We were pleased to be featured by HR Brew in their article on Colorado’s new comprehensive AI Law.
The Colorado law is an actual Big Deal in the world of AI regulation. Here is a very quick set of takeaways:
- Colorado mimics the EU’s risk classification framework. Companies whose use case are “high-risk” will have substantial obligations. This includes education, insurance, employment, housing, legal services, and others
- The law requires implementation of a thorough AI governance and risk assessment policy. It is explicit that by implementing the NIST Framework, ISO42001, or another international framework (read: EU AI Act) that organizations will have an “affirmative defense.”
Colorado’s law marks a bit of a turning point in AI regulation. A year ago, it wasn’t clear to us where the patchwork of municipal, state, federal, and international regulations would go. (Audits? Frameworks? Something else?) Now, it’s much more clear — multiple jurisdictions are going to borrow heavily from the EU AI Act.
So — thinking about Colorado’s law as a distinct regulation to comply with is a missed opportunity. Instead, the best approach is to use this as the spark to institute a more comprehensive program of AI governance.