Colorado AI Act Implementation Delayed

On August 28, 2025, Governor Jared Polis signed Senate Bill 25B-004, the "Increase Transparency for Algorithmic Systems Act," which amends Senate Bill 24-205 (the original Colorado Artificial Intelligence Act) to push the principal operative dates back five months—from February 1, 2026 to June 30, 2026. This short bill does not otherwise alter the substance of Colorado's sweeping AI regime, but the new timetable is critically important for developers and deployers that are building compliance programs.

Earlier this year, the White House issued Executive Order 14281, "Restoring Equality of Opportunity and Meritocracy." The Order directs all federal agencies to abolish or deemphasize enforcement of "disparate-impact" liability in federal civil-rights laws and regulations. Because Colorado's Act is expressly built around preventing "algorithmic discrimination"—defined to include disparate impact—the two measures could create tension for companies that operate nationwide.

Though the revised timeline for Colorado's AI Act outlines how the state requirements may collide with—or survive alongside—EO 14281, and offers practical steps to harmonize compliance efforts.

New Colorado Implementation Dates
SB 25B-004 simply substitutes "June 30, 2026" for "February 1, 2026" throughout Parts 1702–1704 of Title 6, Article 1, Colorado Revised Statutes. As a result:

• Developers must begin exercising "reasonable care" to prevent algorithmic discrimination, furnish technical documentation, publish public statements, and issue regulator/deployer notices on and after June 30, 2026.
• Deployers must adopt risk-management policies, perform initial and annual impact assessments, issue pre-decision and adverse-decision consumer notices, and create website disclosures on and after June 30, 2026.
• Attorney General enforcement and the Act's rebuttable presumptions/affirmative defenses likewise start June 30, 2026.

Apart from the five-month delay, every substantive obligation, rebuttable presumption, and exemption (e.g., for small deployers under 50 employees, insurers subject to §10-3-1104.9, and federally regulated banks) remains unchanged.

Highlights of Colorado's Substantive Framework (Unchanged)
Though unchanged by passage of SB25B-004, the substantive obligations of Colorado's AI Act still merit consideration (and implementation) by businesses throughout the state.

1. High-Risk AI Systems – Any AI that makes, or is a substantial factor in making, consequential decisions in education, employment, finance, essential government services, health care, housing, insurance, or legal services.
2. Algorithmic Discrimination – "Any condition" producing unlawful differential treatment or impact based on protected traits. Colorado deliberately sweeps in disparate-impact theories and imposes affirmative avoidance and mitigation duties.
3. Documentation and Transparency – Model cards, dataset cards, impact assessments, public website statements, consumer notices, and regulator disclosures.
4. Risk-Management Expectations – The Act points to NIST AI RMF and ISO/IEC 42001 and recognizes comparable frameworks as potential safe harbors.
5. Exclusive AG Enforcement / No Private Actions – Only the Colorado Attorney General may enforce the AI Act itself, though violations are deemed deceptive trade practices under §6-1-105(1)(hhhh).

Executive Order 14281: Federal Disparate-Impact Pullback
EO 14281 announces that "it is the policy of the United States to eliminate the use of disparate-impact liability in all contexts," directs agencies to de-prioritize enforcement of disparate-impact theories, and orders repeal or amendment of Title VI regulations and similar provisions "to the maximum degree possible." Key directives include:

• Revocation of prior Presidential approvals of DOJ Title VI regulations that reference "effect."
• Agency review of pending matters asserting disparate-impact theories, with instructions to take "appropriate action consistent with the policy of this order."
• Attorney General leadership in identifying regulations, guidance, or state laws that rely on disparate-impact and exploring preemption or constitutional challenges.

EO 14281 does not itself amend any statute; disparate-impact remains embedded in Title VII, the Fair Housing Act, and ECOA until Congress, the courts, or rulemakings say otherwise. But day-to-day federal enforcement priorities will likely shift immediately.

Intersection

Takeaway: For now, Colorado's requirements remain fully valid under state law and do not appear to conflict directly with any affirmative federal mandate. But EO 14281 sets the stage for possible future federal preemption arguments or DOJ litigation challenging state measures that impose disparate-impact standards. Until such action materializes, multi-state organizations must prepare to meet Colorado's higher bar, even as federal agencies may choose to step backstep back from similar theories.

Compliance Roadmap in Light of the Delay and Federal Shifts

1. Re-calibrate Your Timeline
   • Use the five-month extension to complete inventory of AI systems that meet Colorado's "high-risk" definition.
   • Draft or refine NIST-aligned policies, impact-assessment templates, and public disclosures; pilot them before June 30, 2026.
2. Leverage the Rebuttable Presumption
   • Build documentation so it clearly aligns with the Act and any forthcoming AG rules. Doing so preserves the "reasonable care" safe harbor and supports an affirmative defense if federal or state regulators inquire.
3. Monitor Federal Rulemaking and Litigation
   • Agencies will begin repealing disparate-impact language; DOJ's report (due 30 days after EO) will identify candidate rules.
   • Track any DOJ assertions that Colorado's Act is preempted; be ready to adapt if federal preemption challenges narrow state enforcement.
4. Use a Harmonized Governance Framework
   
   • Because Colorado points to NIST AI RMF and ISO 42001, adopting these enterprise-wide will satisfy the state law and evidence "merit-based" decision-making valued by EO 14281.
   • Centralize documentation so the same artifacts (model cards, dataset cards, impact assessments) can be repurposed for state inquiries, federal civil-rights audits, or investor scrutiny.
5. Re-examine Disparate-Impact Testing Practices
   • Even if federal agencies relax enforcement, plaintiffs' lawyers and state attorneys general (Colorado and others) may still pursue disparate-impact theories under state law. Maintain justification analyses and bias-mitigation logs for high-risk systems.
6. Keep an Eye on Rulemaking
   • The Colorado AG has broad authority to adopt rules specifying documentation, consumer notices, and affirmative-defense mechanics. Participate in comment periods to shape practical, aligned requirements.

Conclusion
Colorado has granted industry a modest reprieve by moving the compliance deadline to June 30, 2026, but its AI Act still sets one of the nation's most demanding governance and anti-discrimination frameworks to date. Executive Order 14281 signals a contrary federal enforcement philosophy, yet it does not invalidate Colorado's statute. Until federal courts or Congress speak definitively, organizations deploying AI in Colorado should assume the state's disparate-impact-oriented requirements will stand and use the extra time to build robust, compliance programs capable of withstanding scrutiny from both state and evolving federal regulations (and regulators implementing the same).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.