Mortgage lenders deploying AI should prepare now for Colorado’s comprehensive AI law that will take effect in February 2026 and rethink how they manage compliance risk, according to Mike Brown, chief product officer at Xactus, and Wendy Lee, managing partner at LOGS Legal Group. Officially known as S.B. 24-205, the law is focused on regulating the development and deployment of AI systems within the state, particularly those considered “high risk.” It is currently undergoing rulemaking and is expected to set a precedent for other states. Lenders, servicers and capital markets teams should consider automating compliance tools from the outset of AI adoption, rather than treating it as an afterthought. Lee recommended establishing an AI governance committee with direct access to the board and the ability to meet more frequently than every quarter. These groups should document both positive and negative test results and be nimble enough to respond quickly to emerging issues. Brown said that vendor due diligence is another priority. Companies that build their own AI may control the rollout pace more effectively, but those buying third-party tools must scrutinize contracts, avoid overly long terms and “know your developer” to anticipate product changes. Both speakers advised to incorporate legal and compliance risk into return on investment (ROI) models. On the regulatory front, Lee said federal preemption efforts are under discussion, but states are expected to continue advancing their own AI and data privacy laws. More than 1,000 bills have been introduced nationwide, she said. To avoid stifling innovation, Brown and Lee said lenders must align legal and compliance teams with business goals and acceptable risk levels from the outset. Involving these professionals early in AI strategy, rather than as a final checkpoint, can speed safe adoption.