The signing matters for a specific reason. It’s not.
Governor Polis signed Colorado SB 26-189 on May 14, completing the process that began with the legislature’s passage of a law repealing the 2024 Colorado AI Act before it ever took effect. The signature converts legislative action into enforceable law, the step that prior coverage of the bill’s passage hadn’t yet confirmed.
What the new law does: according to legal analysts and civil society organizations including EPIC, it eliminates the developer “duty of care” for algorithmic discrimination and removes the mandatory impact assessment and risk management program requirements that defined the 2024 Act’s framework. What replaces them: an automated decision-making technology (ADMT) disclosure regime focused on consumer-facing transparency rather than proactive developer auditing. Legal analysts at Morrison & Foerster interpret the new law as narrowing Attorney General enforcement to disclosure and transparency obligations, a materially different enforcement posture than the 2024 Act’s risk-management mandate.
The date that compliance teams are asking about.
The new ADMT regime is reportedly effective January 1, 2027, per Colorado legislative reporting. That date is single-sourced from a domain whose authority hasn’t been independently verified. Don’t use January 1, 2027 as a confirmed compliance planning date until it’s confirmed against the enrolled Colorado SB 26-189 bill text, available through the Colorado General Assembly. The signing is confirmed. The date needs a primary source.
What changed with the signature:
Before (2024 Colorado AI Act, never effective): Developer duty of care; mandatory impact assessments; proactive risk management programs; AG enforcement on developer-level obligations.
Verification
Partial Signing confirmed via registry corroboration and Wire [CORROBORATED] tag. Provisions characterized by EPIC (T2 advocacy) and Morrison & Foerster (T3 law firm). January 1, 2027 effective date from single unverified-tier domain. January 1, 2027 effective date must be confirmed against Colorado General Assembly enrolled bill text before use in compliance planning materials. Do not treat as confirmed.After (SB 26-189, signed May 14): ADMT consumer disclosures; Attorney General enforcement limited to disclosure and transparency obligations; no proactive developer audit requirements, per legal analyst characterization.
The real question for multi-state compliance teams: Colorado’s ADMT disclosure model is now the enacted alternative to the duty-of-care framework, and it’s the second state (alongside Connecticut’s approach) to anchor AI obligations in consumer disclosure rather than developer risk management. That pattern is likely to influence pending state legislation, including the Illinois package introduced the same week.