What is an AI impact assessment?
Answer
An AI impact assessment is a documented evaluation of an AI system's potential risks, including bias, privacy, and safety impacts. Connecticut SB-1103 requires impact assessments before deploying high-risk AI systems. Note: Colorado originally required impact assessments under SB 24-205, but SB 26-189 (signed 2026-05-14) repealed that requirement — Colorado no longer mandates impact assessments and instead requires an ADMT disclosure-and-notice framework.
Applicable Regulations
Colorado AI Act — Automated Decision-Making Technology (SB 26-189, repeal & reenactment of SB 24-205)
On 2026-05-14 Governor Polis signed SB 26-189, which repeals and reenacts the Colorado AI Act (originally SB 24-205). The new law abandons the risk-management / annual-impact-assessment model and replaces it with a disclosure-and-notice framework governing "automated decision-making technology" (ADMT) that makes or substantially influences "consequential decisions" (education, employment, housing, financial services, insurance, healthcare, government services). The statute formally takes effect 2026-08-12 (no safety clause), but all substantive compliance obligations — for both deployers and developers — begin 2027-01-01, which is the operative date for regulated businesses; the Attorney General's implementing rules are also due by 2027-01-01. The AG has stated he will not enforce until the mandatory rulemaking process concludes.
Key Requirements
An Act Concerning Artificial Intelligence, Automated Decision-Making and Personal Data Privacy (Public Act 23-16)
Public Act 23-16 — the enacted form of Connecticut SB-1103 (2023 session). Signed by Governor Ned Lamont on June 7, 2023, making Connecticut among the first states to impose oversight on state agency use of AI. Government-only scope: does NOT directly regulate private-sector AI. Requires state agencies to complete impact assessments before deploying AI systems, publish a public AI inventory, and submit annual reports to the joint standing consumer-protection committee. Sections 1–3 effective July 1, 2023; Section 4 effective October 1, 2023; Section 5 effective upon passage.
Key Requirements
Full State Analysis
Where this lands operationally
Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.
Build Your AI Governance Framework
Use this research to identify the workflow, review points, and operating controls that would matter in your organization.
Build Your AI Governance Framework →Related Questions
- Does Colorado require AI impact assessments? No longer. SB 26-189 (signed 2026-05-14) repealed and reenacted Colorado's AI Act, eliminating the impact-assessment requirement entirely. Colorado now instead requires deployers of automated decision-making technology (ADMT) to: give consumers clear interaction notice, disclose adverse consequential decisions within 30 days, allow correction of incorrect personal data, and provide meaningful human review and reconsideration. The statute formally takes effect 2026-08-12, but all compliance obligations — for deployers and developers alike — begin 2027-01-01.
- What should an AI governance framework include? An AI governance framework should include an AI use policy, an inventory of where AI makes or substantially influences consequential decisions, documentation requirements, incident response procedures, and regular audit mechanisms. Note that Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205) dropped the old impact-assessment and high-risk-classification model in favor of disclosure, consumer-notice, and human-review duties — so a framework should map to those obligations rather than the repealed assessment regime.