Colorado SB 24-205

The Colorado AI Act, in plain language.

One of the first US state laws to regulate high-risk AI systems and algorithmic discrimination. Here is what it covers, who it binds, and where an AI inventory fits in.

Your First Sweep lands within 24 hours All US AI laws
What it is

A law about high-risk AI and consequential decisions.

Signed in 2024, the Colorado AI Act (Senate Bill 24-205) targets high-risk AI systems: those that make, or are a substantial factor in making, a consequential decision about a person. The duty at its center is reasonable care to protect consumers from algorithmic discrimination.

Two roles

Developers and deployers.

If you build it (developers)
Use reasonable care to guard against algorithmic discrimination, and give deployers the documentation they need: what the system does, its known limitations, how it was evaluated, and how its data is governed.
If you use it (deployers)
Use reasonable care, run a risk management program, complete impact assessments, and notify people when a high-risk system factors into a consequential decision about them. Some duties include a path to correct data or seek human review.
What counts

Consequential decisions.

The law focuses on AI that materially affects access to, or the cost or terms of, decisions like these:

  • Employment and employment opportunities
  • Education and enrollment
  • Financial and lending services
  • Housing, insurance, and health-care services
  • Legal services and essential government services
Not every AI tool
A chatbot that drafts email is not the target. A system that helps decide who gets hired, housed, or lent to can be. The law also includes exemptions, including lighter duties for certain small deployers.
Where Northbeams fits

The inventory, documentation, and evidence side.

Northbeams does not classify your systems or write your impact assessments. It gives you the visibility and records those tasks depend on, so counsel and your risk team start from fact, not guesswork.

  • Inventory: find every AI tool in use across browser, desktop, CLI, and MCP, so you can see where high-risk systems may sit.
  • Attribution: tie each use to a person and a team, the starting point for any risk-management record.
  • Evidence: keep an immutable, signed log of AI activity to support your documentation over time.
Timing and scope

Two things people ask.

When does the Colorado AI Act take effect?
It was enacted in 2024 with its main obligations set to begin in 2026. The exact effective date has been adjusted by the state legislature, so confirm the current date with your counsel before you plan around it.
Does it apply to my company?
It centers on developers and deployers of high-risk AI systems that factor into consequential decisions about Colorado consumers. Whether that includes you is a legal question. The practical first step is knowing which AI systems you actually run.
This is a plain-language overview, not legal advice. Northbeams helps you know what AI you run and prove it, with an AI inventory, per-user attribution, and signed logs. It does not tell you what the Colorado AI Act requires of you, and it does not classify your systems for you. For your obligations, consult qualified counsel.

Know what AI you run in Colorado.

Build the inventory first. Your First Sweep lands within 24 hours.

Get your First Sweep by Monday Poke the live demo. No signup.