You may have seen the legal bulletins or “alerts” last week — the Colorado Legislature passed a bill (SB 26-189) to repeal and amend its landmark “AI Act,” which was signed by Governor Jared Polis on Thursday.
A lot of my time as Chair of Fredrikson’s AI Practice and a professor of AI and the Law at the University of St. Thomas School of Law is spent observing the themes and trends emerging from lawmakers who are wrestling with the consumer protection, economic, environmental and safety concerns of AI systems. One theme we see emerging here and abroad is the heightened treatment of “automated decision-making technologies.”
What is an ADMT?
In general, an automated decision-making technology (ADMT) is a piece of technology that processes personal information and uses statistical, computational, or algorithmic techniques to produce or generate an output that is used to make, guide, or assist a decision or a determination regarding an individual.
The concept of is not new. The European Union General Data Protection Regulation (GDPR), which came into effect in 2018, deemed the “systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person” as an inherently “high risk” activity requiring a documented explanation of the safeguards and other measures taken to reduce the risks to individuals.
The California Consumer Privacy Act (CCPA), which was signed into law in 2018 and then came into effect in 2020, directed the California Attorney General to issue regulations regarding “a business’ use of automated decision making technology . . . and requiring a business’ response to access requests to include meaningful information about the logic involved in those decision making processes . . ..”
The concept further spilled into specific domains, like employment law. In 2020, the Illinois AI Interview Act became effective, regulating the use of an artificial intelligence program to “evaluate” job applicant video interviews. In 2021, New York City enacted a local law and rule prohibiting the use of “automated employment decision tools” unless the tool has been subject to a bias audit and the employer takes steps to disclose use to affected individuals.
In 2023, the National Association of Insurance Commissioners adopted the “Model Bulletin on the Use of Artificial Intelligence Systems by Insurers,” which reminds insurers of their obligations to ensure that “decisions driven by AI Systems will [not] violate unfair trade practice laws and other applicable existing legal standards” and outlines the governance, risk management and use protocols insurers should be prepared to disclose to the applicable regulatory authority. As of April 2026, 25 states have adopted the model bulletin.
What Is So Special About It Now?
Transparency, access and documentation requirements for ADMTs appears to be the most “passable” AI regulatory concept at the moment.
The original CO AI Act was widely critiqued (including by the Department of Justice) for imposing a “duty of care” on developers and deployers of high-risk AI systems to avoid algorithmic discrimination, including by documenting related risk management and data governance programs. Governor Jared Polis provided Colorado lawmakers strong public support in their efforts to amend the Colorado AI Act to be less burdensome for technology companies and vendors, citing his objectives to ensure Colorado is a “top state for innovation and entrepreneurship.”
What resulted is a streamlined transparency-and-disclosure framework that is far more palatable to industry. Developers must furnish deployers with documentation about their systems' intended uses, data inputs and known limitations, while deployers need to provide consumers with notice that an ADMT is being used and, within 30 days of an adverse outcome, a plain-language explanation of the decision and the consumer's rights. The law further softens its enforcement posture by granting companies a 60-day right to cure violations before the Attorney General may take action — a provision that, notably, sunsets in 2030 — and by creating no private right of action. It is a legal model that prioritizes back-end accountability, rather than front-end risk-mitigation obligations.
This new framework comes on the heels of the CCPA’s implementing regulations regarding ADMTs. The CCPA regulations similarly require appropriate notices but also provide consumers the right to opt out of the use of ADMTs in certain circumstances.
What Does This Mean for My Business?
Many companies have adopted, or are in the process of developing, an internal AI-usage policy. When considering the scope of what is permitted or prohibited, businesses should assess the desires or needs for their teams to leverage ADMTs. We often see human resources personnel, in particular, identifying good business use cases for ADMTs.
If your business will allow ADMTs to be used, then, as part of your AI policy, create a process for receiving, evaluating and approving any use of an ADMT within your organization. Ensure the “approving” body, whether a person or a committee, is educated on, or has the right resources to assess, the legal implications and obligations associated with ADMT usage. Your business may need to establish a governance framework that includes human oversight for the ADMT, so consider who needs to be involved in those conversations before deployment.
Finally, keep watching this space. The trend toward regulating automated decision-making is accelerating, not slowing down. Federal legislation remains a possibility, and additional states are likely to follow Colorado's and California's lead. Businesses that invest in flexible, scalable compliance frameworks today will be far better positioned to absorb new requirements as they emerge.
If you have questions about how these developments affect your organization, or if you need assistance evaluating your ADMT compliance posture, please contact our AI Practice professionals.
Featured Professionals
Professionals
612.492.7216
