After attempting to amend its first-in-the-nation AI law for two years and three legislative sessions, on May 9, 2026, the Colorado legislature passed SB 26-189. It now awaits the governor’s signature and is expected to be signed into law, which will go into effect January 1, 2027.
With the Colorado legislative session coming to its waning days, many have been eagerly waiting for Colorado AI Act amendment proposals. Absent an amendment, the Colorado AI Act will go into effect as-is on June 30, 2026. This week, the AI Policy Working Group (“Working Group”) released its Proposed Bill. The Working Group’s proposed
On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA).
The DOL had released the first set of the proposed amended rules—which relate to the interpretative guidance and opinion letter process, biometric identifier consent, and additional requirements for the personal data of minors—on September 13, 2024. The
Colorado has become the first state to pass legislation (SB24-205) regulating the use of artificial intelligence (AI) within the United States. This legislation is designed to address the influence and implications, ethically, legally, and socially, of AI technology across various sectors.
Any person doing business in Colorado, including developers or deployers of high-risk
On November 14, 2023, the Colorado Division of Insurance’s AI insurance regulations went into effect. Colorado is now the first state in the nation to adopt regulations specifically aimed at insurance algorithms.
Colorado’s regulation requires life insurance companies to report how they review AI models and use External Consumer Data and Information Sources (ECDIS), which
The Colorado Department of Law (“DoL”) has published a shortlist of potential universal opt-out mechanisms (“UOOMs”). Beginning on July 1, 2024, companies will be required to allow consumers to opt out of the sale of their personal data or use of their personal data for targeted advertising using any UOOMs that are ultimately included in
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. The finalized regulations track the draft rules. The rules will go into effect July 1, 2023.
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy would also be compliant with the Colorado Privacy Act (“CPA”). And, as the Colorado Attorney General has made clear, interoperability is an important guiding
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules.
We will be providing in-depth analysis in coming days and weeks, but at first review, the revised rules appear to represent a fine-tuning as opposed to a complete overhaul. Some of these changes – such as additional flexibility
With its draft rules, Colorado has set forth a new model for state privacy laws. While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as rules on topics that have been notably absent from California’s draft rules. Ballard partners Phil Yannella and Greg