Skip to content
Longterm Wiki
Back

unfair trade practices under the Colorado Consumer Protection Act

web
wsgr.com·wsgr.com/en/insights/colorado-passes-first-in-nation-arti...

Legal analysis from Wilson Sonsini law firm on Colorado's landmark 2024 AI regulation, relevant for understanding emerging U.S. state-level AI governance frameworks and compliance obligations for AI developers and deployers.

Metadata

Importance: 62/100news articleanalysis

Summary

This Wilson Sonsini legal analysis covers Colorado's SB 24-205, the first U.S. state law specifically regulating AI systems, focusing on requirements for developers and deployers of high-risk AI systems. The law targets algorithmic discrimination and establishes disclosure, impact assessment, and consumer rights obligations, with violations enforceable under the Colorado Consumer Protection Act.

Key Points

  • Colorado SB 24-205 is the first U.S. state law specifically regulating AI, targeting 'high-risk' AI systems that make or substantially influence consequential decisions.
  • Developers must provide deployers with documentation about known risks, intended uses, and how to conduct algorithmic impact assessments.
  • Deployers must implement risk management programs, conduct impact assessments, disclose AI use to consumers, and provide appeal mechanisms.
  • Violations are enforceable as unfair trade practices under the Colorado Consumer Protection Act, with the Attorney General holding enforcement authority.
  • The law applies broadly to any developer or deployer doing business in Colorado, regardless of where they are headquartered, with some SMB exemptions.

Cited by 1 page

PageTypeQuality
Colorado Artificial Intelligence ActPolicy53.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202615 KB
![](https://www.wsgr.com/a/web/gq5MS49aF417wM8LP6httX/8xJYHZ/gettyimages-1497593072-gradient-1-alt-1b.jpg)

Colorado Passes First-in-Nation Artificial Intelligence Act

Alerts

May 21, 2024

On May 17, 2024, Governor Jared Polis signed the [Colorado Artificial Intelligence Act](https://leg.colorado.gov/sites/default/files/documents/2024A/bills/2024a_205_rer.pdf)(SB 24-205) (CAIA), regulating the development, deployment, and use of artificial intelligence (AI) systems. Colorado is the first state to enact comprehensive AI legislation. The law becomes effective February 1, 2026.

**Summary**

- CAIA applies generally to developers and deployers of “high risk AI systems” (HRAIS), which are defined as AI systems that make, or are a substantial factor in making, a “consequential decision.”
- CAIA imposes a duty of reasonable care on developers and deployers to avoid “algorithmic discrimination” in high-risk AI systems. If a developer or deployer complies with the disclosure, risk assessment, and governance requirements in the statute, there will be a rebuttable presumption that the developer or deployer has used reasonable care to avoid algorithmic discrimination.
- Colorado's attorney general (AG) will be able to enforce the law as an unfair or deceptive trade practice, with a penalty of up to $20,000 per violation. CAIA does not include a private right of action.

**Key Takeaways**

- The law is largely limited to AI systems that involve automated decision making about consumers. Most requirements under CAIA do not apply to general purpose AI systems, which are not considered high-risk AI systems. The only requirement for these types of non-high-risk AI systems is a requirement to transparently disclose the use of AI.
- CAIA provides an affirmative defense to enforcement for companies that have 1) cured violations as a result of external feedback or red teaming; and 2) complied with the latest version of the NIST AI risk management framework or an equivalent framework. Establishing robust AI governance programs will be crucial to compliance and can help protect against enforcement if something goes wrong.
- CAIA has similarities with the EU AI Act, which is expected to be adopted in the coming weeks. Both acts implement a risk-based approach and impose similar duties of transparency and data governance. However, the EU AI Act applies more broadly and includes obligations not found in the CAIA. In addition, several other states are considering AI legislation, which may add challenges as companies seek to develop a global compliance framework.

**Detailed Analysis**

_Scope_

The CAIA applies to developers and deployers of HRAIS. Developers are defined as any person[1](https://www.wsgr.com/en/insights/colorado-passes-first-in-nation-artificial-intelligence-act.html#1)doing business in Colorado that develops or intentionally and substantially modifies an AI system. Deployers are defined as any person doing business in Colorado that deploys a HRAIS. The

... (truncated, 15 KB total)
Resource ID: ee5e96d37f8d741a | Stable ID: YWU1ZjcyZD