Artificial Intelligence Legal Roundup: Colorado Postpones Implementation of AI Law as California Finalizes New Employment Discrimination Regulations and Illinois Disclosure Law Set to Take Effect

Seyfarth Synopsis: Colorado has postponed implementation of its landmark AI law until June 2026, following failed negotiations during the Colorado legislature’s special session. Meanwhile, California’s Civil Rights Council has finalized regulations governing employers’ use of AI, that will go into effect on October 1, 2025. These regulations create litigation advantages for discrimination claimants by making bias testing (or the lack thereof) explicitly relevant to employment discrimination claims, and also impose extended recordkeeping requirements for automated-decision system data. California’s Privacy Protection Agency has issued its own regulations regarding “automated decision-making tools” that require opt-out rights and enhanced disclosures when automated technologies replace human decision-making for employment decisions. The other state law regulating AI in employment poised to go into effect soon is from Illinois. Fundamentally, the Illinois statute requires disclosure to employees when employers use AI for employment decisions and goes into effect on January 1, 2026. These divergent state approaches underscore the continued patchwork of AI compliance obligations facing employers and highlight the ongoing tension between state regulatory efforts amidst the deregulatory posture taken by the federal government.

A.   Colorado Postpones Implementation of AI Law Until June 30, 2026

1.   Failed Compromise Negotiations Lead to Postponement of Implementation 

On August 28, 2025, Colorado Governor Jared Polis signed SB 25B-004, a law that delays implementation of Colorado’s landmark AI law until the end of June 2026. We previously wrote about the May 2024 passage of the Colorado AI Act (SB 24-205) and its provisions, and how it was poised to become the nation’s first comprehensive state law attempting to regulate AI systems used in employment, housing, credit, education, and healthcare decisions. However, the law’s implementation has been complicated by industry opposition and concerns raised by Governor Polis that began when he signed the bill into law.

After prior efforts to amend the law failed, in late August, the Colorado legislature held a special session, during which multiple AI related bills were introduced, including Colorado Senate Majority Leader Robert Rodriguez’s “AI Sunshine Act” (SB 4), which would have narrowed the original law while maintaining key consumer protections. The revised bill focused primarily on developer disclosure requirements, and sought to create a framework for joint liability between AI developers and deployers when AI systems were found to have violated existing civil rights laws. 

Majority Leader Rodriguez stated that a tentative agreement had been reached as of August 25, with consumer advocates, labor groups, and some business interests having agreed on a compromise framework. However, technology companies raised specific objections to the bill’s liability provisions.

Faced with the collapse of negotiations and unable to secure passage of substantive reforms, Rodriguez amended the proposed legislation to simply delay the effective date of the original law to June 30, 2026. The delay passed with broad bipartisan support, and the revised legislation was signed by Governor Polis on August 28.

2.   Federal Pressure Against State AI Regulation

Colorado’s delay in implementing its first-of-a-kind comprehensive AI regulatory effort comes in the face of pressure from multiple stakeholders, including the Trump Administration’s efforts to discourage state AI regulation in favor of accelerating American AI development to achieve “global AI dominance.”  As we detailed in our recent update on the federal AI Action Plan, the Administration has directed the Office of Management and Budget to “consider a state’s AI regulatory climate when making funding decisions and limit funding if the state’s AI regulatory regimes may hinder the effectiveness of that funding.”

During negotiations over the “One Big Beautiful Bill” earlier this year, House Republicans initially included legislative language that would have imposed a 10-year moratorium on state and local AI regulation. Had this provision remained in the final legislation, it almost certainly would have prevented Colorado SB 24-205 from being enforced, had it gone into effect. While the moratorium provision was ultimately removed from “One Big Beautiful Bill,” the AI Action Plan’s directive to use federal funding leverage and other strategies to discourage state AI regulatory efforts demonstrates the Administration’s continued commitment to discouraging state-level AI regulation.

