top of page
Prepare your organization for the first comprehensive AI law in the U.S.
Colorado’s SB205 is the first U.S. law to comprehensively regulate developers and deployers of high-risk systems.
What is SB205?
SB205 imposes obligations on organizations that develop or deploy a high risk AI system in Colorado. The law also identifies specific areas where using AI to assist in a ‘consequential decision’ will be considered high risk. The law establishes boundaries for what constitutes AI, consequential decisions, and the ways in which AI may be used as a ‘substantial factor’ in making or supporting consequential decisions.
Key Requirements of Colorado
Assessment for algorithmic discrimination
Requirement
Developers and deployers of high risk systems must assess their systems for potential discrimination.
How Trustible™ Helps
Trustible helps organizations identify which AI use cases or models fall within the scope of the law, and provides recommendations on how to measure for potential discrimination and what documentation is necessary to support that.
Implementing Risk Management Program
Requirement
Developers of high risk systems must implement a risk management program that, among other things, identifies and mitigates known or reasonably foreseeable risks of algorithmic discrimination.
How Trustible™ Helps
Trustible offers out-of-the-box risk assessments that provide risk and mitigation recommendations. In addition, Trustible can help organizations efficiently conduct a multi-stakeholder risk assessment process to capture inputs from a diverse set of stakeholders.
Conducting Impact Assessments
Requirement
Deployers of high risk systems must conduct annual impact assessments, as well as after substantial modifications are made to an AI system.
How Trustible™ Helps
Trustible offers out-of-the-box workflows for conducting impact assessments, and can provide insights and recommendations for appropriate mitigation strategies.
Responding to Consumer Inquiries
Requirement
Consumers have a right to contest adverse consequential decisions from the use of a high risk AI system.
How Trustible™ Helps
Trustible helps organizations document reported incidents and verify if they are relevant, and what AI risks they’re associated with.
Disclosing Information to Consumers
Requirement
Deployers of high-risk AI systems must provide consumers with high level details about the system and its intended purpose.
How Trustible™ Helps
Trustible can help organizations generate relevant transparency documentation, such as model cards, or use case risk assessments, so that users are appropriately informed.
Reporting Incidents to Regulators
Requirement
Developers and deployers of high-risk systems must report algorithmic discrimination stemming from a high risk AI system within 90 days of its detection.
How Trustible™ Helps
Trustible helps organizations document reported incidents, and offers workflows for reviewing and reporting them to relevant regulators.
Navigate SB205
with Trustible
Risk & Impact Assessments
Identify, manage, measure, and mitigate potential risks or harms in your AI systems.
Central Compliance
Implement frameworks to avoid duplicative compliance obligations.
Documentation
Centralize your AI documentation in a single source of truth.
FAQs
When does the law take effect?
The law will take effect on February 1, 2026. However, Colorado Governor Jared Polis signed the law with some reservations and lawmakers are expected to make amendments prior to the effective date.
How are organizations outside of Colorado impacted?
The law is not exclusive to organizations that are based in Colorado. A developer or deployer is defined as a “person doing business in the state.” Therefore, organizations that have operations in the state of Colorado are expected to comply with the law.
How will SB205 be enforced?
The law does not provide specific penalties for non-compliance. Instead, it empowers the Colorado Attorney General to promulgate rules, which will likely address specific consequences for violating the law.
What if my organization complies with another AI regulation or framework?
The law requires that organizations implement a risk management program. Specifically, it identifies the NIST AI RMF and ISO 42001 as appropriate standards to satisfy this requirement, as well as allows for compliance with similarly stringent standards (i.e., the EU AI Act).
bottom of page