Does Colorado ADMT Act (SB 26-189) require Record-Keeping & Documentation?
Colorado • enacted
Yes — 2 provisions
Requirements at a glance
This regulation imposes 9 specific requirements for Record-Keeping & Documentation across 2 provisions:
Use statement — Developers must provide deployers a general statement of intended uses and known harmful or inappropriate uses of the covered ADMT (§ 6-1-1702(1)(a))
Training data categories — Describe categories of data, including personal data, used to train the covered ADMT, to the extent known (§ 6-1-1702(1)(b))
Known limitations — Disclose known limitations, risks, and circumstances in which the ADMT should not be used (§ 6-1-1702(1)(c))
Human-review instructions — Provide instructions for the deployer's appropriate use, monitoring, and meaningful human review where applicable (§ 6-1-1702(1)(d))
Deployer-compliance info — Provide information reasonably necessary for the deployer to comply with § 6-1-1704; notify the deployer if information is withheld (§ 6-1-1702(1)(e))
Update notices — Provide notice of material updates, substantial modifications, and changes to intended use/limitations/risk mitigation within a reasonable time; public release notes permitted with direct notice (§ 6-1-1702(2))
Recordkeeping — Retain records (version identifiers, changelogs, update notices) for not less than 3 years to demonstrate compliance (§ 6-1-1702(4))
Retention period — Retain records for not less than 3 years after the date of a consequential decision (or longer if required by other law) reasonably necessary to demonstrate compliance with part 17 (§ 6-1-1703)
Record contents — Records may include covered ADMT version identifiers, changelogs, and documentation of material mitigation changes (§ 6-1-1703)
Developers must provide deployers a general statement of intended uses and known harmful or inappropriate uses of the covered ADMT (§ 6-1-1702(1)(a))
Training data categories
Describe categories of data, including personal data, used to train the covered ADMT, to the extent known (§ 6-1-1702(1)(b))
Known limitations
Disclose known limitations, risks, and circumstances in which the ADMT should not be used (§ 6-1-1702(1)(c))
Human-review instructions
Provide instructions for the deployer's appropriate use, monitoring, and meaningful human review where applicable (§ 6-1-1702(1)(d))
Deployer-compliance info
Provide information reasonably necessary for the deployer to comply with § 6-1-1704; notify the deployer if information is withheld (§ 6-1-1702(1)(e))
Update notices
Provide notice of material updates, substantial modifications, and changes to intended use/limitations/risk mitigation within a reasonable time; public release notes permitted with direct notice (§ 6-1-1702(2))
Recordkeeping
Retain records (version identifiers, changelogs, update notices) for not less than 3 years to demonstrate compliance (§ 6-1-1702(4))
Penalties
Violation
Fine
Non-compliance
Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action
Retain records for not less than 3 years after the date of a consequential decision (or longer if required by other law) reasonably necessary to demonstrate compliance with part 17 (§ 6-1-1703)
Record contents
Records may include covered ADMT version identifiers, changelogs, and documentation of material mitigation changes (§ 6-1-1703)
Penalties
Violation
Fine
Non-compliance
Deceptive trade practice under the Colorado Consumer Protection Act; AG enforcement only, 60-day right to cure; no private right of action
EveryAILaw.com