AIUC-1 × Colorado AI Act (SB 24-205)
Colorado's SB 24-205, the Colorado AI Act, imposes duties of reasonable care on both developers and deployers of high-risk AI systems - defined as any AI that makes or substantially factors into a consequential decision affecting education, employment, financial services, healthcare, housing, insurance, or legal services. It requires risk management programs, structured impact assessments, consumer notifications, and public disclosures, with a focus on preventing algorithmic discrimination against protected classes.
AIUC-1 operationalizes the Colorado AI Act by aligning with its requirements.
Certification against AIUC-1 is a strong step towards compliance with Colorado AI Act as it:
Requires organizations to define AI risk taxonomies, implement pre-deployment testing procedures, and ensure ongoing risk monitoring that support the law's duty of reasonable care for both developers and deployers
Establishes quality management and impact assessment practices that align with the law's risk management program and structured impact assessment requirements
Provides transparency documentation controls that support the law's public disclosure obligations for both developers and deployers
Supports eligibility for the law's affirmative defence provision, which recognises compliance with established AI risk management frameworks including NIST AI RMF and ISO 42001
The Colorado AI Act takes effect June 2026, with the Colorado Attorney General holding exclusive enforcement authority. Violations are treated as unfair trade practices under the Colorado Consumer Protection Act.
See the crosswalk to the detailed Colorado AI Act subsections here.
This crosswalk is provided for informational purposes only and does not constitute legal advice. Sections with no operative analog to AIUC-1 (e.g. addressing definitions, enforcement mechanisms, regulatory infrastructure, and legislative safe harbors) have been omitted from crosswalk mappings. Organizations should consult qualified legal counsel to determine their specific compliance obligations under the Colorado AI Act.
Colorado AI Act crosswalk by section
6-1-1702: Developer Duties
Imposes a duty of reasonable care on developers and requires documentation, public disclosure, and reporting of known algorithmic discrimination risks.
6-1-1703: Deployer Duties
Imposes a duty of reasonable care on deployers and requires a risk management program, impact assessments, consumer notifications, and public disclosures.
6-1-1706 & 6-1-1707: Enforcement & AG, Rulemaking Authority
The AG has exclusive enforcement authority. Violations are unfair trade practices. Compliance with a recognised AI risk management framework is an affirmative defence.
The Security, Safety, and Reliability standard for AI agents
Stay up to date with AIUC-1
