You can close the June 30 calendar entry.

Governor Jared Polis signed SB 26-189 on May 14, 2026, repealing SB 24-205 — the Colorado Artificial Intelligence Act — in its entirety before it ever took effect. The original law had a June 30, 2026 effective date. It would have been the most detailed AI consumer-protection statute in the United States. It never made it.

The replacement, the Colorado Automated Decision-Making Technology Act (CADMA), takes effect January 1, 2027. Seven months away. And it is materially narrower than what it replaced.

What the original law would have required

SB 24-205 was ambitious. The obligations on developers and deployers were real: mandatory governance frameworks, annual impact assessments, algorithmic discrimination testing, and a requirement to report discovered discrimination to the Attorney General within 90 days. "High-risk AI system" was defined broadly — any system that played a "substantial role" in a consequential decision affecting a Colorado resident. Housing, employment, credit, healthcare, education, insurance, government services.

The compliance cost wasn't theoretical. Real governance frameworks require headcount. Annual impact assessments require documented processes and tooling. Bias testing requires an infrastructure commitment, not a one-time check. For a well-resourced enterprise, annoying. For a small team, potentially the price of doing business in Colorado at all.

Industry lobbied. The bill got rewritten, then rewritten again. Eventually Governor Polis said he'd sign a pared-down version. What he signed is CADMA.

What CADMA actually requires

CADMA narrowed the scope by design. The coverage trigger changed from "substantial role" to "non-de-minimis factor" — and the output must actually affect the outcome of the decision, not merely have the potential to. That's a meaningful threshold shift. A lot of AI-assisted workflows that would have been caught under SB 24-205 probably aren't Covered ADMT under CADMA.

If you do qualify, here's what CADMA requires:

• Clear, conspicuous consumer notice at the point of interaction with your system
• Within 30 days of an adverse outcome: a plain-language description of what your ADMT did and how
• Three years of record retention on decisions involving Covered ADMT
• A process for meaningful human review upon consumer request following an adverse outcome
• Consumers can request their personal data and correct factually wrong inputs your system used

Enforcement is via the Colorado Attorney General under the Consumer Protection Act. No new regulatory regime. Existing enforcement infrastructure.

Source spread

• Colorado General Assembly — SB 26-189 full text — [builder] — primary statutory source; full CADMA text
• Seyfarth Shaw — Colorado enacts AI replacement law — [builder] — detailed breakdown of what was dropped vs. kept; confirms 90-day AG reporting drop
• Finnegan IP — CADMA overview — [builder] — coverage trigger analysis; non-de-minimis standard
• EPIC — Colorado legislature amends AI law — [skeptic] — civil-society read on what consumer protections were lost
• CPR News — Polis signs pared-down AI bill — [skeptic] — reporting on the lobbying pressure that drove the rewrite

Pros & cons

What went in the right direction:

• Seven more months to get compliant is a real gift, especially for small teams who weren't going to make June 30 anyway.
• Dropping the governance-framework requirement removes an obligation that largely benefited enterprises with existing compliance infrastructure. Smaller builders were going to spend proportionally more to satisfy it.
• The narrower scope means fewer ambiguous edge cases. "Non-de-minimis factor in a decision that actually affects the outcome" is cleaner to evaluate than "substantial role in a consequential decision."
• Enforcement via the existing AG Consumer Protection Act structure is less disruptive than a new AI-specific regulatory regime.

What went in the wrong direction:

• Algorithmic bias testing is gone. That is not regulatory overhead — that's a check on a known failure mode. AI systems discriminate in lending, hiring, housing, and insurance decisions. The original law required you to test for it before deploying. CADMA doesn't.
• The AG-reporting requirement had real teeth: 90-day discovery-to-reporting windows for algorithmic discrimination meant the state had a forcing function on finding problems. Gone.
• EPIC and other groups have noted the final text tracks closely with what industry lobbied for, not what independent safety researchers recommended. Those are different things.

Further reading

• Colorado General Assembly — SB 26-189 (CADMA) full text
• Seyfarth Shaw — Colorado Enacts Artificial Intelligence Replacement Law
• Finnegan IP — Colorado Replaces Landmark AI Act: An Overview of the New SB 26-189 Framework
• Clark Hill — Colorado AI Act Update: Key Changes in SB 26-189
• EPIC — Colorado Legislature Again Amends Landmark AI Law
• CPR News — Polis says he will sign pared-down AI bill