Three-State AI Compliance Collision: Colorado, Connecticut, California Face Summer Deadlines

By Hector Herrera | May 13, 2026 | Legal

Three of the largest U.S. state economies are converging on AI compliance deadlines this summer, and the requirements do not align. Colorado's AI Act takes effect June 30, 2026. Connecticut's SB 5 — the most comprehensive state AI bill yet — is advancing toward the governor's desk. California is pursuing updated legislation after earlier setbacks. For companies operating across these states, the result is a patchwork of overlapping and potentially incompatible requirements with no federal preemption to simplify the picture.

Colorado: June 30 Is Real

Colorado's AI Act is not a future obligation. According to analysis from Kelley Drye & Warren, the law imposes three categories of requirements on businesses deploying AI in consequential decision-making:

1. Algorithmic discrimination protections — AI systems used to make or substantially assist in consequential decisions (employment, housing, financial services, healthcare) must not produce discriminatory outcomes based on protected characteristics
2. Risk management programs — companies must implement documented processes for identifying, testing, and mitigating AI risks before deployment
3. Consumer notification and impact assessments — consumers facing AI-driven decisions in covered categories must be informed, and companies must conduct impact assessments for high-risk AI applications

The law applies to both developers and deployers of AI systems, which creates liability allocation questions in enterprise software contracts — a legal question the industry is actively working to resolve.

June 30 is six weeks out. Companies that have not begun compliance programs are already behind.

Connecticut: The Most Comprehensive Bill Yet

Connecticut's SB 5 covers more ground than Colorado's law and reflects the rapid evolution of state AI legislation over the past 18 months. The bill addresses four distinct categories:

Employment AI: Automated decision systems used in hiring, promotion, and termination decisions must meet transparency and fairness requirements. Employers must be able to explain how AI-influenced decisions were made.

Chatbot safety and disclosure: AI systems designed to interact conversationally with consumers must disclose their AI nature in certain contexts, with specific provisions for chatbots interacting with minors.

Synthetic content labeling: Content generated by AI — images, audio, video — must be labeled when used in certain contexts, particularly political advertising and commercial content.

Anti-discrimination: SB 5 establishes enforcement mechanisms and a private right of action for consumers who can demonstrate harm from discriminatory AI outcomes.

SB 5 has passed the Connecticut legislature and is moving toward the governor's desk. If signed, it takes effect on a timeline that puts some provisions into force before the end of 2026.

California: The Third Wave

California's AI regulatory story is complicated by the veto of SB 1047 in 2024, which was the most ambitious state AI safety bill attempted. The state legislature has continued pursuing AI regulation, focusing on more targeted interventions rather than the broad frontier AI safety framework that SB 1047 represented.

Current California legislative activity includes transparency requirements for AI used in employment decisions, regulations on AI-generated content in political contexts, and updated consumer privacy rules addressing AI-driven profiling. None of these carry the same headline reach as SB 1047, but their practical compliance burden for California-operating companies is real.

The Incompatibility Problem

The three states' requirements share a general direction — protect consumers from discriminatory AI, require transparency, mandate risk management — but they are not harmonized. A company that builds compliance programs for Colorado's June 30 deadline may find that Connecticut's definitions of "consequential decision" or "high-risk AI" are different enough to require a separate compliance architecture.

This is the core problem with state-by-state AI regulation: without federal preemption, each state's requirements become an independent compliance workstream. A multistate employer using AI in hiring decisions needs to track separate requirements in Colorado, Connecticut, California, New York (which has its own automated employment decision tool rules), Illinois, and others. The cumulative compliance burden scales faster than individual laws suggest.

What Legal Teams Should Do Now

For companies with operations in any of these states, the immediate priority is:

• Inventory AI deployments — catalog every system that touches consequential decisions affecting consumers or employees in covered states
• Map to each state's definitions — the same system may be "high-risk AI" under Connecticut's definition and "consequential decision AI" under Colorado's, with different procedural requirements for each
• Audit vendor contracts — understand whether AI vendors have compliance representations, indemnification provisions, and audit rights that support your obligations as a deployer

The absence of federal preemption means this complexity is structural, not temporary. A federal framework could simplify the picture, but nothing is moving through Congress at a pace that would arrive before the summer deadlines.

What to Watch

Watch whether the Colorado Attorney General exercises enforcement authority in the weeks immediately following June 30 — the tone of early enforcement will calibrate how seriously other regulated entities treat compliance. Connecticut's governor's signature is the next near-term milestone, and the effective date provisions in SB 5 will determine how much runway companies have for the more operationally complex requirements.