Colorado Is Replacing Its AI Law — But the June 30 Deadline Still Applies to Your Firm

Here's what that means for your firm, and what to actually do before June 30.

---

What Is the Colorado ADMT Framework?

Colorado's AI Act (SB 24-205) was signed by Governor Polis in May 2024, with a delayed effective date of June 30, 2026. The law created obligations for businesses that deploy "high-risk AI systems" — those that make or materially inform consequential decisions affecting Colorado consumers in areas like employment, financial access, and healthcare.

The law attracted significant pushback from business groups, small firms, and even some compliance professionals who argued it was more suited to enterprise AI programs than the way small businesses actually use AI tools.

In response, the Colorado AI Policy Work Group spent several months studying the law and alternatives. On March 17, 2026, they approved the proposed ADMT framework:

What changes under ADMT:

• Removes the mandatory bias audit requirement
• Removes the NIST AI Risk Management Framework alignment requirement
• Removes mandatory Attorney General incident reporting
• Removes formal impact assessment requirements
• Replaces these with a transparency-and-notice regime

What stays under ADMT:

• Consumer disclosure requirements when AI materially influences a consequential decision
• Some notice obligations to consumers about AI use

Critical change for law firms: Legal services decisions were explicitly removed from the ADMT framework's scope of covered "consequential decisions." Law firms stand to get the most relief if the replacement passes.

Critical note for accounting and consulting: Financial decisions remain covered under the ADMT framework. The scope relief is narrower than the headlines suggest for firms in financial services work.

---

Why the June 30 Deadline Still Applies to Your Firm

The ADMT framework — even if passed — would take effect January 1, 2027, not June 30, 2026.

More importantly: it hasn't been introduced as legislation yet. Colorado's legislature adjourns in May. The window is short, the bill language isn't finalized, and the path from "AI Policy Work Group recommendation" to "enacted law" requires the General Assembly to act.

Every major law firm analysis of the ADMT situation — from Fisher Phillips, Mayer Brown, and Hogan Lovells — reaches the same conclusion: continue SB 24-205 preparation, monitor the ADMT bill closely.

The Colorado AG retains full enforcement authority under SB 24-205 until that law is explicitly replaced or superseded. Penalties run up to $20,000 per violation under the Colorado Consumer Protection Act.

The realistic scenarios:

1. ADMT passes before May adjournment AND explicitly supersedes SB 24-205 before June 30 — you may get relief. Watch the bill language carefully.
2. ADMT passes but takes effect January 1, 2027 — June 30 deadline still applies to the original law.
3. ADMT doesn't pass before adjournment — you're under SB 24-205 with a June 30 deadline, full stop.

Treat June 30 as your hard deadline unless and until legislation explicitly says otherwise.

For more on the original timeline and Trump administration preemption arguments, see our earlier coverage of the June 30 deadline and federal preemption landscape.

---

Which Professional Services Firms Are Covered?

Here's a three-question test:

Question 1: Are you using AI to make or inform a "consequential decision"? Under SB 24-205, consequential decisions include: employment decisions (hiring, termination, promotion), access to financial services, healthcare decisions, and housing. If your firm uses AI for any of these — candidate screening tools, AI-assisted financial analysis, risk scoring — you're likely a covered "deployer."

General productivity AI (meeting summarizers, document drafting, research tools) does not meet the high-risk threshold.

Question 2: Does the small business exemption apply? Firms with fewer than 50 full-time employees that use third-party AI tools without custom model training qualify for Colorado's small business deployer exemption. This significantly reduces — but does not eliminate — your obligations. See our full breakdown of who qualifies for the Colorado AI Act small business exemption.

Question 3: Do your clients include Colorado residents or businesses? SB 24-205 follows the consumer, not the firm's location. If you're a Texas-based accounting firm using AI to make financial decisions affecting Colorado clients, you're subject to the law for those interactions.

Under the ADMT framework (if passed), the picture shifts: law firms get meaningful scope relief (legal services removed from coverage), while accounting and consulting firms in financial work remain covered. Don't assume the ADMT replacement exempts your firm from coverage until you've reviewed its actual scope language.

---

The Portable Minimum: 3 Documents That Satisfy Either Version

Here's the practical solution for owners who don't want to build a full compliance program for a law that might change: build the portable minimum — documentation that satisfies the core requirements under both SB 24-205 and the proposed ADMT framework.

You need three documents.

Document 1: AI Tool Inventory

A simple list of every AI tool your firm uses, what decisions it informs, and what data it processes. This doesn't need to be a 40-page risk register. A spreadsheet works. For each tool, document:

• Tool name and vendor
• What you use it for
• Whether it informs decisions about employees or clients
• What data is fed into it (client data, employee data, financial data)

This is the foundation that both SB 24-205 and the ADMT framework point toward. It's also the first thing a regulator would ask for.