3.   What the Colorado Postponement Means for Employers

The postponement of the effective date of Colorado’s AI law gives the Colorado legislature time to revisit the issue when it reconvenes its next regular session.  

For employers, the delay extends rather than resolves uncertainty regarding the use of AI in Colorado and what compliance obligations and other risks may be associated with the use of AI. Absent further action from the Colorado legislature, the requirements of the Colorado AI Act, as passed in 2024, are poised to go into effect at the end of June 2026. These requirements include mandatory impact assessments for high-risk AI systems, disclosure requirements, and other obligations. As we discussed in our initial Management Alert, the original law’s broad definition of “consequential decisions” potentially reaches a wide range of employment practices beyond traditional hiring and firing decisions.

Employers should continue to monitor activity during the upcoming Colorado legislative session, and consider how their current use of AI (and their current and planned risk management practices) align with the law’s requirements.

B.   California Agencies Move Forward With Efforts to Regulate AI

1.   California Civil Rights Council (CCRC) and Regulations Under the California Fair Employment and Housing Act (FEHA).

California regulatory agencies have moved forward with their own regulatory approach to AI in employment. The California Civil Rights Council (CCRC) has received final approval of its regulations addressing employment discrimination related to artificial intelligence, algorithms, and automated-decision systems under the California Fair Employment and Housing Act (FEHA), and these regulations are set to take effect on October 1, 2025.

Fundamentally, the California regulations first clarify that existing employment discrimination laws apply to the use of automated-decision systems, rather than creating entirely new legal obligations. The regulations define “automated-decision system” broadly as “a computational process that makes a decision or facilitates human decision making regarding an employment benefit,” encompassing AI, machine learning, algorithms, statistics, and other data processing techniques used in recruitment, hiring, promotion, and other employment decisions. This definition captures a wide range of AI applications currently used in HR contexts, from resume screening tools to interview analysis software.

The most significant practical impact of the regulations may be their explicit statement that evidence of anti-bias testing or similar proactive efforts (or lack thereof) to avoid unlawful discrimination is “relevant to any such claim or available defense.” The regulations specify that courts and administrative agencies should consider “the quality, efficacy, recency, and scope of such effort, the results of such testing or other effort, and the response to the results” when evaluating discrimination claims involving automated-decision systems. This language appears throughout the regulations, applying to discrimination claims based on race, sex, national origin, disability, age, religion, pregnancy, and other protected characteristics.

The new FEHA regulations do not explicitly require anti-bias testing. However, they create practical pressure on California employers to understand and document what bias testing has been conducted on their AI systems. Employers who cannot demonstrate proactive efforts to identify and address potential bias may find themselves at a disadvantage in defending against discrimination claims, while those who can show robust testing and mitigation efforts may have stronger defenses. The regulations do not mandate any specific testing methodologies, but they make clear that the absence of such efforts will be relevant evidence that can be used against employers.

The regulations also expand the definition of “agent” to include “any person acting on behalf of an employer, directly or indirectly, to exercise a function traditionally exercised by the employer,” explicitly including activities “conducted in whole or in part through the use of an automated decision system.” This expansion clarifies that AI vendors and other third parties implementing automated systems on behalf of employers may themselves be considered employers under FEHA, potentially creating joint liability scenarios between AI developers (i.e., vendors and other service providers) and AI deployers, similar to theories and legislative attempts that have been advanced elsewhere.

Additionally, the new FEHA regulations extend recordkeeping requirements, mandating that employers preserve all “automated-decision system data” for four years rather than the previous two-year requirement. Given the regulations’ extremely broad definition of automated-decision system, and their expansive definition of “automated-decision system data” to include both “any data used in or resulting from the application of an automated-decision system” and “any data used to develop or customize an automated-decision system for use by a particular employer”, this requirement threatens to encompass a vast range of employment-related information that employers may not have previously considered subject to extended retention obligations. This could potentially include everything from raw applicant data processed by AI tools, as well as training datasets used to customize AI tools for specific employers. The broad reach of these recordkeeping requirements could potentially create significant compliance challenges for both AI service providers and employers.

