On May 7, the Colorado Senate passed SB 189, a bill that would repeal and replace the state’s Colorado AI Act enacted in 2024 and scheduled to take effect on June 30, 2026. If enacted, SB 189 would replace the current framework with a narrower statute focusing primarily on disclosure, recordkeeping, and consumer notice requirements for developers and deployers of “automated decision-making technology” (“ADMT”).

SB 189 largely tracks the draft bill Governor Jared Polis released in March, with a few additional changes, including:

  • Employment Scope: SB 189 clarifies that a “consequential decision” includes decisions relating to “employment or an employment opportunity that creates or may create an employer-employee relationship.”
  • Fraud Exemption: Similar to the Colorado AI Act, the governor’s draft bill would have exempted “activities relating to technologies used for . . . fraud prevention . . . excluding facial recognition” from the definition of “consequential decision.”  SB 189 includes this exemption but removes the facial recognition carve out.
  • Developer Obligations: SB 189 allows developers to satisfy the requirement that they disclose “notice of material updates” through “public release notes” provided they directly notify each deployer of the release.
  • Cure Period: SB 189 shortens the cure period from 90 days in the governor’s draft bill to 60 days and requires an opportunity to cure only where the Colorado Attorney General determines that a cure is possible. 

SB 189 directs the Attorney General to complete necessary rulemaking to implement its enforcement provisions by January 1, 2027. Colorado Attorney General Phil Weiser recently indicated the state’s intention to delay enforcement of the Colorado AI Act, or any successor legislation, until required rulemaking is complete, suggesting that enforcement of SB 189 would likely begin only if rulemaking is finalized by January 1, 2027.

SB 189 now moves to the House for consideration. The legislature has until the end of the session on May 13, 2026 to pass the bill and send it to the Governor for signature. We will continue to monitor its progress and provide updates.

Tags: Artificial Intelligence (AI), Colorado AI Act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Matthew Shapanka Matthew Shapanka

Matthew Shapanka is a strategic policy and regulatory attorney who helps technology companies and other businesses navigate complex, high-stakes legislative, regulatory, and enforcement matters at the intersection of law and politics. Drawing on 15+ years of experience across private practice, the U.S. Senate…

Matthew Shapanka is a strategic policy and regulatory attorney who helps technology companies and other businesses navigate complex, high-stakes legislative, regulatory, and enforcement matters at the intersection of law and politics. Drawing on 15+ years of experience across private practice, the U.S. Senate, state government, and political campaigns, Matt develops comprehensive policy strategies that identify regulatory risks and position clients to shape policy outcomes.

Public Policy and Regulatory Strategy

Matt serves as a strategic advisor to Fortune 200 companies on emerging technology policy, including artificial intelligence regulation, connected and autonomous vehicles, semiconductors, IoT, and national security matters. He translates complex legal and technical issues into actionable legislative and regulatory strategy, building the policy frameworks and advocacy infrastructure that enable clients to influence policy. He develops policy collateral for federal, state, and international advocacy, coordinates multi-stakeholder coalitions, and represents clients before Congress, federal agencies, and state legislative and regulatory bodies.

His technology policy experience includes securing unprecedented Presidential intervention in the $118 billion Qualcomm-Broadcom transaction (for which Covington was recognized as The American Lawyer 2019 “Dealmakers of the Year”), advising Fortune 200 companies on Bureau of Industry and Security connected vehicle rules, and counseling major internet platforms on autonomous vehicle policy across dozens of states.

Matt leads Covington’s state public policy practice, managing complex multistate legislative and regulatory advocacy campaigns. His state-level work includes securing a last-minute amendment to California’s 2023 money transmitter legislation on behalf of a fintech client and representing major technology companies on state AI, autonomous vehicle, and political advertising compliance matters across dozens of jurisdictions.

Matt rejoined Covington after serving as Chief Counsel for the U.S. Senate Committee on Rules and Administration under Chairwoman Amy Klobuchar (D-MN), where he negotiated the landmark bipartisan Electoral Count Reform Act – legislation that updated presidential election certification procedures for the first time in nearly 140 years. He also oversaw the Committee’s bipartisan January 6th investigation, developing protocols that resulted in unanimous passage of new Capitol security legislation.

