← Back to Blog

Colorado Just Rewrote Its AI Law. Your Agents Still Can't Prove Who They Are.

Casey Handler·

On Monday, Colorado Governor Jared Polis endorsed a unanimous framework to rewrite the state's landmark AI decision-bias law. The original SB 24-205, signed in 2024, was the most sweeping AI regulation in the country. Critics said it was unworkable. The governor's working group agreed, and just proposed stripping the audit requirements while doubling down on transparency: if an AI system helps make a consequential decision about a person, that person has the right to know what data went in, correct errors, and request human review.

Colorado isn't alone. Texas's Responsible AI Governance Act (TRAIGA) took effect January 1. California's SB 53 was signed into law last September. Three major states, three different approaches, one common thread: if your AI is making decisions that affect people's lives, you need to prove what happened, who authorized it, and how.

Here's the part nobody's talking about: most AI agent deployments can't do any of that.

The AI Transparency Trap: What Colorado's Rewrite Keeps

Colorado's rewrite is interesting because of what it keeps. Governor Polis cut the bias audit requirements that had enterprise legal teams in full panic mode. But the transparency requirements survived almost intact. If you use AI to help with hiring, lending, housing, education, insurance, or "other consequential decisions," you must:

  • Tell people upfront that AI is involved
  • Disclose the types of data the system used
  • Let people correct inaccurate personal information
  • Offer human review "to the extent commercially reasonable"

That last phrase is doing a lot of work. "Commercially reasonable" is the kind of language that sounds flexible until you're in a courtroom. And the enforcement mechanism — the Colorado Attorney General operating under the Consumer Protection Act — has real teeth.

Here's the compliance question nobody's asking: when your AI agent pulls data from three different services, processes it through an LLM, and surfaces a recommendation to a human reviewer — can you actually reconstruct that chain? Can you show which agent accessed which data, with what permissions, on whose authority?

If your agent authenticates with an API key stored in an environment variable, the honest answer is no.

State AI Regulation in 2026: Three Laws, One Problem

The regulatory fragmentation is real and accelerating. Colorado focuses on "consequential decisions" with transparency obligations. Texas's TRAIGA takes an intent-based approach and primarily targets government use of AI, but its definitions are broad enough to catch enterprise deployments. California's SB 53 — signed into law by Governor Newsom in September 2025 — imposes its own requirements around frontier model safety and disclosure.

What all three share: the assumption that someone — the deployer, the developer, or both — can explain what their AI did and why. Every law assumes you have an audit trail.

This is where the gap between how agents actually work and how regulators think they work becomes dangerous. Regulators imagine structured systems with clear decision boundaries. What actually exists in most deployments: an LLM with tool access, a handful of API keys, and a prayer that the token rotation script ran last Tuesday.

The Colorado framework specifically distinguishes between "developers" (companies that build AI systems) and "deployers" (companies that use them to make decisions). If you're building agent tooling, you're the developer. Your customers are the deployers. And when regulators come knocking on your customers' doors asking for audit trails, those customers are going to turn around and ask you: where's the documentation?

AI Agent Compliance Requirements Under State Law

Strip away the legal language and every state AI law is asking the same four questions:

  1. Who authorized this agent to act? Not "which team deployed it." Which specific human consented to this agent accessing this data for this purpose?
  2. What permissions does it have? Can you show scoped, bounded access — or does your agent have the same permissions as the service account that set it up?
  3. What did it do? Is there an immutable log of which APIs were called, what data was accessed, and what was returned?
  4. Can you revoke access? If something goes wrong, can you kill the agent's permissions instantly — or are you rotating a shared API key across forty services?

These aren't hypothetical requirements. They're the operational translation of "transparency" and "reasonable care" from the actual statute text. And they map almost perfectly to the properties of proper delegated OAuth: user consent, scoped tokens, audit trails, instant revocation.

The irony is that the web solved this problem fifteen years ago. When you connect a third-party app to your Google account, there's a consent screen, scoped permissions, and a revocation dashboard. You can see exactly which apps have access and yank any of them instantly. Somehow, AI agents — which handle far more sensitive operations — regressed to static credentials and shared secrets.

Federal AI Policy vs. State Regulation: The Wildcard

There's one more dimension worth watching. President Trump's December executive order explicitly called for limiting states' ability to regulate AI, even threatening to challenge specific state laws in court and restrict federal funding to states with aggressive AI regulation. Governor Polis's rewrite may partly be a response to that pressure — dialing back audit requirements while keeping transparency obligations that are harder to characterize as "burdensome."

But regardless of where the federal-state tension lands, the direction is clear. Whether it's state AGs enforcing transparency laws or federal agencies implementing NIST's AI Agent Standards Initiative, the compliance surface is expanding. Teams that can demonstrate user-consented, scoped, auditable agent access will be on the right side of every regulatory framework that's currently in motion.

AI Agent Compliance Checklist: What to Do Now

Audit your agent auth. If any agent in your stack touches decisions about hiring, lending, housing, education, insurance, or healthcare — and that agent authenticates with anything other than scoped, delegated OAuth — you have a gap. Not a theoretical gap. A gap that Colorado's AG can fine you for starting in 2027.

Build the audit trail before you need it. The worst time to implement logging is when a regulator asks for records. Every agent action should be traceable to a specific user consent, with scoped permissions, timestamps, and the ability to reconstruct the full decision chain.

Think multi-state. If you operate in Colorado, Texas, and California — which describes most SaaS companies — you're juggling three different compliance regimes. The common denominator across all of them is provable agent identity and auditable access patterns. Solve that once, and you're covered everywhere.

We built TapAuth because agents need the same trust infrastructure that web apps got a decade ago. One API call to create a grant. User consent as the gate. Scoped, time-limited tokens with full audit trails. When regulators ask your customers how their AI agents access sensitive data, the answer should be boring: "The same way every other OAuth integration works — with user consent, scoped permissions, and complete audit logs."

Colorado just rewrote the rules. Texas already enforced theirs. California is next. The compliance clock is ticking, and it's measuring in months, not years. If your agents can't prove who they are and what they're authorized to do, the time to fix that was yesterday.