Colorado joins the ranks of states prioritizing consumer protection in AI development with its latest bill. The proposed legislation places obligations on both developers and deployers of AI systems while providing affirmative defenses for compliance with recognized risk management frameworks.

With a wave of states proposing AI legislation, just like we’ve seen in privacy, Truyo President Dan Clarke says, “With the patchwork of omnibus privacy law, we can all hope for a federal law, but this is just too important for states to leave to chance. I expect we will have even more than 15 and, like the adoption of AI itself, this legislation will manifest at a much faster pace. Colorado’s bill covers any type of system that uses ML/AI to make or aid decisions that impact a consumer. It uniquely defines a ‘deployer’ versus a ‘developer.’ Most importantly, there is an affirmative defense for a company. This means you have negative reinforcement in laws, such as New York, that require bias testing, and now, with Colorado, we find positive reinforcement in this draft, giving you a defense if you do testing & documentation. Both lead to the same conclusion: Don’t ignore bias testing.”

Here’s a breakdown of key points included in Colorado’s AI Bill:

• Affirmative Defense: Developers and deployers implementing and maintaining programs in compliance with recognized risk management frameworks for AI systems receive an affirmative defense.
• Responsible AI Practices: Obligations include adopting policies to prevent algorithmic discrimination, ensuring transparency in design and testing phases, and avoiding copyright infringement.
• Documentation Requirements: Developers must provide detailed documentation to deployers integrating AI models, enabling them to understand capabilities, limitations, and risks.
• Generative AI Tools: Developers of tools generating synthetic digital content must mark outputs as synthetic and disclose this information to consumers.
• Rebuttable Presumption of Reasonable Care: Criteria set for developers and deployers to establish a rebuttable presumption of reasonable care, including making disclosures, implementing risk management policies, and completing impact assessments.
• Comprehensive Approach: The bill emphasizes transparency, accountability, and ethical considerations in AI governance, promoting responsible AI innovation.
• Flexibility: Incorporation of recognized risk management frameworks allows adherence to standards and best practices in AI development and deployment.
• Ethical Use of AI: Upholding ethical standards and prioritizing consumer protection is crucial as AI continues to play a significant role in society.
• Promoting Responsible AI: Implementing and enforcing written AI policies aligned with existing laws and best practices is essential for ensuring the ethical use of AI technologies.

The bill’s approach is noteworthy as it places obligations on both developers and deployers of AI, alongside offering presumptive safe harbors and defenses. While specific criteria are outlined, Colorado maintains flexibility by incorporating nationally or internationally recognized risk management frameworks, such as the NIST AI Risk Management Framework.

In the context of the bill:

• A “deployer” refers to a person conducting business in Colorado who deploys generative artificial intelligence systems or high-risk artificial intelligence systems.
• A “developer” refers to a person conducting business in Colorado who develops or substantially modifies general-purpose artificial intelligence models, generative artificial intelligence systems, or high-risk artificial intelligence systems.

The Colorado AI bill represents a significant step towards regulating the development and deployment of AI technologies, emphasizing responsible practices and consumer protection. It imposes obligations on both developers and deployers while offering presumptive safe harbors and defenses. Notably, the bill prioritizes transparency, documentation, and the avoidance of algorithmic discrimination as we’ve seen apparent in other proposed legislation. By incorporating flexibility and aligning with established risk management frameworks, such as the NIST AI Risk Management Framework, Colorado aims to foster innovation in AI while ensuring the ethical and accountable use of these technologies.

Click here to learn about the Truyo AI Governance Product helping companies prepare for upcoming AI regulations.