Privacy for Everyone! New FAR Rule Imposes Mandatory Training Requirements for Employees Handling PII

Colorado’s original AI Act (SB 24-205), signed in May 2024, imposed broad obligations on developers and deployers of “high-risk AI systems” — including requiring risk management programs, impact assessments, and affirmative steps to prevent algorithmic discrimination across employment, housing, lending, insurance, health care, and education decisions. The operative date for SB 24-205 was extended twice, and a court temporarily suspended enforcement in early 2026, following a lawsuit filed by xAI, which the U.S. Department of Justice (DOJ) intervened to support. Industry feedback on SB 24-205 was generally negative. In response to this environment, Colorado’s legislature undertook a rewrite, drafting and passing SB 26-189 in a matter of weeks. SB 26-189 reflects the legislature’s effort to preserve the policy goal of filling the AI oversight vacuum given the lack of a comprehensive federal law, but within a more workable compliance framework....