Skip to main content
Find a Lawyer

Colorado Revised Statutes Title 24. Government State § 24-18-304. Use of facial recognition service--testing required before use in certain contexts--testing capability required--exemption

Current as of January 01, 2025 | Updated by Findlaw Staff

(1) Except as described in subsection (4) of this section, before deploying a facial recognition service in a context in which it will be used to make decisions that produce legal effects concerning individuals or similarly significant effects concerning individuals, an agency must test the facial recognition service in operational conditions. An agency must take reasonable steps to ensure best quality results by following all guidance provided by the developer of the facial recognition service.

(2)(a) Except as described in subsection (4) of this section, an agency that deploys a facial recognition service shall require the facial recognition service provider to make available an application programming interface or other technical capability, chosen by the provider, to enable legitimate, independent, and reasonable tests of the facial recognition service for accuracy and to identify unfair performance differences across distinct subpopulations, including subpopulations that are defined by visually detectable characteristics such as:

(I) Race, skin tone, ethnicity, gender, age, or disability status; or

(II) Other protected characteristics that are objectively determinable or self-identified by the individuals portrayed in the testing dataset.

(b) If the results of independent testing identify material unfair performance differences across subpopulations, the provider must develop and implement a plan to mitigate the identified performance differences within ninety days after receipt of the results.

(c) Subsection (2)(a) of this section does not require a provider to disclose proprietary material or make available an application programming interface or other technical capability in a manner that would increase the risk of cyber attacks. Providers bear the burden of minimizing these risks when making an application programming interface or other technical capability available for testing purposes.

(3) Nothing in this section requires an agency to collect or provide data to a facial recognition service provider to satisfy the requirements in subsection (1) of this section.

(4) The requirements of subsections (1) and (2) of this section do not apply if the facial recognition service provider is a participant in the face recognition vendor test ongoing project of the national institute of standards and technology.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Colorado Revised Statutes Title 24. Government State § 24-18-304. Use of facial recognition service--testing required before use in certain contexts--testing capability required--exemption - last updated January 01, 2025 | https://codes.findlaw.com/co/title-24-government-state/co-rev-st-sect-24-18-304/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard