AI Regulation Compliance Professional Services 2026State AI Chatbot Laws Professional Services 2026AI Disclosure Policy Professional Services Firms 2026AI Compliance Law Firms Professional Responsibility 2026

Colorado's AI Law May Get Replaced Before It Takes Effect. Here's How to Plan Either Way.

April 28, 202610 min readBy The Crossing Report
Share on LinkedInShare on X

Colorado's AI Law May Get Replaced Before It Takes Effect. Here's How to Plan Either Way.

Here is the situation in plain terms: Colorado has the most demanding AI law for professional services firms in the United States, and it goes live on June 30, 2026 — regardless of what happens in the state legislature between now and then.

The Colorado AI law replacement conversation is real. A working group has proposed narrowing the original Artificial Intelligence Decision-Making Act (SB 24-205) significantly. The May 13 session deadline is the last window to pass a replacement bill. But as of late April 2026, that replacement bill has not been formally introduced in the Colorado General Assembly. It may not pass.

If you serve clients in Colorado, or employ people in Colorado, and your firm uses AI in any capacity that touches decisions about them — you cannot afford to wait and see.

This guide gives you the two-scenario planning framework: what you need to do now that protects your firm whether the replacement passes or not, and how to think about the piece that's still uncertain.

What Colorado's ADMT Actually Requires Right Now (The Law That Applies on June 30)

The Colorado Artificial Intelligence Decision-Making Act (SB 24-205) is active law. Its effective date is June 30, 2026. Unless the Colorado General Assembly passes a replacement bill before that date, every requirement in SB 24-205 is live law on June 30.

Here is what the original ADMT requires that matters most for professional services firms:

Scope — what triggers it. The ADMT applies to "deployers" using AI to make or substantially inform "consequential decisions." For professional services, the consequential decision categories that matter are: employment decisions (hiring, termination, compensation, performance review), legal services provided to individuals, financial services decisions, and healthcare-related decisions.

You are a deployer, not just a developer. This is the most important distinction for professional services firms. If you are using a third-party AI tool — a legal research platform, an AI-assisted hiring tool, an accounting AI that recommends client actions — you are a deployer under the ADMT. The fact that you didn't build the AI doesn't exempt you from the law.

Core requirements under the current ADMT:

  • Impact assessments for AI used in high-risk consequential decision categories
  • Disclosures to individuals when AI is used in decisions affecting them
  • Anti-discrimination obligations — the duty not to use AI in ways that produce discriminatory outcomes based on protected characteristics
  • Recordkeeping — documentation of which AI systems are in use and which decision categories they touch

For most 5–30 person professional services firms, the two requirements that demand immediate action are disclosure (a document issue) and recordkeeping (an inventory issue). The impact assessment is more involved — and it's also the requirement the proposed replacement would remove.

June 30 is not tentative. It doesn't depend on the replacement. If you're serving Colorado clients or employing Colorado-based staff and using AI, June 30 is your compliance deadline.

What the Proposed Replacement Would Change (and What It Wouldn't)

The Colorado working group's proposed replacement bill would narrow the ADMT in three meaningful ways:

What changes under the proposed replacement:

  1. Removes the stand-alone algorithmic discrimination duty. Under the current ADMT, deployers have an independent obligation to prevent AI from producing discriminatory outcomes. The replacement removes this as a separate requirement — discrimination remains illegal under existing law, but the AI-specific layer goes away.
  2. Adds a 90-day cure period. First-time violations could be remedied before penalties apply. The current law has no clear cure window.
  3. Clarifies the developer/deployer split. The replacement shifts more responsibility to developers (the AI tool makers) and clarifies that deployers (your firm) bear less liability for problems inherent in the tool's design.

What stays the same under the proposed replacement:

  • Disclosure requirements when AI is used in consequential decisions
  • Recordkeeping obligations
  • Consumer right to know when AI is involved in decisions affecting them

The critical catch: The replacement bill has NOT been formally introduced in the Colorado General Assembly as of late April 2026. The May 13 session deadline is the last window. If May 13 passes without a vote, the original ADMT is live law on June 30. No extension. No delay.

What this means for your planning: The disclosure and recordkeeping requirements survive in every version of this law. The algorithmic discrimination audit is the only thing that might go away. That's where to focus your uncertainty — not on whether you need to disclose.

The Two Scenarios and What Each Means for Your Firm

Scenario A: The replacement passes before May 13.

If the replacement bill becomes law before the session closes:

  • The stand-alone algorithmic discrimination audit requirement goes away
  • A 90-day cure period is available if you're cited for non-compliance
  • Developer liability absorbs more of the burden for tool-related discrimination issues
  • Your firm still needs: AI disclosure in client communications and engagement letters; recordkeeping for which AI tools you use and in what decision contexts

Scenario B: No replacement passes.

If May 13 passes without a new law:

  • The original ADMT (SB 24-205) takes effect June 30 in full
  • You'll need disclosure, recordkeeping, and impact assessments for AI used in high-risk consequential decisions
  • The algorithmic discrimination duty remains
  • Your firm still needs everything from Scenario A, plus: an impact assessment process for AI tools used in consequential decisions

What's the same in both scenarios? Disclosure and recordkeeping. That is where your compliance work begins — and where starting now means you're not starting from zero on June 30 regardless of what the legislature does.

What Professional Services Firms Should Do Now (Regardless of Which Scenario Plays Out)

Three steps that protect you under both versions of the law.

Step 1: Inventory Your Consequential AI Use in Colorado

Walk through your firm's AI tool use with one question: does this AI touch decisions about Colorado clients or Colorado employees?

For most professional services firms, the primary risk areas are:

  • AI-assisted hiring tools — any software with AI scoring of resumes, interview scheduling, or applicant ranking (common tools: Greenhouse with AI features, LinkedIn Recruiter AI, any ATS with "match scores")
  • AI client communication or intake tools — chatbots, AI-drafted client emails, automated intake workflows where Colorado clients are involved
  • AI-informed advisory outputs — if your accounting or consulting work involves AI tools that make recommendations that clients act on

Write this inventory down. Even a simple spreadsheet with three columns — tool name, which decisions it touches, which client/employee population is affected — is sufficient. This document is also your starting point for the impact assessment requirement under Scenario B.

For most 5–25 person firms, this inventory takes 4–6 hours. Do it this week.

Step 2: Build the Shared Compliance Baseline

The disclosure and recordkeeping requirements that survive in both versions of the law are not complex. They require documentation — not a compliance department.

Draft an AI disclosure for client-facing communications. This goes in three places:

  • Your engagement letter or service agreement (one paragraph, added before your next client renewal)
  • Your website privacy or terms page
  • Any automated client interaction point (chatbot confirmation, portal notification, etc.)

What the disclosure needs to say, in plain terms: your firm uses AI-assisted tools in service delivery; when clients interact with automated systems, they'll be identified as such; and you remain responsible for all work product regardless of AI involvement.

Create a record of AI tools in use. Your inventory from Step 1 is this record. Keep it in a shared folder. Date it. Review it when you add a new tool.

This compliance baseline takes 4–8 hours of staff time for a small firm. It is a one-time effort that protects you for every Colorado client you serve going forward.

Step 3: Treat the Algorithmic Discrimination Audit as Conditional

The bias audit requirement — impact assessments demonstrating your AI tools don't produce discriminatory outcomes — is the one piece that the proposed replacement removes.

Here is the practical approach for a small firm in the planning window before May 13:

  • Build the disclosure and recordkeeping baseline now (Steps 1 and 2)
  • Identify which of your AI tools, if any, are used in high-risk consequential decisions for Colorado individuals
  • If the replacement passes: your disclosure and records are in place; the audit requirement is gone; you're done
  • If the replacement doesn't pass: your disclosure and records are already in place; add the impact assessment for the high-risk tools you identified in Step 1

Starting with the shared requirements means you're not starting from zero in either scenario. The additional work under Scenario B is contained to impact assessments for a specific, identified list of tools — not a firm-wide compliance rebuild.

The Bigger Picture — Why Colorado Is the Canary for Professional Services Firms Nationwide

Colorado's AI law is not an isolated state compliance issue. It is the leading indicator for how state AI regulation will develop nationally.

Twenty-five state AI laws were enacted in 2026 alone — a fourfold increase from just six weeks earlier, according to PluralPolicy. Colorado's ADMT is the most operationally complex of those laws and the one most directly targeted at professional services decisions.

