The Colorado AI Act (SB 24-205) was the first comprehensive US state law regulating AI development and deployment. It was scheduled to take effect on 30 June 2026, imposing disclosure, reporting, and risk-mitigation obligations on companies developing or using "high-risk" AI systems in employment, housing, education, healthcare, legal services, and financial services. As of May 2026, the law is effectively frozen — through a combination of federal litigation, DOJ intervention, and state legislative action that significantly scaled back its requirements. Understanding what happened, why, and what it means for US state AI regulation more broadly is essential for any organisation operating across US states.
The sequence of events
April 9, 2026: xAI filed suit in federal court seeking to enjoin the Colorado AI Act on First Amendment, Dormant Commerce Clause, due process, and equal protection grounds. xAI argued that the Act's algorithmic discrimination provisions would compel developers to reengineer model outputs to conform to state-preferred viewpoints — a compelled speech claim. April 24, 2026: The Trump DOJ intervened in the case, the first time the federal government moved to invalidate a state AI law under President Trump's December 2025 Executive Order "Ensuring a National Policy Framework for AI." April 27, 2026: A federal magistrate judge stayed enforcement of the law while litigation proceeds. Colorado's Attorney General announced he would not enforce the Act until rulemaking concluded — which had not yet begun. May 14, 2026: Governor Polis signed SB 189, delaying the Act's effective date from 30 June 2026 to 1 January 2027 and significantly scaling back its requirements.
What the federal strategy looks like
President Trump's December 2025 Executive Order "Ensuring a National Policy Framework for AI" explicitly aims to sustain US global AI dominance through a "minimally burdensome national policy framework" — preempting state AI regulation through federal lawsuits and withholding federal funds from states with what the EO characterises as overly burdensome AI rules. The Colorado intervention was the first application of this strategy. Other states with comprehensive AI laws — California, Illinois, New York, Texas — are now on notice that similar federal challenges may follow if they enforce AI-specific regulations.
What still applies to employers using AI
Even with the Colorado AI Act frozen, employer AI risk in the US remains substantial. Title VII of the Civil Rights Act applies to AI-driven employment decisions that produce discriminatory outcomes. The ADA applies to AI used in disability accommodation decisions. State anti-discrimination laws (California's FEHA, New York City Human Rights Law) cover AI-influenced employment decisions. NYC Local Law 144 still requires annual bias audits for automated employment decision tools. The EEOC has issued guidance on AI in employment under existing federal law. Federal sectoral regulators (EEOC, CFPB, FTC, HHS) continue to enforce existing law against AI systems that violate it.
What this means for organisations
The Colorado situation does not mean AI governance is optional. It means that the regulatory framework is uncertain. Organisations should continue building AI governance capabilities that satisfy existing federal and state law (discrimination, privacy, consumer protection), prepare for the EU AI Act if they have any EU exposure (most multinationals do), monitor state AI legislation in California, Illinois, New York, and Texas where similar laws may face similar challenges, and maintain documentation that demonstrates good-faith AI governance practices regardless of which specific rules apply.
Primary sources: Hunton Andrews Kurth — Colorado AI Act Amended (May 2026) | Privacy World — Colorado AI Act Analysis
