Last month, Colorado’s governor reluctantly signed the country’s first broadly applicable AI law, lamenting that it imposes on companies a “complex compliance regime” and urging legislators to improve it before its 2026 effective date. The law targets discrimination from AI use – a narrower focus than the E.U. AI Act, yet Colorado’s obligations will require almost as much effort to satisfy. “Companies will need to put in place this substantial governance and risk assessment process” for one risk, but the work that will entail can then be used to assess a wider set of AI risks, Fox Rothschild partner Odia Kagan told the Cybersecurity Law Report. This article provides key takeaways about the Colorado law’s scope, challenges and significant terms, as well as practical steps that companies can take to address its requirements, with commentary from Kagan and experts at Baker McKenzie, Davis Wright Tremaine and Husch Blackwell. See “AI Governance Strategies for Privacy Pros” (Apr. 17, 2024).