AI Clear released Rubric v2.0 this week. It is the first major revision of our scoring methodology since launch, and it ships with eight new criteria, refreshed statutory cross-references, and an expanded framework anchor set. Every existing rating remains valid — companies scored under v1.0 keep their scores until they request a fresh assessment — but every new assessment from this point forward uses v2.0.
This post is the full diff.
Why a new version
Two things drove v2.0. First, Colorado's legislature replaced the AI Act mid-cycle: SB 24-205, the law that originally inspired several of our criteria, was repealed and reenacted as SB 26-189 in May 2026. The new bill narrows the scope to automated decision-making technology and adds explicit obligations — developer documentation for deployers, material-update notifications, point-of-interaction notices, 30-day post-adverse outcome disclosures, three-year record retention — that v1.0 did not cover. Keeping the rubric current required adding those obligations as discrete criteria.
Second, v1.0 had a known math quirk: Pillar 5 (AI Security and Assurance) summed to 92 of 100 because of a point-allocation oversight at launch. We normalized it in the aggregation layer, which worked but was ugly. v2.0 rebalances P5 to a clean 100. The 92-to-100 normalization remains in the codebase for any legacy v1.0 scorecard that still needs to render correctly.
The structural changes
Criterion count: 49 → 57. All v1.0 IDs are preserved; the rubric does not retire criteria across versions where the underlying obligation still applies. The eight new criteria are:
- P1-11 Developer Technical Documentation for Deployers
- P1-12 Material Update Notification Process
- P2-11 Personal Data Correction for ADMT Decisions
- P3-11 Meaningful Human Review with Reviewer Authority
- P3-12 Three-Year Record Retention with Version Control
- P4-10 Pre-Decision Point-of-Interaction Notice
- P4-11 30-Day Post-Adverse Outcome Plain Language Disclosure
- P4-12 Disclosure Accessibility for Disabilities and LEP
Seven of the eight track specific SB 26-189 sections. The eighth — accessibility — codifies a requirement that the bill expresses but that existing transparency frameworks routinely under-weight: notices and disclosures must be reasonably accessible to consumers with disabilities and consumers with limited English proficiency, not only to consumers who already know to ask.
Framework anchor set, expanded. v2.0 adds ISO/IEC 23894:2023 (AI Risk Management), ISO/IEC 38507:2022 (Governance Implications of AI), and NIST AI 600-1 (Generative AI Profile) to the anchor set. P5 also picks up NIST SP 800-218A for secure development practices specific to generative AI. The existing anchors — NIST AI RMF, ISO/IEC 42001:2023, the EU AI Act, and the GDPR — remain in force.
Statutory references, updated. Every cross-reference to the prior Colorado AI Act (SB 24-205) now points to SB 26-189 with the correct §6-1-17xx section number. The rubric is the authority companies appeal against, so this drift matters.
Per-criterion framework maps. v1.0 only listed framework anchors at the pillar level. v2.0 adds a framework_map field on every individual criterion, listing the specific clauses or articles that ground that criterion. The change is invisible on the scorecard but feeds directly into the scoring prompt: the analyst (and the model) sees the precise authority for each evidence threshold.
What did not change
The scoring math is unchanged. Three evidence thresholds (No / Partial / Full) per criterion, criterion scores sum to a pillar sub-score on a 0-100 scale, the five pillar sub-scores are averaged equally (20% weight each) into the overall AI Clear Score. The letter-grade scale is unchanged: A+ at 95-100 down through F below 45.
The five pillars themselves did not change. Their names, definitions, and conceptual scope are the same. The rebalancing happens within pillars (e.g., P5 criterion point values shift slightly to bring the pillar total to 100), not across them.
The "what the rubric does not measure" stance is also unchanged. AI Clear measures transparency, not capability. A company can have excellent internal AI governance and score low if it does not publicly disclose it. The burden of clarity is on the rated company.
What it means for rated companies
If your company already has an AI Clear rating, that rating stays valid until you ask us to re-rate. The scorecard will surface a banner noting that the rating was issued under Rubric v1.0 and link to the contact form if you want a v2.0 reassessment. There is no automatic re-scoring, and a v2.0 re-rating is not a downgrade by default — most v1.0 ratings would land in roughly the same letter-grade range under v2.0. The eight new criteria are most impactful for companies that develop AI systems used by other companies in consequential decisions (the SB 26-189 developer obligations).
If you are considering an AI Clear rating for the first time, v2.0 is what you will be assessed under. The methodology page has the complete published rubric, and the registry shows every rated company.
If you are evaluating AI vendors, the new P1-11 and P1-12 criteria — developer technical documentation, material-update notification — are the ones we expect to discriminate hardest in 2026. Many AI providers do not yet produce the four-element technical documentation that SB 26-189 §6-1-1702(1) requires of developers, and the gap will be visible in scores.
The full published rubric, including all 57 criterion threshold definitions and per-criterion framework maps, is at aiclear.org/methodology.
See where your company stands
AI Clear scores companies on AI transparency. Search the registry or request your scorecard.