By State / Colorado
Colorado AI Vendor Governance
AI vendors evaluated against Colorado's amended AI law — original SB 24-205 was repealed and replaced by SB 26-189 (signed May 2026, effective January 1, 2027), which narrows the law to a transparency / disclosure regime for automated decision systems and drops the prior risk-management programs, impact assessments, and duty of care.
Colorado — vendors with explicit state engagement, ranked by 4 state-relevant governance axes.
Why this state view
Colorado's original SB 24-205 was repealed and replaced by SB 26-189 (signed May 2026, effective January 2027), which narrows the law to a transparency / disclosure regime for automated decision systems and drops the prior risk-management programs, impact assessments, and duty of care. Vendors serving Colorado customers should map their automated-decision disclosure posture to the amended law; NIST AI RMF and ISO/IEC 42001 remain the load-bearing anchors for vendor-side governance evidence.
Primary frameworks anchored
- NIST AI RMF 1.0 (de-facto procurement anchor)
- ISO/IEC 42001 (certifiable AI management system)
- Colorado SB 26-189 (amended AI law — repealed and replaced SB 24-205; transparency/disclosure, effective Jan 1, 2027)
- Colorado Consumer Protection Act
State-relevant scoring axes
Columns marked with an accent dot in the scorecard below are the axes most relevant to Colorado's regulatory frame. The state-relevance ranking in this view averages vendor performance across these axes only.
- Colorado AI Act readiness
- NIST AI RMF self-attestation
- BAA / DPA available
- Subprocessor list public
| # | Vendor | CO Rel. | Score | Grade | •BAA | Opt-out | US Res | SOC 2 | ISO 42001 | •NIST AI | •CO AI | §1557 | SR 11-7 | ABA 512 | •Subproc | TC |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Abridge | 75(4/4) | 87 | A | Yes | Yes | Yes | Yes | Partial | Partial | Partial | Yes | N/A | N/A | Yes | 5/5 |
| 2 | Thomson Reuters CoCounsel | 75(4/4) | 80 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | N/A | Yes | Yes | 4/5 |
| 3 | FICO Falcon Fraud Manager + FICO Score AI | 75(4/4) | 80 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Yes | 4/5 |
| 4 | Microsoft 365 Copilot | 75(4/4) | 75 | B | Yes | Yes | Yes | Yes | Partial | Partial | Partial | Partial | Partial | Partial | Yes | 5/5 |
| 5 | Suki AI | 75(4/4) | 72 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | Partial | N/A | N/A | Yes | 4/5 |
| 6 | Lexis+ AI | 63(4/4) | 76 | B | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | Yes | Yes | 4/5 |
| 7 | Westlaw Precision AI | 63(4/4) | 76 | B | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | Yes | Yes | 4/5 |
| 8 | Harvey | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | N/A | Yes | Partial | 3/5 |
| 9 | Zest AI | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Partial | 3/5 |
| 10 | Upstart | 63(4/4) | 74 | B | Yes | Yes | Yes | Yes | No | Partial | Partial | N/A | Yes | N/A | Partial | 3/5 |
| 11 | Nuance DAX Copilot (Microsoft) | 63(4/4) | 70 | B | Yes | Yes | Yes | Yes | No | Partial | No | Partial | N/A | N/A | Yes | 5/5 |
| 12 | Salesforce Einstein / Agentforce | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | Partial | Partial | N/A | Yes | 5/5 |
| 13 | Glean | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 14 | Arctic Wolf | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 15 | Huntress | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 16 | eSentire | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 17 | Sophos | 63(4/4) | 69 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 18 | Unit21 | 63(4/4) | 68 | C | Yes | Yes | Yes | Yes | No | Partial | No | N/A | Partial | N/A | Yes | 4/5 |
| 19 | Ironclad AI | 50(4/4) | 63 | C | Yes | Yes | Yes | Yes | No | No | No | N/A | N/A | Partial | Yes | 4/5 |