In many respects, the CCRC’s new FEHA regulations may be seen as measures that help strengthen both government enforcement actions and private litigation brought under the FEHA. While the CCRC’s regulations do not create new causes of action, their explicit statement that bias testing evidence is “relevant to any such claim or available defense” will bring this issue front and center in employment discrimination litigation. The regulations’ extended recordkeeping requirements compound litigation exposure by ensuring that significantly more data will be available for civil discovery. The net effect is that the regulations threaten to shift litigation dynamics in favor of claimants asserting that discrimination has occurred.

2.   California Privacy Protection Agency and Automated Decision-Making Tool Regulations

On July 24, 2025, the California Privacy Protection Agency (CPPA) finalized its regulations under the California Consumer Privacy Act regarding automated decision-making technology (or “ADMT”). The CPPA regulations also address cybersecurity audits and risk assessments and must first be approved by California’s Office of Administrative Law (OAL), which has 30 working days to review them.

While the CPPA regulations operate under California’s privacy law framework rather than California’s employment discrimination statutes, they create additional compliance obligations for employers using AI in employment decisions affecting California residents. In addition to the existing requirement of outlining categories of personal information collected and processed in a traditional CCPA “notice at collection,” the CPPA’s proposed new ADMT regulations require businesses to provide opt-out rights and enhanced disclosures if employing any  automated technologies that “replace or substantially replace human decision-making” for “significant decisions” – a category that explicitly includes “employment or independent contracting opportunities or compensation.” The regulations also impose risk assessment requirements when businesses use personal information to train ADMT systems for significant decisions or when using automated processing to infer worker attributes during employment contexts. It is also reasonable to expect that personal information used in ADMT could be implicated in a valid data subject rights request by a California resident under the CCPA and businesses intending to use ADMT for California applicants, customers or personnel should plan accordingly. When these requirements take effect, they will create yet another layer of AI-related compliance obligations for employers operating in California.

3.   Illinois AI Law Set to Take Effect January 1, 2026

The other state law set to take effect soon that explicitly affects employers’ use of AI in employment is Illinois HB 3773, which is poised to become effective on January 1, 2026. As we detailed in our August 2024 Management Alert about the Illinois AI law, HB 3773 requires employers to provide notice to applicants and employees when using AI for employment decisions, prohibits the use of zip codes as proxies for protected classes, and contains an explicit statement that employers may not use AI in ways that subject employees to discrimination.

The Illinois Department of Human Rights (IDHR) has been granted broad rulemaking authority to “adopt any rules necessary for the implementation and enforcement” of the law, including rules on “the circumstances and conditions that require notice, the time period for providing notice, and the means for providing notice.” However, to date, IDHR has not issued any proposed regulations clarifying these disclosure requirements.

The statutory text of the Illinois law’s disclosure requirements is expansive in scope, covering an employer’s use of AI in “recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment.” The statutory language appears to encompass “use” of AI for these purposes, rather than limiting it to only automated decision-making, potentially extending the disclosure requirement to a wider range of AI applications in the employment context. As we await further clarification from the IDHR, Illinois employers should evaluate their existing AI use cases and be prepared to make disclosures regarding their “use” of AI for these identified purposes.

The remaining provisions of the Illinois AI law largely reaffirm existing legal obligations rather than creating entirely new compliance requirements. The law explicitly states that it is unlawful for employers to use AI that has the effect of subjecting employees to discrimination based on protected classes under Illinois law. As we noted in our original analysis, these provisions parallel existing obligations under the Illinois Human Rights Act and reflect the well-accepted concept that existing employment discrimination laws apply to an employer’s use of AI.

We will continue to closely monitor the status of developments in AI regulation and enforcement at the federal level, in Colorado, California, and Illinois, and elsewhere. For additional information, please contact the authors of this alert, a member of Seyfarth’s People Analytics team, or any of Seyfarth’s attorneys.