Compliance / Colorado

Colorado SB 205 Compliance

Pipkin is a qualified independent third-party assessor for Colorado's AI Act. Our evaluations produce the documentation SB 205 requires -- 20 metrics, NIST AI RMF aligned, with three-year record retention.

What SB 205 Requires

Colorado SB 205, the Colorado AI Act, took effect February 1, 2026. It imposes obligations on deployers of high-risk AI systems -- defined as systems that make or substantially influence consequential decisions affecting consumers in areas such as employment, lending, insurance, housing, and education.

Annual Impact Assessment

Deployers of high-risk AI systems must conduct an annual impact assessment evaluating the system's risks, benefits, and effects on consumers. The assessment must document the system's purpose, intended use, and potential harms.

Third-Party Review Option

Deployers may satisfy the impact assessment requirement through an independent third-party evaluation. The third party must assess the system against recognized risk management standards, including alignment to the NIST AI Risk Management Framework.

Consumer Disclosure

Deployers must disclose to consumers when a consequential decision has been made or substantially influenced by a high-risk AI system. The disclosure must include information about the system's role in the decision and the consumer's right to appeal.

Record Retention

Deployers must retain records of impact assessments, consumer disclosures, and remedial actions for a minimum of three years. Records must be producible upon request by the Colorado Attorney General.

How Pipkin Satisfies SB 205

A Pipkin evaluation produces a structured, quantitative assessment that maps directly to SB 205's annual impact assessment requirement. Each of the five pillars addresses specific statutory obligations, and the resulting documentation satisfies the third-party review option under the law.

Pipkin PillarWeightSB 205 Alignment
Decision Accuracy (DA)25%Documents the accuracy, consistency, and calibration of AI outputs used in consequential decisions. Directly supports the impact assessment requirement to evaluate system reliability.
Failure Containment (FC)25%Evaluates the system's ability to detect errors and limit downstream harm. Addresses SB 205's requirement to assess potential negative impacts on consumers and document mitigation measures.
Boundary Discipline (BD)20%Measures whether the system operates within its intended scope and refuses tasks outside its competence. Maps to SB 205's requirement to document the system's purpose and intended use cases.
Auditability (AU)15%Assesses transparency and explainability of AI outputs. Supports the consumer disclosure obligation by evaluating whether the system can provide meaningful explanations of its decisions.
Adversarial Resistance (AR)15%Tests resilience against manipulation, including prompt injection and data poisoning. Documents security posture as part of the risk assessment required under SB 205.

Who Needs This

SB 205 applies to any organization deploying high-risk AI systems that make or substantially influence consequential decisions affecting Colorado consumers. If your organization uses AI in any of the following areas, SB 205 compliance is mandatory.

Employment

Companies using AI for resume screening, candidate ranking, interview scheduling, performance evaluation, or termination decisions.

Lending and Credit

Financial institutions using AI for credit scoring, loan origination, underwriting, or collections decisions.

Insurance Underwriting

Insurers using AI to assess risk, set premiums, process claims, or make coverage decisions.

Housing

Landlords, property managers, and platforms using AI for tenant screening, rental pricing, or application decisions.

Education

Institutions using AI for admissions decisions, academic assessments, disciplinary actions, or resource allocation.

Pricing

Transparent, fixed-fee pricing. No hourly billing. No scope creep. Every engagement produces a complete, documented assessment.

Standard Evaluation

$3,500

Full Pipkin evaluation across all five pillars. 20 metrics. Published rating with trust badge.

  • 20-metric evaluation across 5 pillars
  • Composite trust score and status tier
  • Published rating report
  • Pipkin trust badge for compliant systems

SB 205 Compliance Package

$5,000

Complete evaluation plus SB 205-specific documentation. Everything needed to satisfy the annual impact assessment requirement.

  • Full 20-metric Pipkin evaluation
  • SB 205 impact assessment documentation
  • NIST AI RMF alignment report
  • Consumer disclosure template
  • 3-year record retention
  • Attorney General response package

Annual Renewal

$2,500

Re-evaluation for organizations with an existing Pipkin rating. Maintains continuous compliance with SB 205's annual review requirement.

  • Updated 20-metric evaluation
  • Year-over-year comparison report
  • Renewed SB 205 documentation
  • Continued 3-year record retention

Schedule a Compliance Consultation

Discuss your SB 205 obligations with a Pipkin compliance specialist. We will assess your AI systems, identify which fall under the law, and outline the path to documented compliance.

Schedule a Compliance Consultation

This page provides general information about Colorado SB 205 and is not legal advice. Organizations should consult qualified legal counsel regarding their specific compliance obligations. Pipkin Ratings LLC provides independent third-party AI assessments and does not provide legal services.