Document 2: Vendor AI Policy Statements

Written statements from each of your key AI vendors about their system's intended uses, known limitations, and data handling practices. Most major vendors (Microsoft, Thomson Reuters, Clio, Intuit, etc.) have published these documents. Your job is to collect and file them — not draft them.

This satisfies the transparency requirements under both regimes and demonstrates that you conducted reasonable diligence on the AI systems you're deploying.

Document 3: Client Disclosure Language

A 2-paragraph disclosure for your engagement letters or client communications when AI tools materially inform a client decision. The exact language matters less than having something in writing that explains to clients: (1) that you may use AI tools in your work, and (2) what categories of decisions those tools inform.

A simple paragraph in your standard engagement letter is sufficient for most small firm contexts.

Note on over-compliance: The original SB 24-205 also required a formal written risk management policy and an annual impact assessment. The ADMT framework would eliminate these. If your firm creates them before the ADMT passes, you're over-compliant — which is a defensible position, not a problem.

---

What Law Firms Specifically Need to Know

Law firms face the most interesting situation in this legislation.

Under the proposed ADMT framework, legal services decisions have been removed from the scope of covered consequential decisions. If ADMT passes, law firms using AI for client work could see significant compliance relief compared to the original law.

But the original SB 24-205 — which applies until explicitly replaced — still includes legal services. Law firms are not exempt from the June 30 deadline under the current law.

The practical position for law firms right now: build the portable minimum (the three documents above), watch the ADMT bill closely as the session progresses, and do not assume scope relief that hasn't been enacted yet.

Note also that ABA guidance on AI in legal practice applies regardless of state law. The ethical obligations around competence, supervision, and client disclosure for AI use don't disappear if Colorado exempts legal services from ADMT scope.

---

What Accounting and Consulting Firms Specifically Need to Know

Accounting and consulting firms are in a different position. Financial decision AI — risk scoring, audit tools, financial planning AI, client portfolio analysis — remains in scope under both SB 24-205 and the proposed ADMT replacement.

The scope relief in ADMT is narrower for your firm category than the headlines suggest. If you use AI to inform financial decisions affecting clients, you're covered under either regime.

The practical implications:

• Identify which AI tools you use that touch client financial recommendations. That's your coverage zone.
• The small business exemption under the original law reduces your obligations if you're under 50 employees — but it doesn't eliminate the core transparency and disclosure requirements.
• The portable minimum (inventory, vendor statements, disclosure language) is the right starting point.

---

FAQ

What is the Colorado ADMT framework? The Automated Decision-Making Technology (ADMT) framework is a proposed replacement for Colorado's AI Act (SB 24-205), unanimously approved by Colorado's AI Policy Work Group on March 17, 2026. The framework would replace the original law's mandatory bias audit and impact assessment requirements with a lighter transparency-and-notice regime. The ADMT framework has not yet been introduced as legislation in the Colorado General Assembly. If passed, it would take effect January 1, 2027 — not before the current June 30, 2026 compliance deadline for SB 24-205.

Does the ADMT framework eliminate the June 30, 2026 Colorado AI compliance deadline? No. The June 30, 2026 deadline applies to Colorado's existing AI Act (SB 24-205). The proposed ADMT framework is a legislative proposal, not yet law. Professional services firms should continue preparing for SB 24-205 compliance by June 30 while monitoring whether the ADMT bill passes before the Colorado legislature adjourns in May 2026.

Are law firms covered under the Colorado ADMT framework? Under the proposed ADMT framework, legal services decisions have been removed from the scope of covered consequential decisions. This represents meaningful relief for law firms — but only if the ADMT framework passes. Under the current Colorado AI Act (SB 24-205), legal services is still a covered category. Law firms should not rely on the ADMT scope change until the bill is enacted.

What does the Colorado AI Act require from small accounting or consulting firms? Firms with fewer than 50 employees qualify for the Colorado AI Act's small business deployer exemption, which reduces compliance obligations. Small business deployers must still avoid algorithmic discrimination, provide consumer disclosures when AI influences consequential decisions, and offer an appeals mechanism — but are not required to conduct full annual impact assessments. Firms using AI for client financial analysis, hiring screening, or risk scoring are the most likely to need compliance action.

What is the minimum a professional services firm should do before Colorado's June 30 deadline? The minimum viable Colorado AI compliance posture for a small professional services firm is three documents: (1) an AI tool inventory listing every AI system your firm uses and what decisions it informs; (2) written AI policy statements from your key AI vendors confirming intended use, data handling, and known limitations; and (3) client disclosure language for engagement letters when AI materially influences a client decision. These three documents satisfy the core transparency and disclosure obligations under both the original SB 24-205 and the proposed ADMT replacement.

---

The Colorado AI regulation picture is moving fast. Subscribe to The Crossing Report — we'll notify you when the ADMT bill advances, stalls, or changes the June 30 calculus for your firm.