Which states give consumers the right to appeal AI decisions?

Last verified: May 28, 2026

Answer

Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205) gives consumers meaningful human review and reconsideration after an adverse consequential decision made or substantially influenced by an automated decision-making technology (ADMT). Connecticut SB-1103 similarly provides the right to appeal adverse decisions made by high-risk AI systems and request human review.

Applicable Regulations

SB-26-189

Colorado AI Act — Automated Decision-Making Technology (SB 26-189, repeal & reenactment of SB 24-205)

enacted

On 2026-05-14 Governor Polis signed SB 26-189, which repeals and reenacts the Colorado AI Act (originally SB 24-205). The new law abandons the risk-management / annual-impact-assessment model and replaces it with a disclosure-and-notice framework governing "automated decision-making technology" (ADMT) that makes or substantially influences "consequential decisions" (education, employment, housing, financial services, insurance, healthcare, government services). The statute formally takes effect 2026-08-12 (no safety clause), but all substantive compliance obligations — for both deployers and developers — begin 2027-01-01, which is the operative date for regulated businesses; the Attorney General's implementing rules are also due by 2027-01-01. The AG has stated he will not enforce until the mandatory rulemaking process concludes.

Key Requirements

Interaction Notice Deployers must give clear notice at the point of interaction when a consumer interacts with an automated decision-making technology (ADMT)
Adverse-Outcome Disclosure Provide a plain-language explanation within 30 days of an adverse consequential decision made or substantially influenced by an ADMT
Data Correction Right Allow consumers to request correction of factually incorrect personal data used by the ADMT
Meaningful Human Review Provide meaningful human review and reconsideration after an adverse consequential decision
Developer Documentation Developers must supply technical documentation (intended uses, known harmful uses, training-data categories, known limitations and risks, and instructions enabling meaningful human review), notify deployers of material updates, and retain compliance records for 3+ years. Like all duties under the act, these obligations begin 2027-01-01
Effective: 2027-01-01 Penalties: Enforced exclusively by the Colorado Attorney General; violations are treated as deceptive trade practices under the Colorado Consumer Protection Act. Before enforcement the AG must give 60 days' written notice and an opportunity to cure; this cure right sunsets 2030-01-01, after which enforcement may be immediate. The AG has stated no enforcement will occur until the mandatory rulemaking process concludes.
SB-1103

An Act Concerning Artificial Intelligence, Automated Decision-Making and Personal Data Privacy (Public Act 23-16)

enacted

Public Act 23-16 — the enacted form of Connecticut SB-1103 (2023 session). Signed by Governor Ned Lamont on June 7, 2023, making Connecticut among the first states to impose oversight on state agency use of AI. Government-only scope: does NOT directly regulate private-sector AI. Requires state agencies to complete impact assessments before deploying AI systems, publish a public AI inventory, and submit annual reports to the joint standing consumer-protection committee. Sections 1–3 effective July 1, 2023; Section 4 effective October 1, 2023; Section 5 effective upon passage.

Key Requirements

State Agency AI Impact Assessments State agencies may not employ AI systems that have not undergone impact assessments or that result in unlawful discrimination or disparate impact against specified individuals or groups
Public AI Inventory All inventory reports detailing AI systems used by state agencies and the Judicial Department must be publicly accessible online, with the Department of Administrative Services making its inventories available on the state's open data site
Annual Consumer-Protection Report Annual report to the joint standing committee on consumer protection, due February 15 beginning 2025 and annually thereafter
Effective: 2023-07-01 Penalties: Oversight and enforcement through legislative reporting requirements. Agencies failing to comply face ongoing reporting obligations to the Connecticut General Assembly.

Full State Analysis

Colorado AI Regulations Connecticut AI Regulations

Where this lands operationally

Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.

Governed AI DeploymentRun AI inside real work with audit trails, human review points, and the operating controls underwriters and regulators expect.Managed Intake & QualificationCapture, qualify, and route incoming work with disclosure, consent, and human review built into the intake step.

Map This Workflow With Gridex

Use this research to identify the workflow, review points, and operating controls that would matter in your organization.

Map This Workflow With Gridex

Related Questions

  • Does the Colorado AI Act give consumers appeal rights? Yes, under Colorado's AI Act as reenacted by SB 26-189 (obligations begin 2027-01-01). When an ADMT makes or substantially influences an adverse consequential decision, the deployer must provide meaningful human review and reconsideration — and must disclose the adverse outcome to the consumer within 30 days in plain language. The prior 'high-risk AI system' and formal appeal-process-posting requirement from SB 24-205 are gone; the replacement is the human-review and timely-disclosure duty.
  • What are Connecticut's high-risk AI system requirements? Connecticut does not currently impose high-risk AI system requirements on private-sector businesses. Connecticut's enacted AI law — SB-1103 / Public Act 23-16 (signed June 7, 2023, effective July 1, 2023) — regulates state agencies only: it requires agencies to complete AI impact assessments before deployment, maintain publicly-accessible AI inventories (including vendor, purpose, start date, and the extent to which the system replaces human judgment), and submit annual reports to the Connecticut General Assembly's joint consumer-protection committee. Private-sector firms are not covered. Senator James Maroney has repeatedly introduced a comprehensive high-risk AI deployer bill (SB-2) in the 2024 and 2025 sessions — modeled on Colorado SB-24-205, with risk assessments, governance policies, and incident reporting — but SB-2 passed the Senate and died in the House both sessions. Until a successor bill is enacted, Connecticut businesses should look to federal rules, sector-specific guidance (e.g., for insurance or healthcare), and neighboring-state law (e.g., Colorado's AI Act, SB 26-189, whose obligations begin January 1, 2027, which uses a disclosure-and-notice model rather than a high-risk assessment framework) when designing AI governance programs.
Disclaimer: This content is provided for informational purposes only and does not constitute legal advice. AI regulations and insurance policy terms change frequently. Consult with a qualified attorney or insurance professional for advice specific to your situation. Gridex makes no warranties regarding the accuracy or completeness of this information.