figuring out where to place these disclosures in your hiring process—application portals, assessment platforms, or career sites.
Post-Adverse Outcome Disclosure Obligations
If a covered system leads to an adverse outcome (like a rejection), you must notify the person within 30 days. The notice must include:
- A plain-language description of the decision and the technology’s role
- Instructions for requesting more information
- Details about the tool (including version info)
- Categories and sources of personal data used
- An explanation of consumer rights
This requires coordination between legal, HR, procurement, and vendors.
Meaningful Human Review Still Matters
The new law preserves the right to request meaningful human review after an adverse outcome. The reviewer must have authority to approve, modify, or override the decision, be trained, and understand the technology’s limits. Simply defaulting to the system’s output won’t cut it.
Vendor Management Becomes More Important
If you use third-party hiring tools, you’ll need cooperation from vendors. The law requires developers to provide information about intended uses, harmful uses, training data categories, limitations, and guidance for human review. You may need this data to meet your own obligations.
Some Important Exclusions
The law doesn’t cover all automation. Excluded lower-risk tools include:
- Spreadsheets requiring human analysis
- Workflow management and routing tools
- Systems that simply organize or summarize information (without predictions or inferences)
- Certain fraud prevention and identity verification tools
But exclusion analysis isn’t always straightforward. You still need to check if a tool is just supporting an admin function or materially influencing an employment decision.
A Practical Question: How Does This Fit with Existing Hiring Rules?
Employers already following the Fair Credit Reporting Act (FCRA) for background checks have structured workflows for adverse actions. Colorado’s new law introduces separate disclosure, correction, and human review rights tied to automated decisions. While the law coordinates with federal credit-related frameworks, it doesn’t offer the same clarity for employment workflows. You’ll need to figure out how to combine these obligations in practice.
The Bigger Picture
Colorado hasn’t abandoned AI regulation—it’s changed course. Instead of governing high-risk AI as a technology category, the new law focuses on how automation is used in consequential decisions. For employers, the key compliance question is no longer “Do we use AI?” but “Is automation materially influencing decisions about people?” Many organizations haven’t fully mapped where that analysis begins and ends across their hiring workflows.
Related Posts
Contact Information
More from UAE Jobs
-
Is Remote Work Bad for Mental Health? Not If You Ask Women
Thu at 10:31 AM
Suggested Writers
-
7.4K articles
-
1.3K articles
-
34 articles
-
28 articles







Comment