Compliance
Colorado was the first US state to pass comprehensive AI legislation. SB26-189, signed into law on May 14, 2026, repeals and replaces the original Colorado AI Act and takes effect January 1, 2027.
The law governs the use of ADMT (Automated Decision-Making Technology) in consequential decisions, covering employment, lending, housing, education, insurance, healthcare, and essential government services. It places obligations on both the developers who build these systems and the organizations that deploy them. Since liability for discriminatory outcomes is preserved under the Colorado Anti-Discrimination Act, a third party bias audit is the most defensible way to identify and evidence those limitations.
Preparation
Warden AI supports both AI vendors and enterprises in meeting SB26-189 obligations through:
Audit
Bias auditing using Warden’s independent dataset — covering all protected characteristics preserved under existing anti-discrimination law.
Comply
Our system version-controls tests, data, and methods, giving you the technical records needed for audits or AG investigations.
Oversight
Warden’s dashboards and reports help vendors and enterprises provide oversight into their AI systems.
Monitor
Because SB26-189 isn’t a one-and-done test, Warden supports monitoring to ensure ongoing risk mitigation.
Frequently Asked Questions
Colorado SB 26-189 is the state's AI law governing automated decision-making technology (ADMT) — systems that process personal data to materially influence consequential decisions such as hiring, promotion, and termination. It rewrites and replaces the earlier Colorado AI Act (SB 24-205), narrowing the focus from broad “high-risk AI” governance to targeted obligations around consequential decisions.
SB 26-189 takes effect January 1, 2027. Unlike the original law, rulemaking by the Colorado Attorney General is mandatory and must be completed by that same date, so implementation details will be filled in through regulations before the effective date.
The law applies to developers that build ADMT and deployers — including employers — that use it to materially influence consequential decisions about Colorado residents. If your organization operates in Colorado or its tools affect Colorado residents, you are likely in scope regardless of where you are headquartered.
Covered organizations must give advance notice that an ADMT is being used, provide a plain-language explanation when a decision is adverse, allow individuals to correct inaccurate personal data, and offer the option of meaningful human review. The emphasis is on transparency and recourse around individual decisions rather than enterprise-wide impact assessments.
It does not mandate a bias audit by name. But developers and deployers are still expected to guard against discriminatory outcomes from ADMT, and independent bias audits are the practical way to demonstrate that duty was met and to support the explanations the law requires. Warden AI's independent audits provide that evidence.
The original law (SB 24-205) centered on “high-risk AI systems,” “algorithmic discrimination,” and broad impact assessments. SB 26-189 narrows that framework to “automated decision-making technology” and shifts the compliance burden toward targeted consumer disclosures, post-decision explanations, correction rights, and human review.
The Colorado Attorney General holds exclusive enforcement authority, and the law does not create a private right of action — individuals cannot sue directly. The AG's mandatory rulemaking will define how the obligations are interpreted and enforced.
Warden AI supports both developers and deployers with independent bias audits, version-controlled audit trails of tests, data, and methods, and transparency reporting. Because SB 26-189 is not a one-and-done exercise, Warden AI also provides ongoing monitoring so you can demonstrate continued oversight as rulemaking and enforcement take shape.
.png)
.svg)
.svg)
.png)
