Colorado’s SB 24-205 was supposed to take effect in June 2026 as one of the most detailed state AI laws in the country. SB 26-189, introduced as the session nears its May 13 close, would replace it wholesale.
The core change: businesses deploying AI for “consequential decisions” would no longer face mandatory upfront disclosure of data sources and purpose. Per Colorado News Line and Colorado Public Radio, the bill narrows what automated decision-making technology (ADMT) requirements apply to, removes the detailed pre-deployment disclosure obligations, and shifts toward a simplified disclosure model. BillTrack50’s legislative tracking confirms the bill is active in the current session, repealing and reenacting key ADMT provisions from the original law.
What stays and what goes matters enormously for compliance teams. The original SB 24-205 required risk assessments before deployment in consequential decision contexts, hiring, lending, housing, education. The replacement strips those upfront obligations and substitutes a disclosure-only approach. Whether that disclosure model includes any teeth depends on bill language that hasn’t been independently confirmed at primary-source level in this cycle.
The bill reportedly includes a 90-day window for developers to remediate alleged violations before penalties apply, according to local reporting. Enforcement of the original law has reportedly been suspended pending litigation, also according to local reporting. Both claims come from a single T4 local source and should be treated as unconfirmed until the bill text or an attorney general statement provides primary-source corroboration.
What is confirmed: the legislative clock is real. Colorado’s session ends May 13. If SB 26-189 passes in the next seven days, compliance teams that have been building toward SB 24-205’s June 2026 effective date will face a fundamentally different regulatory obligation, or a delayed one, depending on what the replacement bill’s effective date language specifies.
The timing creates an odd dynamic. Colorado was among the first states to enact comprehensive AI requirements, placing it alongside EU-style mandatory frameworks in industry shorthand. This week, it’s moving in the opposite direction from Connecticut, which simultaneously tightened its AI verification requirements per this hub’s prior coverage. The two states serve as a live contrast: one state strengthening AI accountability requirements while another removes them.
The preemption context matters too. The White House’s push for federal AI preemption of state laws – covered in this prior brief, has created pressure on state legislatures to either act before federal preemption arrives or align their frameworks with what a federal standard might require. Colorado’s retreat may reflect that calculation as much as it reflects any domestic consensus about what AI law should require.
For compliance teams: don’t treat this as resolved. SB 26-189 hasn’t passed. The original law hasn’t been repealed. If your compliance program was built around SB 24-205, you need to track this bill’s outcome before the session closes May 13. If the bill fails, you’re back to the original requirements. If it passes, the requirements change substantially, and the new bill’s specifics deserve careful legal review before your team updates its program. This is a moment for qualified legal counsel, not a compliance team acting on news coverage.