Both in Congress and at Covington, Matt has prepared dozens of corporate executives, nonprofit leaders, academics, and presidential nominees for testimony at congressional committee hearings and depositions. He is a skilled legislative drafter and strategist who has composed dozens of bills and amendments introduced in Congress and state legislatures, including many that have been enacted into law.

Election and Political Law Compliance and Enforcement

As a member of Covington’s Chambers-ranked (Band 1) Election and Political Law practice, Matt advises businesses, nonprofits, political committees, candidates, and donors on the full range of federal and state political law compliance matters, including:

Election and campaign finance laws
Lobbying disclosure
Government ethics rules
The SEC Pay-to-Play Rule

He also conducts political law due diligence for M&A transactions, counsels major political funders and donors in compliance and enforcement matters, and represents candidates, ballot measure committees, and donors in election disputes and recounts.

Before law school, Matt served in the administration of former Governor Deval Patrick (D-MA), where he worked on policy, communications, and compliance matters for federal economic recovery funding awarded to the state. He has also staffed federal, state, and local political candidates in Massachusetts and New Hampshire.

Read more about Matthew ShapankaEmail
Show more Show less
Photo of Jayne Ponder Jayne Ponder

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy…

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy, artificial intelligence, sensitive data and biometrics, marketing and online advertising, connected devices, and social media. For example, Jayne regularly advises clients on the California Consumer Privacy Act, Colorado AI Act, and the developing patchwork of U.S. state data privacy and artificial intelligence laws. She advises clients on drafting consumer notices, designing consent flows and consumer choices, drafting and negotiating commercial terms, building consumer rights processes, and undertaking data protection impact assessments. In addition, she routinely partners with clients on the development of risk-based privacy and artificial intelligence governance programs that reflect the dynamic regulatory environment and incorporate practical mitigation measures.

Jayne routinely represents clients in enforcement actions brought by the Federal Trade Commission and state attorneys general, particularly in areas related to data privacy, artificial intelligence, advertising, and cybersecurity. Additionally, she helps clients to advance advocacy in rulemaking processes led by federal and state regulators on data privacy, cybersecurity, and artificial intelligence topics.

As part of her practice, Jayne also advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

Jayne maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics and elder estate planning.

Read more about Jayne PonderEmail
Show more Show less
Photo of Vanessa Lauber Vanessa Lauber

Vanessa Lauber is an associate in the firm’s New York office and a member of the Data Privacy and Cybersecurity Practice Group, counseling clients on data privacy and emerging technologies, including artificial intelligence.

Vanessa’s practice includes partnering with clients on compliance with federal…

Vanessa Lauber is an associate in the firm’s New York office and a member of the Data Privacy and Cybersecurity Practice Group, counseling clients on data privacy and emerging technologies, including artificial intelligence.

Vanessa’s practice includes partnering with clients on compliance with federal and state privacy laws and FTC and consumer protection laws and guidance. Additionally, Vanessa routinely counsels clients on drafting and developing privacy notices and policies. Vanessa also advises clients on trends in artificial intelligence regulations and helps design governance programs for the development and deployment of artificial intelligence technologies across a number of industries.

Read more about Vanessa LauberEmail
Show more Show less
Photo of Evan Chiacchiaro Evan Chiacchiaro

Evan Chiacchiaro is an associate in the firm’s Washington, DC office and member of the Technology and Communications Regulation Practice Group.

Evan advises clients on a range of technology regulatory issues, including emerging artificial intelligence compliance matters and compliance with Federal Communications Commission…

Evan Chiacchiaro is an associate in the firm’s Washington, DC office and member of the Technology and Communications Regulation Practice Group.

Evan advises clients on a range of technology regulatory issues, including emerging artificial intelligence compliance matters and compliance with Federal Communications Commission (FCC) regulations. Evan also maintains an active pro bono practice focused on civil rights.

Read more about Evan ChiacchiaroEmail
Show more Show less