Volume 1, No. 67 Saturday, May 9, 2026 AI News Daily

The AI Dispatch

“All the AI News That’s Fit to Compile”

State Laws — Reversal

Colorado House Votes 57–6 to Gut Original AI Act

The Colorado House passes SB 26-189, repealing and replacing the landmark Colorado AI Act with a disclosure-only framework for “automated decision-making technology.” The Senate had already approved it 34–1 on May 7. The bill now heads to Governor Jared Polis, who is expected to sign — completing the rapid reversal of America’s first comprehensive AI regulation.

By AI Dispatch Desk · May 9, 2026 · Source: Troutman Pepper

Colorado’s House of Representatives voted 57 to 6 on Saturday to pass SB 26-189, the legislation that formally repeals and replaces the Colorado Artificial Intelligence Act of 2024. The bill, which cleared the state Senate on a 34–1 vote two days earlier, now heads to Governor Jared Polis. Polis — who signed the original 2024 law only reluctantly, in a statement at the time expressing “reservations” about its scope — is widely expected to sign the replacement. With his signature, the United States will lose, less than three months before it was set to take effect on February 1, 2027, what had been billed as the first comprehensive state-level regulation of high-risk artificial intelligence systems anywhere in the country.

The text of SB 26-189, as enrolled, replaces nearly every operative provision of the original SB 24-205. The new framework abandons the law’s defining structural choices: the mandatory risk-management program that high-risk AI deployers were required to maintain, the annual impact assessment obligation that paralleled the EU AI Act’s Article 27, and — perhaps most consequentially — the self-reporting duty that required deployers to notify the state attorney general within ninety days of discovering algorithmic discrimination by their own systems. In place of that compliance architecture, SB 26-189 substitutes a narrower notice-and-rights model: covered entities deploying “automated decision-making technology” (the new statutory term of art, which replaces “high-risk AI system”) must disclose to consumers that an automated system is being used and must provide a mechanism for human review of adverse decisions. There is no rulemaking authority delegated to the attorney general comparable to the one in the original act, and the private right of action that civil-rights advocates had pushed for during the original 2024 negotiations is again absent.

The vote margin tells its own story. SB 24-205 passed the Colorado House in 2024 by 40 to 21, with significant Republican opposition and audible Democratic discomfort. SB 26-189 passed today by 57 to 6 — a coalition that crossed party lines almost completely and that lost only the votes of a small bloc of progressive Democrats who had been the original act’s loudest proponents. The political coalition that built the 2024 law has, in two legislative sessions, lost the floor. Industry groups that had lobbied against the original act — the Colorado Technology Association, the Chamber of Commerce’s state affiliate, and a cross-sector coalition of insurers, lenders, and healthcare providers organized as the Responsible Innovation Coalition — have spent the past eight months pressing for repeal or substantial narrowing. They got both.

The replacement framework is closer to the disclosure-and-notice statutes enacted earlier this year in Utah and Texas than it is to any of the comprehensive risk-management regimes that progressive states had been drafting in parallel. New York’s Frontier AI Act, California’s SB 1047 successor legislation, and Illinois’ pending HB 3563 all retain core elements — risk assessments, third-party audits, attorney-general rulemaking — that Colorado has now stripped from its own statute. The Colorado pivot has the practical effect of removing the most aggressive state-level regulatory template from the federalism conversation, leaving the most demanding US frameworks concentrated in three states that together represent perhaps a quarter of the national market but none of which has yet brought its own regime fully into force.

Governor Polis’ expected signature will leave the litigation landscape unchanged in form but profoundly altered in substance. The constitutional challenge filed against SB 24-205 by xAI in February — and joined by the US Department of Justice on April 24 — targeted the original act’s provisions on compelled disclosure and on Commerce Clause grounds. Those claims do not automatically dissolve when the underlying statute is repealed; courts can still address whether the original’s now-moot provisions inflicted compensable harm during the window they were nominally in effect. But the prospective relief sought by the plaintiffs has been overtaken by events, and the case’s practical posture going forward will be largely about attorneys’ fees and the federal-preemption arguments that the DOJ may now wish to redirect at the surviving disclosure-only framework.

