SB 205 Compliance
Colorado’s AI law takes effect June 30, 2026. Are you ready?
SB 205 is the first comprehensive state AI regulation in the country. If your organization uses AI in consequential decisions, you have obligations. We help you meet them.
Effective June 30, 2026
Scope & Applicability
Does SB 205 apply to your organization?
SB 205 applies to AI systems used in consequential decisions across multiple industries. Here’s who’s affected:
Employment
Hiring, performance evaluation, termination, promotion decisions
Lending & Finance
Credit decisions, loan approval, risk assessment algorithms
Healthcare
Treatment recommendations, diagnosis assistance, resource allocation
Housing
Rental approval, mortgage decisions, property valuation
Insurance
Premium calculation, claims processing, coverage decisions
Education
Admissions, course placement, academic performance prediction
Legal Services
Case prediction, legal research, document analysis
Government
Benefits determination, licensing decisions, enforcement actions
Small Company Exemption
Companies with fewer than 50 full-time employees that do not train AI models on their own data may be exempt from certain SB 205 obligations. However, if you deploy third-party AI systems in consequential decisions, you still have notice and disclosure requirements. Contact us to confirm your exemption status.
Legal Requirements
What SB 205 requires your organization to do
Six key obligations that shape your AI governance and operational practices.
You must conduct annual risk assessments for each AI system used in consequential decisions. These assessments document the system’s intended use, identify potential harms, evaluate fairness across demographic groups, and assess bias mitigation measures. Documentation must be retained for audit purposes and updated whenever the system changes.
Establish documented risk management procedures aligned with NIST’s AI Risk Management Framework. Your program should cover: mapping of AI systems in your organization, risk governance structure, assessment methodologies, mitigation strategies, and ongoing monitoring. This is not a checkbox -it’s a living operational framework.
When AI is used in a consequential decision affecting a consumer (hiring, lending, housing, etc.), you must disclose that AI was used and provide an opportunity for the affected person to request human review. Notice must be clear and provided at the time of decision or before the decision takes effect, where feasible.
Conduct testing to identify and mitigate discriminatory impacts. You must evaluate whether your AI systems produce disparate outcomes based on protected characteristics (race, color, religion, sex, national origin, age, disability, sexual orientation, etc.). If discrimination is found, you must implement mitigation measures and document the process.
Establish clear governance structures that define roles, responsibilities, and oversight mechanisms for AI systems. Create and maintain written policies covering: system development, deployment, monitoring, human review processes, and incident response. Governance must be documented, communicated internally, and updated as needed.
Provide training to employees involved in AI deployment, monitoring, and decision-making. Training should cover: your organization’s AI governance policies, SB 205 requirements, how to identify and report potential issues, and the importance of human oversight in high-stakes decisions. Annual refresher training is recommended.
Our Approach
Three-phase compliance program
From initial assessment through ongoing governance support, we help you build compliance that actually strengthens your AI operations.
1
Readiness Assessment
Foundation (6-8 weeks)
We inventory all AI systems currently in use across your organization, classify which systems trigger SB 205 obligations, identify gaps in your current practices, and benchmark against NIST AI RMF requirements. You get visibility into your full AI footprint and a clear roadmap to compliance.
Deliverable
20-30 page assessment report + executive summary
2
Impact Assessments & Documentation
Implementation (Ongoing)
We conduct annual impact assessments for each qualifying AI system, document risk mitigation strategies, create consumer notice language tailored to your applications, and establish baseline fairness metrics. You build the compliance documentation needed for audit readiness and regulatory confidence.
Deliverable
Annual assessment reports + compliance templates + notice language
3
Governance Retainer
Continuous Support
Monthly governance support keeps your compliance current as regulations evolve and your AI systems change. We maintain your policies, conduct employee training, monitor regulatory updates, and help respond to any compliance questions. Your governance stays dynamic, not static.
Deliverable
Ongoing policy maintenance + training + regulatory monitoring
“
We came in expecting a compliance checklist. What we got was a governance foundation that actually made our AI deployment more effective -not just compliant.
James Whitfield, General Counsel, Financial Services
Every month you wait is a month without governance.
SB 205 takes effect June 30, 2026. Now is the time to start. We’ll help you move from zero to compliant -and capable.