EveryAILaw.comColorado ADMT Act (SB 26-189)
Amendments:
- —
Obligations Covered
Developer Documentation #
Requirements
| Requirement | Details |
|---|---|
| Use statement | Developers must provide deployers a general statement of intended uses and known harmful or inappropriate uses of the covered ADMT (§ 6-1-1702(1)(a)) |
| Training data categories | Describe categories of data, including personal data, used to train the covered ADMT, to the extent known (§ 6-1-1702(1)(b)) |
| Known limitations | Disclose known limitations, risks, and circumstances in which the ADMT should not be used (§ 6-1-1702(1)(c)) |
| Human-review instructions | Provide instructions for the deployer's appropriate use, monitoring, and meaningful human review where applicable (§ 6-1-1702(1)(d)) |
| Deployer-compliance info | Provide information reasonably necessary for the deployer to comply with § 6-1-1704; notify the deployer if information is withheld (§ 6-1-1702(1)(e)) |
| Update notices | Provide notice of material updates, substantial modifications, and changes to intended use/limitations/risk mitigation within a reasonable time; public release notes permitted with direct notice (§ 6-1-1702(2)) |
| Recordkeeping | Retain records (version identifiers, changelogs, update notices) for not less than 3 years to demonstrate compliance (§ 6-1-1702(4)) |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action |
Deployer Disclosures & Post-Adverse Notice #
Requirements
| Requirement | Details |
|---|---|
| Point-of-interaction notice | Before using covered ADMT to materially influence a consequential decision, provide a clear and conspicuous notice to the consumer with instructions for obtaining additional information (§ 6-1-1704(1)) |
| Public-posting option | Compliance permitted via a prominent public notice reasonably accessible and proximate to the interaction/transaction (§ 6-1-1704(2)) |
| Post-adverse disclosure (30 days) | After an adverse outcome, within 30 days provide a plain-language description of the decision and the ADMT's role; a simple process to request ADMT/input details; and an explanation of § 6-1-1705 consumer rights (§ 6-1-1704(3)) |
| AG rulemaking | AG to adopt rules on or before 2027-01-01 clarifying post-adverse disclosure content and sector-specific guidance (§ 6-1-1704(4)) |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action |
Consumer Correction & Human Review #
Requirements
| Requirement | Details |
|---|---|
| Data correction | On request after an adverse outcome, provide instructions to request personal data and correct factually incorrect or materially inaccurate data used in the decision, consistent with § 6-1-1306 (§ 6-1-1705(1)(a)(I)) |
| Human review & reconsideration | Provide an opportunity for meaningful human review and reconsideration of the consequential decision, to the extent commercially reasonable (§ 6-1-1705(1)(a)(II)) |
| Correction limits | No requirement to correct opinions, predictions, scores, or protected evaluations (§ 6-1-1705(1)(c)) |
| FERPA pathway | Education deployers subject to FERPA may comply via existing student-record inspection/amendment and appeal processes; no duplicative process required (§ 6-1-1705(2)) |
| AG rulemaking | AG to adopt rules on or before 2027-01-01 to clarify and implement this section (§ 6-1-1705(3)) |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action |
Deployer Record-Keeping #
Requirements
| Requirement | Details |
|---|---|
| Retention period | Retain records for not less than 3 years after the date of a consequential decision (or longer if required by other law) reasonably necessary to demonstrate compliance with part 17 (§ 6-1-1703) |
| Record contents | Records may include covered ADMT version identifiers, changelogs, and documentation of material mitigation changes (§ 6-1-1703) |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action |