Analysis

Colorado’s Reset: A “White House Callout” Moment, EU Risk Model Abandoned

By AI Dispatch Desk · May 9, 2026 · Sources: Carpe Datum Law · Jenner & Block

Legal commentary published around Saturday’s House vote framed SB 26-189 as something more deliberate than a tactical retreat. Privacy-and-tech practice groups at Carpe Datum Law and Jenner & Block both characterized the bill as an intentional pivot away from the European Commission’s risk-classification model and toward the lighter-touch posture set out in the Trump administration’s National AI Policy Framework, released in late March. The pivot — Carpe Datum’s practice group wrote — came “two weeks after a White House callout” that singled out Colorado’s original act as the leading example of state-level regulation that the administration views as conflicting with federal preemption priorities.

The federal pressure has been unusually public for a state-law dispute. Commerce Secretary Howard Lutnick referenced Colorado by name during a March 28 trade-policy address, framing the original act as a barrier to US AI competitiveness; the Office of Science and Technology Policy followed with an April 3 advisory letter to state attorneys general warning that comprehensive AI legislation may conflict with the federal framework on a range of grounds, including dormant Commerce Clause doctrine and compelled-speech First Amendment principles. The DOJ’s April 24 intervention in xAI v. Weiser — the constitutional challenge to SB 24-205 filed in the US District Court for the District of Colorado — took those theories from advisory rhetoric to active litigation posture.

What practitioners are now wrestling with is how completely SB 26-189 dissolves the existing litigation. Jenner & Block’s client alert published Friday emphasized that the DOJ’s intervention does not automatically terminate when the underlying statute is repealed: Commerce Clause and compelled-speech arguments can be repurposed against the replacement law’s disclosure obligations, particularly the requirement that automated decision-making technology be labeled to consumers in a specific statutorily mandated form. The constitutional theories survive the legislative reset, in other words, even as their practical urgency declines. xAI’s lawyers have not yet indicated publicly whether they intend to amend the complaint or stand on the original pleading; a status conference is scheduled for the third week of May.

The deeper observation in the practitioner commentary is structural: SB 26-189 is being read not as a Colorado-specific compromise but as a template. Carpe Datum’s analysis singles out three other states — Connecticut, Washington, and Minnesota — whose own AI bills are currently in committee and whose sponsors have begun signaling openness to narrowing their proposals along Colorado’s new lines. If even one of those bills is reintroduced with the disclosure-only structure, the practical national baseline for state AI regulation will have completed a remarkable inversion in less than six months: from a Colorado-led push toward EU-style comprehensive risk regulation to a federally-aligned disclosure-only floor.

The EU comparison is the one practitioners keep returning to. Brussels’ Digital Omnibus deal — reported in this newspaper’s May 7 edition — deferred the AI Act’s most contentious high-risk deadlines to 2027 and 2028 while preserving its core regulatory architecture. Colorado has now done something different: not deferred its high-risk obligations but eliminated them, replaced them with a disclosure framework, and aligned the result with a federal policy posture that explicitly positions itself against the European model. Whether other state legislatures follow the template or hold the line for comprehensive regulation may be the defining question of the next eighteen months of US AI policy.

Two weeks after a White House callout, Colorado pivots away from the EU risk model — a template other states are already studying. — Carpe Datum Law, Practice Alert, May 9, 2026

Copyright

Hollywood’s Image-Generator Fight

As Colorado redraws state AI rules, the entertainment industry presses the federal copyright front against generative-image platforms.

Copyright

Disney–Midjourney Suit Advances as Hollywood Presses AI Copyright Front

Source: TIME

The Disney, NBCUniversal, and DreamWorks copyright lawsuit against Midjourney — the first major studio action against an AI image generator and one of the few generative-AI cases now squarely on the federal docket — continued moving through pretrial motions and discovery this week. The complaint, originally filed in the Central District of California, alleges that Midjourney allows users to reproduce iconic studio-owned characters — Spider-Man, the Minions, Shrek, and dozens more — on demand and at scale, and that the platform has both trained on copyrighted imagery without license and structured its output controls in a way that permits trivial reconstruction of those characters in new compositions. The studios are seeking statutory damages, disgorgement of profits, and a permanent injunction that would require Midjourney to implement character-level filtering on both training data and generated outputs.

