The revised statute reallocates compliance duties between developers and deployers. Developers must provide technical documentation covering intended uses, training data categories, system limitations, and human-review protocols, plus notice of material updates. Deployers face stricter obligations: clear consumer notice when ADMT is deployed, post-decision disclosures when adverse outcomes occur, three-year record retention, and procedures for data correction and meaningful human review in limited circumstances. The law takes effect January 1, 2027, and is enforceable only by the Colorado attorney general.
Colorado's original 2024 AI law had drawn industry criticism for imposing duties of care, risk management, and impact assessments on developers and deployers before implementation. By substantially scaling back those obligations before the statute's June 30, 2026 effective date, Colorado signals a policy pivot toward transparency and notice over prescriptive governance. The move clarifies liability allocation between market participants and establishes a model likely to influence how other states approach AI regulation.