Bill Updating Colorado AI Law Includes New Privacy Risk Requirement
Colorado Democrats on Monday filed legislation to update the state’s comprehensive AI law, including a requirement that developers disclose when systems might pose risks of violating the Colorado Privacy Act.
Sign up for a free preview to unlock the rest of this article
Senate Majority Leader Robert Rodriguez (D) and Rep. Brianna Titone (D) introduced SB-318. The bill moves the attorney general's authority to enforce violations to January 2027 from February 2026.
The new privacy provision requires developers to “include in an impact assessment whether the system poses any known or reasonably foreseeable risks” of violating the Colorado Privacy Act.
The bill would redefine algorithmic discrimination to “mean the use of an artificial intelligence system that results in a violation of any applicable local, state, or federal anti-discrimination law,” according to the bill summary.
The legislation would eliminate a requirement that developers and deployers of high-risk systems “use reasonable care to protect consumers from any known or reasonably foreseeable risks of algorithmic discrimination.” It also removes the requirement that companies “notify the attorney general of any known or reasonably foreseeable risks of algorithmic discrimination arising from the intended uses of the high-risk artificial intelligence system.”
Rodriguez introduced the AI update bill following months of discussion by a Colorado task force (see 2502030040). Colorado Attorney General Phil Weiser (D) told us in January that his office would hold a rulemaking after lawmakers make any changes to the AI law this year (see 2412160042).