From high risk AI to covered ADMT in Colorado hiring
Colorado’s AI hiring law SB 26-189, formally titled the Colorado Artificial Intelligence and Employment Act, narrows the earlier statewide experiment while keeping real teeth for employers using automated assessment tools. The new bill shifts the focus from broad “high risk” artificial intelligence systems to a tighter category of covered automated decision making technology, or covered ADMT, that is used for employment screening, ranking, and selection. For talent leaders, that means every automated decision or scoring model that can materially influence a hiring decision now sits inside a defined compliance framework with explicit duties for developers and deployers, as set out in SB 26-189 and any implementing rules issued by the Colorado attorney general.
Under SB 26-189, a consequential decision in employment includes any automated decision that can generate an adverse outcome for a candidate, such as rejection after résumé screening or elimination after an online test. These consequential decisions are treated as consequential in the law because they affect access to work, income, and long term business labor opportunities, and they are explicitly covered when artificial intelligence or other automated decision making technology is used to evaluate personal data. The statutory text and bill summaries from the Colorado General Assembly make clear that developers and deployers of labor technology, and the employers who act as each developer deployer, must ensure meaningful human oversight and human review before final decisions are made and documented, with civil penalties for violations enforceable by the attorney general under the Colorado Consumer Protection Act.
The Colorado AI hiring law SB 26-189 requires a notice framework that is more targeted than the earlier act but still demanding for covered employers. Before using any covered ADMT in hiring, organizations must provide a transparency notice that explains the technology, the type of automated decision being made, and how the system may materially influence the outcome for candidates. At a minimum, that notice should identify the role of the tool, the categories of personal data analyzed, the existence of any profiling or scoring, and a point of contact for questions or complaints. After any adverse outcome, candidates must receive an outcome disclosure that explains the role of artificial intelligence in the decision making process, identifies the date of the consequential decision, and informs them of their rights to request human review and correction of inaccurate personal data within timelines set by internal policy and Colorado attorney general guidance, which is expected to specify response windows measured in days rather than weeks.
What changes for assessment tools, rankings, and human review
For assessment tools embedded in applicant tracking systems like Greenhouse, Lever, or Workday, the Colorado AI hiring law SB 26-189 draws a bright line around covered ADMT used in consequential decisions. If a scoring model, video interview rating engine, or automated decision workflow can materially influence who advances, that technology is now regulated as covered ADMT under the bill. Employers must map every such system across the hiring funnel, from résumé parsing to interview scheduling, and determine where artificial intelligence or other automated decision making technology is driving decisions rather than merely assisting recruiters with recommendations or workflow automation, documenting those determinations in an internal AI system inventory.
SB 26-189 requires that any adverse outcome generated by covered ADMT be open to human review, which changes how assessment tools are configured and audited. A meaningful human must be able to override an automated decision, and that human review must be more than a rubber stamp, with access to the underlying personal data and the logic of the automated decision where feasible. In practice, this means defining who can reopen a rejected application, how quickly a review must occur after a candidate request, and what evidence must be captured when a reviewer changes or upholds an adverse outcome. Many employers are setting internal service levels, such as acknowledging a review request within five business days and completing the reassessment within thirty days, to align with anticipated attorney general guidance and demonstrate good faith compliance.
Record keeping also tightens under the new law, as employers must retain documentation of covered ADMT use, consequential decision logs, and outcome disclosure communications for several years. A practical approach is to log each adverse outcome with the date, the covered ADMT used, the stage of the hiring process, the reason code, and whether a human review was requested or completed. That means every transparency notice, every adverse outcome explanation, and every correction request tied to personal data must be stored in a system that can be audited by the attorney general, consistent with retention periods set in SB 26-189 and any implementing rules. A simple operational checklist helps: keep logs for at least three to five years, record the identity of the reviewer, capture the final decision and rationale, and flag any changes to personal data so that downstream systems and vendors update their records.
Multi state AI governance and practical playbook for TA leaders
Colorado’s shift to the Colorado AI hiring law SB 26-189 arrives as New York City’s Local Law 144, Illinois HB 3773, and emerging European rules all tighten expectations for automated decision making in employment. While SB 26-189 removes a private right of action, it centralizes enforcement with the Colorado attorney general, which should focus employer attention on consistent documentation rather than litigation risk alone. A multi state framework now needs to track where each law applies, which assessment tools qualify as covered ADMT, and how transparency notice and outcome disclosure obligations differ across jurisdictions, including any specific timelines for responding to candidate requests or correcting inaccurate data, as well as the range of civil penalties that can be imposed for noncompliance.
For practical implementation, talent leaders should start with a full inventory of automated decision systems that materially influence hiring outcomes, including any artificial intelligence used for ranking, scoring, or rejection. Each system should be tagged as a covered ADMT or a supporting tool, with clear documentation of whether it can generate a consequential decision or contribute to an adverse outcome for candidates. From there, build a standard notice framework, define a single workflow for candidate correction requests and human review, and run a record retention audit that aligns with SB 26-189 while also supporting other regions where business labor operations rely on similar labor technology. A simple internal checklist can help: confirm whether the tool is covered ADMT, verify that a transparency notice exists, ensure outcome disclosures are triggered after adverse decisions, and check that logs, reviews, and corrections are captured in one auditable system with clear retention dates.
Organizations that want candidates to apply for a job with confidence in a complex hiring world will need to explain how automated decision tools are used, not just that they exist. Linking assessment design to a transparent candidate journey, as explored in work on how candidate assessments are transforming the hiring experience for employers and candidates, can turn compliance into a trust advantage. The core shift is simple but demanding; not time to fill, but quality of hire at twelve months, backed by accountable decision making, meaningful human oversight, and a defensible record every time artificial intelligence touches personal data in employment decisions, from initial screening through final offer or rejection, in Colorado and across other jurisdictions moving toward similar AI governance standards.