Hael
Sign inRequest a demo
US State AI Laws · Colorado

Colorado ADMT Act vs EU AI Act: a vendor's comparison

Updated 6 July 2026 · 6 min read
Key takeaway
The EU AI Act is a risk-based regime with heavy obligations concentrated on high-risk systems; Colorado's ADMT Act is a disclosure law with light, universal duties on covered decision technology. A vendor selling into both markets can serve both from one governed record: the EU demands the deep artefacts, Colorado demands the consumer-facing behaviours.
  • The EU regulates how AI is built and governed; Colorado regulates what affected people are told and can do.
  • EU human-oversight design and Colorado human-review are the same operational muscle.
  • A vendor governed to EU AI Act depth meets Colorado's duties almost as a by-product.
  • Sequence to the deeper standard first; derive the lighter one.
  • Current as of July 2026. The US state AI landscape is in active motion; these guides track the live position.

Two regimes, two philosophies

The EU AI Act classifies systems by risk and scales obligations accordingly, up to technical documentation, risk management, data governance, human oversight design, and conformity assessment for high-risk systems, with penalties reaching 35 million euro or 7 percent of turnover. Colorado's SB 26-189 skips classification-by-risk almost entirely: if your technology guides consequential decisions about Colorado residents, you owe notice, explanation, human review, correction, and records, whoever you are. Europe regulates how AI is built and governed; Colorado regulates what affected people are told and can do.

Where they overlap, and where one pays for the other

The overlap is real and useful. The EU's human-oversight requirement and Colorado's human-review right are the same operational muscle. The EU's technical documentation contains everything Colorado's developer documentation asks for. The EU's logging obligations produce Colorado's three-year record as a subset. A vendor governed to EU AI Act depth meets Colorado's duties almost as a by-product; the reverse is not true, Colorado readiness leaves nearly all EU work still to do. For sequencing: build once to the deeper standard, derive the lighter one.

Timing, side by side

EU: prohibitions and literacy duties live since February 2025, GPAI duties since August 2025, and under the provisional May 2026 Omnibus agreement, high-risk obligations from 2 December 2027. Colorado: effective 1 January 2027, enforcement currently paused pending litigation and rulemaking. A vendor's honest planning line: EU buyer diligence is already here, Colorado's duties arrive first on paper, and both reward the same underlying discipline.

Key terms

Risk-based regime
A law that scales obligations to the risk of the system, as in the EU AI Act.
Disclosure regime
A law that regulates through notice, explanation, and consumer rights, as in Colorado's ADMT Act.
Human oversight
The EU AI Act design duty whose operational muscle also satisfies Colorado's human-review right.
Technical documentation
The EU high-risk artefact that contains what Colorado asks a developer to hand to a deployer.
Derive once
The sequencing principle of building to the deeper standard first and deriving the lighter one.

References

Related guides

Keep reading on US State AI Laws.

Free check

See where you stand on US State AI Laws, free.

Answer a few questions and get an indicative view of what US State AI Laws expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
US State AI Laws · indicative readiness
HAEL FREE TOOLLIVE
Applicability
Applies to your AI use
MAPPED
What's expected
Risk classification · governance · documentation · oversight
4 PILLARS
Where you stand
Banded result · pointed to the gaps that matter most
SOURCED
Result
On-screen, free · optional PDF
FREE
Effort
Pre-scoped to US State AI Laws
~ 5 MIN
INDICATIVE · NOT LEGAL ADVICE