Two things will happen on or before May 13 that will signal the direction of state AI regulation nationally:

If the replacement passes and narrows the law: This tells every other state legislature that heavy AI compliance obligations — particularly algorithmic discrimination duties — can be walked back under industry pressure. Future state bills are likely to trend toward transparency-only frameworks (disclosure + recordkeeping) rather than the fuller Colorado ADMT model.

If the replacement fails and ADMT takes effect in full: Colorado's ADMT becomes the floor. States considering their own AI employment and decision laws will have a live, enforced precedent showing what full-scope regulation looks like. Expect other states with active AI legislation to reference Colorado's structure.

For multi-state professional services firms, the Colorado compliance framework you build now — whether for Scenario A or Scenario B — is directly transferable to other states' requirements. Firms that build proper disclosure and recordkeeping infrastructure for Colorado will find that the compliance infrastructure they need in Illinois, New York, or Georgia is largely already in place.

Colorado is not an edge case. It is your test environment for how to build compliance infrastructure that scales across multiple state regimes.

The One Thing to Do This Week

Open your engagement letter template and add a one-paragraph AI disclosure before your next client renewal.

You don't need to wait for May 13. You don't need to know which version of the law applies. The disclosure is required in both scenarios.

The paragraph says: your firm uses AI-assisted tools in service delivery; clients interacting with automated systems will be identified as such; and you remain responsible for all work product regardless of AI assistance.

Three sentences. This makes you compliant with the disclosure requirement under both the existing ADMT and the proposed replacement. It also makes every Colorado client you onboard from today forward protected from the compliance gap — regardless of what the legislature does between now and June 30.

After that, build the inventory from Step 1. You have until June 30. You do not have until June 29.

Colorado's AI law is the leading indicator for how state AI compliance will develop nationally. The Crossing Report covers state AI regulation developments — translated for professional services firm owners, not compliance departments. Subscribe here.

Related reading:

Frequently Asked Questions

Is Colorado's ADMT (SB 24-205) still in effect, or has it been replaced?

As of late April 2026, the original ADMT (SB 24-205) is still the law, effective June 30, 2026. A replacement bill has been proposed but not formally introduced in the Colorado General Assembly. The May 13 session deadline is the last window to pass a replacement before June 30. If nothing passes, the original ADMT is live law on June 30.

What does Colorado's proposed ADMT replacement change for professional services firms?

The proposed replacement narrows compliance in three ways: (1) removes the stand-alone duty to avoid algorithmic discrimination; (2) adds a 90-day cure period before fines; (3) clarifies that firms using third-party AI tools bear less liability for the tool's underlying design. However, disclosure requirements and recordkeeping obligations remain in both versions.

Should my firm comply with Colorado's ADMT now, or wait to see if the replacement passes?

Do not wait. Build the compliance baseline that's required under both versions — AI disclosure and recordkeeping — now. The algorithmic discrimination audit requirement is the only thing the replacement removes. Starting with the shared requirements means you're protected regardless of which version is in effect on June 30.

Which professional services firms are subject to Colorado's ADMT?

Any firm that uses AI in 'consequential decisions' for Colorado residents or employees. For professional services: staffing firms using AI in hiring; law firms using AI in legal matter intake or client classification; accounting firms using AI to make financial or employment recommendations to Colorado clients. Deployers — firms using third-party AI tools — are covered, not just the AI software makers.

What is the penalty for non-compliance with Colorado's ADMT?

The Colorado AG can seek civil penalties and injunctive relief. The proposed replacement adds a 90-day cure period — meaning first-time violations could be remedied before fines apply. Under the current law (without the replacement), cure periods are less defined. Either way, the practical risk for most professional services firms is not the fine; it's the audit exposure and reputational cost of being cited for algorithmic discrimination against a client or employee.

Get the weekly briefing

AI adoption intelligence for accounting, law, and consulting firms. Free to start.

Related Reading

This is the kind of intelligence premium subscribers get every week.

Deep analysis, cross-sector patterns, and the frameworks that help professional services firms make the crossing.

Subscribe freeGo premium — $19/mo$190/yr (save 17%)