| 20 | Anthropic Claude | 50(4/4) | 58 | C | Partial | Yes | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 21 | Google Gemini for Workspace | 50(4/4) | 58 | C | Partial | Partial | Yes | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 22 | OpenAI ChatGPT & API | 50(4/4) | 53 | D | Partial | Partial | Partial | Yes | No | Partial | No | N/A | N/A | N/A | Yes | 4/5 |
| 23 | Hummingbird | 38(4/4) | 56 | C | Yes | Yes | Yes | Yes | No | No | No | N/A | Partial | N/A | Partial | 3/5 |
| 24 | ConnectWise | 38(4/4) | 50 | D | Partial | Yes | Partial | Yes | No | No | No | N/A | N/A | N/A | Yes | 3/5 |
| 25 | Spellbook | 38(4/4) | 45 | D | Yes | Yes | Partial | Partial | No | No | No | N/A | N/A | Partial | Partial | 2/5 |
| 26 | Heidi Health | 38(4/4) | 45 | D | Yes | Yes | Partial | Partial | No | No | No | Partial | N/A | N/A | Partial | 2/5 |
| 27 | Notion AI | 25(4/4) | 33 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Yes | 3/5 |
| 28 | Otter.ai | 13(4/4) | 25 | F | No | Partial | No | Yes | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
| 29 | Perplexity AI | 13(4/4) | 19 | F | No | Partial | No | Partial | No | No | No | N/A | N/A | N/A | Partial | 2/5 |
| 30 | Meta Llama | 0(4/4) | 25 | F | No | Yes | Yes | No | No | No | No | N/A | N/A | N/A | No | 2/5 |
How vendors score on Colorado's relevant axes
Yes / partial counts across the full 30-vendor pool, restricted to axes relevant to Colorado's regulatory frame. N/A axes are excluded from the applicable denominator.
CO AI
Colorado AI Act readiness
NIST AI
NIST AI RMF self-attestation
BAA
BAA / DPA available
Subproc
Subprocessor list public
Top 3 vendors on the Colorado-relevant axis subset
Abridge
ACO 75/100Composite 87Ambient clinical AI documentation. Clinician-experience design, citation-grounded notes, and EHR integration (notably Epic) are the differentiators.
Thomson Reuters CoCounsel
BCO 75/100Composite 80Legal AI assistant from Thomson Reuters (parent of Westlaw and Practical Law). Acquired Casetext in 2023. Integrated with Westlaw and Practical Law content.
FICO Falcon Fraud Manager + FICO Score AI
BCO 75/100Composite 80Decades-deep machine-learning portfolio across fraud detection (Falcon) and credit decisioning (FICO Score 10 T). The reference SR 11-7 documentation in the industry. Most US banks already operate against FICO's validation patterns.
Buyer's guide for Colorado
For Colorado-deploying organizations, the highest-leverage axes are NIST AI RMF anchoring (the de-facto procurement standard), explicit engagement with Colorado's amended AI law (SB 26-189 — automated-decision disclosure, effective 2027), and BAA/DPA scope. Vendors that score 'No' on Colorado AI law readiness require deployer-side documentation work.
Operationalize the scoring
Colorado AI Act for Healthcare Deployers
The Index tells you which vendors clear the bar for Colorado engagement. The companion resource tells you how to turn that selection into a deployable governance program with documented evidence.
Colorado AI Act for Healthcare Deployers →Compare Colorado with other state and sector views
Other state views
Sector views
Scoring as of 2026-05-13from public information (vendor trust portals, BAAs, SOC report cover pages, model cards, vendor documentation). Posture changes frequently — re-verify with the vendor's trust center before contract. State filter views surface vendors with explicit state engagement on the axes most relevant to that state's regulatory frame; they do not replace deployer-side state compliance work. Methodology: read the full methodology.
Turn the scoring into a deployable program
The Index tells you the posture. These engagements turn the posture into operational evidence for Colorado deployments.