Colorado AI Act Takes Effect June 30: The U.S. Gets Its First Binding AI Business Rules

Summary: Two weeks from today, the Colorado AI Act becomes law. Any company using AI to make consequential decisions affecting Colorado residents — in hiring, lending, healthcare, or housing — must have risk management programs and algorithmic impact assessments in place.

Key Facts

• Colorado AI Act (June 30 effective date): Requires risk management plans, algorithmic impact assessments, and consumer disclosures for developers and deployers of high-risk AI systems — the broadest U.S. state AI law yet
• Covered domains: Employment, credit, housing, healthcare, and education decisions affecting Colorado residents
• EU AI Act (August 2 compliance date): General-purpose AI transparency rules and prohibitions on unacceptable-risk systems take full effect EU-wide; fines up to 3% of global annual revenue for non-compliance
• Federal gap persists: No binding federal AI statute; the AI Bill of Rights remains advisory; California and Texas are advancing their own frameworks, accelerating a patchwork regulatory landscape
• The Trump administration's deregulatory posture is widening the gap between state-level protection and federal inaction

Why It Matters

Colorado and the EU are tightening simultaneously, closing the regulatory vacuum that AI companies have relied on. Even U.S.-only startups with EU users now face two overlapping compliance frameworks with different definitions of "high-risk" — making cross-border policy harmonization an urgent business problem, not just a legal one.

Read More

• AI Regulation Update 2026: EU AI Act Enforcement and US State Rules — Beyond Tomorrow
• 2026 AI Laws Update: Key Regulations and Practical Guidance — Gunderson Dettmer