On May 14, 2026, Colorado Governor Jared Polis signed SB 189, amending the Colorado Artificial Intelligence Act (originally enacted as SB 24-205) and pushing its effective date from June 30, 2026 to January 1, 2027. The amendment grants developers and deployers of high-risk AI systems several additional months to prepare for compliance, while also scaling back a number of the original statute's obligations. For businesses that had been racing to meet the prior summer deadline, the legislation provides meaningful breathing room, but it also reshapes the compliance landscape in ways that warrant a careful, fresh review.
The Colorado AI Act remains the most comprehensive state-level regulation of high-risk AI systems in the United States, and even in its revised form it imposes significant duties on companies that develop or deploy such systems for consequential decisions affecting consumers. Although SB 189 reduces certain developer and deployer obligations, the core framework, including expectations around governance, risk management, documentation, and consumer notifications, continues to apply. Covered businesses should not treat the delay as a reason to pause compliance work; rather, they should use the additional runway to align their programs more deliberately with the revised statutory framework.
Companies should consider revisiting their inventories of in-scope AI systems, updating impact assessment and recordkeeping practices, refining vendor and contractual arrangements with upstream developers, and reassessing consumer-facing disclosures and appeal mechanisms. Internal governance structures, including cross-functional oversight involving legal, compliance, data, and product teams, should be calibrated to the amended requirements rather than to the original 2026 text.
An additional layer of uncertainty remains. A federal challenge to the Colorado AI Act is still pending, and its outcome could further alter the obligations facing covered businesses. Organizations should monitor that litigation closely while continuing to build compliance infrastructure, recognizing that responsible AI governance practices will likely retain value regardless of how the challenge is resolved.
This alert is provided for general informational purposes only and does not constitute legal advice. Clients facing decisions about Colorado AI Act compliance should seek tailored guidance based on their specific products, deployments, and risk profile.