What the freeze of Colorado’s AI hiring law really changes
A federal district court in Colorado has temporarily blocked enforcement of the state’s artificial intelligence hiring statute, but the compliance challenge for employers has not disappeared. On October 11, 2024, in Rocky Mountain Association of Recruiters v. Weiser, No. 1:24-cv-02597 (D. Colo.), the U.S. District Court for the District of Colorado issued a preliminary injunction preventing the Colorado Attorney General from enforcing key portions of Senate Bill 24-205. The statute, however, still exists on the books and continues to shape expectations for employers that use high-risk artificial intelligence tools in employment decisions. For HR leaders focused on employee retention and a safe and inclusive environment, the pause simply shifts the legal risk calculus rather than eliminating foreseeable risks.
Executive summary for CHROs: (1) Treat Colorado’s law as a preview of emerging AI hiring regulation, not a one-off anomaly; (2) immediately inventory all high-risk AI systems that influence hiring, promotion, or termination and conduct at least a baseline impact assessment; and (3) update vendor contracts and internal governance so you can demonstrate reasonable care in preventing algorithmic discrimination and protecting workplace safety across jurisdictions.
SB 24-205 regulates “high-risk” AI systems that make or substantially influence consequential employment decisions, such as hiring, promotion, or termination. Among other things, it requires developers and deployers to conduct impact assessments, implement data protection and governance controls, provide notices to individuals about AI-driven consequential decisions, and disclose when adverse actions are materially influenced by automated tools. The court’s order, available in the preliminary injunction docket, means the Colorado Attorney General cannot currently enforce these detailed regulations, including the statute’s requirements for risk management programs, documentation of training data, and mechanisms for individuals to contest AI-influenced outcomes. The text of SB 24-205 remains in effect, but Sections 6–8, which cover deployer duties, impact assessments, and notice and appeal rights for individuals affected by high-risk AI systems, are enjoined from enforcement while the litigation proceeds. Yet multi-state employers operating in Colorado must still align their employment law strategies with a rapidly evolving patchwork that includes Illinois HB 3773, the Texas TRAIGA framework, and New York City’s Local Law 144 on algorithmic discrimination in hiring. In practice, compliance now depends less on one state statute and more on whether each developer and deployer can show reasonable care in preventing discrimination and managing high-risk systems across jurisdictions.
For CHROs, the key shift is from short-term legal box-checking to long-term risk management that protects both candidates and existing teams from algorithmic discrimination and unsafe workplace dynamics. Even without active enforcement of SB 24-205, any AI-driven system used for screening, ranking, or promotion remains subject to federal employment law on disparate impact and bias, including Title VII of the Civil Rights Act. That means every developer–deployer relationship, every impact assessment, and every flow of data must be evaluated for reasonably foreseeable harms to inclusion, psychological safety, and employee loyalty.
Why HR cannot relax on AI governance, bias, and workplace safety
Suspension of enforcement in Colorado does not erase the high-risk profile of AI tools that influence hiring, promotion, or termination, especially where those tools shape consequential decision outcomes for marginalized groups. Employers that rely on artificial intelligence for résumé screening, video interview scoring, or internal mobility recommendations still face foreseeable risks of algorithmic discrimination that can undermine both legal compliance and employee retention. In a tight labor market, a single flawed risk system can quietly erode trust, damage perceptions of a safe and inclusive environment, and accelerate unwanted turnover among underrepresented talent.
Multi-state employers must therefore treat Colorado’s AI hiring requirements as one part of a broader employment law and data protection strategy, not a narrow Colorado-only issue. Illinois and Texas already regulate high-risk AI in employment decisions, while New York City requires bias audits and transparency notices for automated employment decision-making systems. HR teams that operate across house- and senate-driven regimes need a unified framework for impact assessments, risk management, and reasonable care that can withstand scrutiny from regulators, plaintiffs’ attorneys, and internal employee relations investigations.
Practically, that means building governance that treats every artificial intelligence system used in HR as a potential high-risk system requiring structured impact assessment and mitigation. One global technology company, for example, now requires annual third-party bias audits for all candidate-screening algorithms and publishes a plain-language summary of findings to internal stakeholders. Bias audits, transparency notices, and clear explanations of AI-supported decision making should be standard practice, not just a response to one senate bill in Colorado. To support psychological safety and prevent harassment in the workplace, HR leaders can align AI governance with existing safe workplace programs, using resources such as this guide on how to proactively prevent harassment in the workplace to ensure that AI-enabled monitoring or reporting tools do not create new discrimination or privacy risks.
Building a durable AI compliance roadmap that protects retention and inclusion
For CHROs, the most resilient response to the current AI hiring law landscape is to design a cross-functional operating model that treats AI in HR as a continuous risk management program. Start by mapping every artificial intelligence tool that touches employment decisions, from sourcing algorithms to internal promotion recommendation engines, and classify each as a high-risk system or lower-risk system based on reasonably foreseeable impacts on candidates and employees. Then require formal impact assessments for all high-risk systems, documenting foreseeable risks, mitigation steps, and how developers and deployers will share responsibility for data protection, monitoring, and remediation.
To make those assessments actionable, HR teams can use a simple, one-page template that can be copied into internal documentation:
AI Impact Assessment Template (HR Use)
- System overview: Name of AI tool; vendor or internal owner; purpose; employment decisions it influences (e.g., screening, ranking, promotion).
- Affected populations: Roles, locations, and demographic groups impacted; potential disparate impact on protected classes; foreseeable effects on inclusion and psychological safety.
- Data and model inputs: Training data sources; key features used; known data gaps or quality issues; documentation of training data and model limitations.
- Testing and results: Methods used to test for bias and accuracy; summary of outcomes by relevant groups; identified risks of algorithmic discrimination or unsafe workplace dynamics.
- Mitigation and monitoring: Specific mitigation measures; monitoring cadence; escalation paths; how individuals will be notified of AI-influenced decisions and how they can contest or appeal outcomes.
Next, embed reasonable care into contracts and workflows with AI vendors through a focused checklist: require clear documentation of model purpose and limitations, audit rights and access to performance metrics, commitments to bias testing and remediation, data protection and retention standards, and obligations to notify you of material model changes. One concrete clause HR and Legal can adapt is: “Vendor shall conduct and document periodic bias and disparate impact testing of the AI system at least annually and after any material model change, shall provide Customer with a written summary of testing methodology and results upon request, and shall promptly implement and document reasonable remediation measures where material discriminatory effects are identified.” HR, Legal, and IT should jointly define standards for documentation, including when an impact assessment must be refreshed and how consequential decision logic will be explained to affected individuals. This governance should extend beyond hiring into promotion, performance management, and internal mobility, where opaque intelligence-driven scoring can quietly shape culture, inclusion, and long-term employee outcomes.
Finally, connect AI governance to your safe and inclusive environment strategy by involving employee resource groups, health and safety committees, and frontline managers in testing and feedback. One practical approach is to pilot new AI tools with a small, diverse group of employees, gather structured feedback on fairness and clarity, and adjust configuration or usage policies before full rollout. Transparent communication about how artificial intelligence supports decision making, how foreseeable risks are managed, and how employees can challenge or appeal AI-influenced outcomes is essential for trust and retention. To deepen this work, HR leaders can draw on research about culture and engagement, such as the analysis of why culture often fails to translate into engagement, and refine hiring and promotion practices using structured approaches like these diversity interview questions for employee retention so that AI systems reinforce, rather than undermine, inclusive employment practices.