On Friday, May 17, 2024, Colorado’s governor signed into law the Colorado AI Act (CAIA), setting the first comprehensive national benchmark for minimum rights and protections for users of healthcare AI. This law, effective February 1, 2026, is a major step for digital health companies building with artificial intelligence, as it aims to enhance transparency and accountability in AI deployment.

Why is CAIA a National Benchmark?

Although CAIA applies only to companies doing business in Colorado, it sets a stringent and comprehensive standard that is likely to influence national practices. Over the next two years, Colorado's legislature and executive agencies will interpret and implement the new law, potentially setting a precedent for other states.

Key Points to Know:

1.     Applicability: CAIA regulates developers and deployers of high-risk AI systems (HRAI Systems) in healthcare. These systems make significant decisions affecting healthcare services or health insurance. While the law excludes AI used for communication or informational purposes, it broadly encompasses algorithmic, generative, predictive, and decision-making AI.

‍

2.     Purpose: The primary aim of CAIA is to prevent algorithmic discrimination, ensuring AI systems do not result in unlawful or differential treatment based on factors such as age, race, gender, and more. Developers and deployers are required to use "reasonable care" to avoid such discrimination.

‍

3.     Developer Requirements: Developers must disclose detailed information about their AI systems, including training data, performance, risks, and mitigation measures. They must also publish a summary of their HRAI Systems and manage risks of algorithmic discrimination.

‍

4.     Deployer Requirements: Deployers must implement a risk management program, conduct annual impact assessments, and provide consumer disclosures about the AI systems in use. They must notify consumers about their rights and provide opportunities to correct or appeal decisions made by AI systems.

‍

5.     Enforcement and Compliance: Violations of CAIA are considered unfair and deceptive trade practices under Colorado’s Consumer Protection Act, with penalties ranging from civil fines to criminal charges. Compliance with CAIA offers a rebuttable presumption of reasonable care, providing some legal protection for developers and deployers.

What Should Developers and Deployers Do Now?

To ensure compliance with CAIA, healthcare AI developers and deployers should start preparing by implementing robust AI governance frameworks. This includes understanding the requirements, documenting processes, and proactively addressing potential risks of algorithmic discrimination. By doing so, companies can foster trust, innovation, and navigate the evolving legal landscape effectively.

For more detailed guidance and assistance with AI compliance, reach out to our experts to help you stay ahead of the curve.

To read more about this law visit - HERE

‍