The suit is widely read as a referendum on the fair-use defense that has anchored generative-AI training arguments since the first wave of cases in 2023 and 2024. Midjourney has argued, in line with the broader industry posture, that training on copyrighted material constitutes transformative use under Authors Guild v. Google and its progeny. The studios’ complaint counters that whatever fair-use latitude exists for training does not extend to the platform’s output behavior: when a user types “Spider-Man on a skateboard,” the resulting image is a derivative work that infringes Marvel’s registered copyrights, full stop, regardless of how the training data was assembled. The legal theory effectively bifurcates the fair-use question: input use may or may not qualify, but the output question is doctrinally separate and substantially less hospitable to AI platforms.

Observers have noted that the case’s eventual outcome — whether through summary judgment, settlement, or trial verdict — could reshape how studios negotiate the AI licensing deals that have become an increasingly visible category of entertainment industry transactions over the past year. Disney itself announced a generative-AI partnership with a competing platform in March; NBCUniversal has signaled interest in similar arrangements. The Midjourney suit makes the alternative path expensive enough that the licensing market gains a clear floor — one set by the cost of litigation rather than by the underlying economics of training-data acquisition. That floor, more than any specific doctrinal holding, may turn out to be the case’s most durable legacy regardless of which side prevails on the merits.

Source: TIME · Disney v. Midjourney coverage · May 9, 2026

Briefs

From the Desk

Salesforce open-sources a Data 360 connector for MCP clients, and the state-legislative deepfake docket clears a clutch of bills heading into summer recess.

Salesforce Open-Sources Data 360 MCP Server

Salesforce open-sourced the Data 360 MCP Server (forcedotcom/d360-mcp-server) in early May as a developer preview, the company’s most substantive contribution to the Model Context Protocol ecosystem to date. The server connects Salesforce’s Data 360 APIs to any stdio-transport MCP client — Claude Code, Cursor, Codex CLI, and a handful of smaller third-party harnesses — and exposes roughly two hundred API operations through a facade-tool architecture designed to avoid context overflow on long-running agent sessions. The facade pattern is unusual for an MCP server of this scale and may set a template for other enterprise vendors weighing how to surface large API surfaces to LLM agents without flooding the tool list. The preview requires Java 17 or later and Maven 3.9 or later, runs locally on the developer machine, and is restricted to single-user, single-org scope; multi-tenant authentication and shared-deployment modes are not yet supported. The project is published under a permissive open-source license and accepts community contributions through the standard forcedotcom GitHub workflow.

Source: Salesforce Developer Blog · May 2026

State Legislative Roll-Up: Chatbot Bills Race the Recess Clock

With most state legislative sessions racing toward summer recess, the chatbot-safety docket has cleared a notable batch of bills. Iowa SF 2417 — the state’s chatbot safety act for minors — was signed earlier in the week, joining the small but growing roster of states with enforceable age-gating and content-disclosure requirements for consumer-facing conversational AI products. Weekly legislative trackers maintained by the Transparency Coalition and a handful of academic clearinghouses show multiple additional chatbot disclosure bills approaching governor signature in Delaware, South Carolina, and Hawaii, with all three expected to be signed before the respective sessions end. The Transparency Coalition’s running tally now counts 78 active AI-related bills in state legislatures, a figure that has more than tripled since the start of the year and that constitutes the most visible evidence yet of state governments moving to fill the regulatory space the federal AI framework deliberately leaves open. Saturday’s Colorado vote (see lead) cuts in the opposite direction on comprehensive regulation, but the chatbot-specific bills generally take the disclosure-only approach the federal framework prefers and have so far drawn relatively little federal pushback.

Source: Transparency Coalition state tracker · May 2026

GitHub Trending — Weekend Snapshot

Top repositories drawing weekend attention on May 9, 2026 — agent skills, harness collections, and the perennial GitHub ranker.

GitHub Trending — Weekend Snapshot
Repo Language Today’s Signal What it does
mattpocock/skills TypeScript +1.6K this week Reusable agent skills for AI coding workflows — composable units published as a community-maintained collection.
affaan-m/everything-claude-code Shell / Markdown ~100K stars 30 agents, 136 skills, and 60 commands — comprehensive Claude Code harness configuration in one repo.
caramaschiHG/awesome-ai-agents-2026 Markdown Growing Curated AI agents and frameworks list — 300+ resources covering frameworks, runtimes, and benchmark suites.
microsoft/typescript-go Go ~25.5K stars Native TypeScript compiler in Go — Microsoft’s in-progress port of tsc for substantially faster cold-start type checking.
EvanLi/Github-Ranking Python Perennial Daily top-100 GitHub ranking by stars and forks — automated leaderboard the developer community returns to weekly.