primary responsibility for preventing discriminatory outcomes

web

kpmg.com·kpmg.com/us/en/articles/2024/ai-regulation-colorado-artif...

A KPMG regulatory alert on Colorado's CAIA, relevant for understanding emerging US state-level AI governance frameworks focused on algorithmic discrimination and high-risk AI deployment compliance.

Metadata

Importance: 45/100organizational reportanalysis

Summary

This KPMG regulatory alert summarizes the Colorado Artificial Intelligence Act (CAIA), which places primary responsibility on developers and deployers of high-risk AI systems to prevent algorithmic discrimination. The alert outlines compliance obligations, scope, and risk management requirements for businesses using AI in consequential decision-making contexts such as employment, credit, and housing.

Key Points

•Colorado's CAIA targets 'high-risk AI systems' used in consequential decisions affecting employment, credit, education, healthcare, and housing.
•Developers and deployers share responsibility for preventing discriminatory outcomes, with deployers bearing primary operational compliance duties.
•Obligations include conducting impact assessments, maintaining transparency with consumers, and implementing risk management programs.
•The law requires disclosures to consumers when AI is used in consequential decisions and provides rights to appeal or correct AI-driven outcomes.
•KPMG highlights that CAIA is among the first comprehensive state-level AI laws in the US, signaling broader regulatory trends.

Cited by 1 page

Page	Type	Quality
Colorado Artificial Intelligence Act	Policy	53.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202616 KB

# Colorado Artificial Intelligence Act (CAIA)

Developers and deployers protections against “algorithmic discrimination”

![Columns](https://kpmg.com/kpmg-us/content/dam/kpmg/basic-hero/2024/CI_WebImage.jpg)

**_KPMG Regulatory Insights_**

- **_Consumer Protection Focus:_** _The Colorado AI law imposes obligations on both developers and deployers of “high-risk AI systems” to mitigate the risk of “algorithmic discrimination” and consumer harm across numerous sectors, including financial services, insurance, and healthcare.._
- **_Core AI Principles:_** _The new law follows core principles from the NIST AI Risk Management Framework, including guidance and standards related to design, development, deployment, and testing, and also aligns with the EU AI Act’s focus on “high-risk AI systems” and their relationship to “consequential decisions”._
- **_Near-term Implementation_** _: Compliance for developers and deployers is required beginning February 1, 2026, providing only eighteen-months to implement operational, risk management, and compliance changes._
- **_More State AI Regulation_** _: Colorado has actively pursued AI-related legislation/regulation (see Colorado Division of Insurance regulation_ [_here_](https://doi.colorado.gov/announcements/notice-of-adoption-new-regulation-10-1-1-governance-and-risk-management-framework "here") _). Expect continued (but likely differing/nuanced) AI-related legislative and regulatory activity across many states._

_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\__

**June 2024**

The State of Colorado recently [enacted](https://leg.colorado.gov/sites/default/files/2024a_205_signed.pdf "enacted ") S.B. 24-205, commonly referred to as the Colorado Artificial Intelligence Act (CAIA). This new law, which takes effect February 1, 2026, is directed to persons conducting business in Colorado as “developers” or “deployers” of “high-risk artificial intelligence systems” (all as defined in the law) in such areas as employment, housing, financial services, insurance and healthcare. “Developers” and “deployers” must meet certain obligations, including disclosures, risk management practices, and consumer protections.

Key provisions of the CAIA include:

1. Applicability
2. Obligations for Developers
3. Obligations for Deployers

### 1.  Applicability

The CAIA is intended to protect consumers (defined as Colorado residents) from potential discrimination from the use of a “high-risk artificial intelligence system”, defined as an AI system that makes, or is a substantial factor in making, a “consequential decision” concerning a consumer.

A “consequential decision” is defined as a “decision that has a material legal or similar significant effect on the provision or denial to any consu

... (truncated, 16 KB total)

Resource ID: c6a73735a561c33f | Stable ID: ZWQxNDRjYm