GLACIS logo GLACIS
Colorado AI Act Jun 30, 2026 | EU AI Act Aug 2, 2026 | California ADMT Jan 1, 2026
days until enforcement

Colorado AI Act
SB 24-205

The first comprehensive US state AI law. $20,000 per violation per consumer or transaction. Effective June 30, 2026. NIST AI RMF compliance supports a rebuttable presumption of reasonable care.

Free Compliance Assessment Read the full compliance guide →

What the law says

Who it covers

Developers and deployers of high-risk AI systems making consequential decisions in employment, education, housing, healthcare, financial services, insurance, legal, and government sectors.

Key requirements

  • • Duty of care to prevent algorithmic discrimination
  • • Impact assessments (initial + annual)
  • • Risk management aligned with NIST AI RMF / ISO 42001
  • • Consumer notification before consequential decisions
  • • Public disclosure on website
  • • Report discrimination to AG within 90 days

When it takes effect

days until June 30, 2026

AG exclusive enforcement begins on day one. No cure period for initial violations. This is not a grace period — it's a cliff.

What happens if you don't

$20,000
per violation, per consumer or transaction

If your AI system processes 100 transactions per day, that's $2,000,000/day in potential penalty exposure. AG has exclusive enforcement authority.

The rebuttable presumption — and how to earn it

Colorado offers a rebuttable presumption of reasonable care for organizations that demonstrate NIST AI RMF or ISO 42001 compliance — the strongest AI-specific reasonable-care defense in US law.

Policies alone don't qualify

Having a PDF that describes your NIST mapping isn’t enough. The rebuttable presumption requires evidence that you actually followed the framework — not just that you documented it.

GLACIS strengthens the defense

GLACIS generates continuous cryptographic evidence that your NIST AI RMF-mapped controls actually executed — third-party witnessed, tamper-proof, ready for auditors and regulators. This is the evidence trail that supports your showing of reasonable care.

How GLACIS gets you there

1. Assess your gaps

Free compliance wizard maps your current state against NIST AI RMF requirements. Get a personalized gap analysis in 5 minutes.

2. Continuous attestation

Deploy the GLACIS SDK. Every AI decision generates a cryptographic receipt — witnessed by our independent network. Zero data egress.

3. Strengthen your defense

Your evidence trail demonstrates NIST AI RMF compliance continuously — not just at audit time. This supports the rebuttable presumption of reasonable care the law provides for.

Start Free Compliance Assessment

5 minutes. Personalized report. Share with your GC.

Go deeper

Complete Guide
Colorado AI Act: Full Compliance Guide
Framework
NIST AI RMF: The Reasonable-Care Framework
Pricing
Plans from $500/mo — vs. $20K/violation