Texas TRAIGA (Responsible Artificial Intelligence Governance Act, HB 149)
Effective date
Penalty
Curable violations: $10,000 to $12,000 per violation. Uncurable violations: $80,000 to $200,000 per violation. Continued violations: $2,000 to $40,000 per da…
Cure period
60 days
Obligations mapped
8 obligations
Legislative update
Federal preemption risk: the December 2025 Executive Order directs federal agencies to evaluate state AI laws. The March 2026 White House National Policy Framework proposes broad federal preemption. No challenge filed as of April 2026.
Overview
Texas now has rules for AI systems starting January 2026. Companies cannot use AI to deliberately manipulate your behavior in ways that cause harm, and they cannot use AI to intentionally discriminate against you based on your race, sex, religion, or other protected characteristics. If a Texas government agency uses AI to interact with you, they must tell you. The law also updates rules for biometric data like fingerprints and facial scans when AI is involved. If a company violates these rules, the Texas Attorney General can investigate and impose fines up to $200,000 per violation.
This is an AI-specific state law.
See if this regulation applies to your company with the free exposure scan.
Who this applies to
This regulation applies to the following roles:
- Developers of covered AI systems
- Deployers and users of covered AI systems
- Organizations operating in Texas
This regulation applies to both companies that build AI products and companies that use AI tools from other vendors.
HB 1709
AI categories covered
- Government AI use
- Consumer-facing AI
- Employment and hiring
- Healthcare AI
What this requires you to do
8 obligations identified from statutory analysis.
Sec. 503.001 (CUBI amendment)
Sec. 552.051(b)
Sec. 552.051(f)
Sec. 552.105(e)(2)(D)
Sec. 552.053
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.
Enforcement and penalties
Curable violations: $10,000 to $12,000 per violation. Uncurable violations: $80,000 to $200,000 per violation. Continued violations: $2,000 to $40,000 per day. CUBI biometric: up to $25,000 per violation. AG exclusive enforcement. 60-day cure period. No private right of action.
Cure period: 60 days.
Penalty amounts are based on statutory text and may be subject to adjustment, judicial interpretation, or enforcement discretion.
Legislative history
effective
Takes effect
signed
Passed legislature
amended
Significant amendments remove impact assessments, risk management mandates, and disparate impact liability
amended
HB 1709 dies in committee. HB 149 (TRAIGA 2.0) introduced as dramatically scaled-back version.
introduced
HB 1709 (TRAIGA 1.0) introduced. Sweeping EU AI Act-style regulation.
Related regulations
- In EffectAI-Specific
Texas TRAIGA Biometric and AI Training Amendments (HB 149, 89th Legislature)
Amends the Texas Capture or Use of Biometric Identifier Act (CUBI) and related Business and Commerce Code provisions for biometric data used with AI. Relaxes CUBI for AI training with a carveout for publicly available data and adds anti-scraping consent requirements for biometric identifiers. Enforced under the same HB 149 TRAIGA framework as the core act: intent-based liability, 60-day cure, preemption of local AI rules, and the statutory penalties and safe harbors that apply to TRAIGA generally.
Effective
- In EffectPrivacy ADM
Texas Data Privacy and Security Act, Profiling Provisions (HB 4)
Texas comprehensive privacy law with profiling provisions. Requires data protection assessments for profiling that presents a risk of harm. Consumer opt-out for profiling producing legal or similarly significant effects, targeted advertising, and sale of personal data. Universal opt-out mechanism required for covered profiling opt-outs. Broad applicability: no revenue or data volume thresholds (unlike many state privacy laws). Small businesses as defined by the SBA are exempt. The 30-day cure period is permanent with no sunset. Profiling opt-out applies to decisions with legal or similarly significant effects, not all profiling.
Effective
- In EffectFramework
NIST AI Risk Management Framework (AI RMF 1.0)
NIST AI RMF is a voluntary framework used as a practical benchmark by regulators and lawmakers. NIST released AI RMF 2.0 in February 2024, building on early adoption experiences and adapting to generative AI paradigms. Companion documents include the AI RMF Playbook and Generative AI Profile (NIST AI 600-1), developed under EO 14110, which persists as a voluntary framework even though EO 14110 was revoked. State laws that reference NIST as a safe harbor or affirmative defense include Texas TRAIGA (HB 149), Tennessee TIPA, and Montana Right to Compute Act (SB 212). Colorado SB24-205 NIST-aligned controls remain useful historical and reusable governance evidence after SB26-189, but they should not be described as the current Colorado ADMT minimum-law safe harbor without legal review. Alignment with NIST AI RMF increasingly affects legal exposure under these state laws.
Effective
- UpcomingAI-Specific
Colorado ADMT / AI Act (SB 26-189)
Colorado SB 26-189 repeals and reenacts SB 24-205 into an automated decision-making technology (ADMT) framework for consequential decisions. Starting January 1, 2027, covered developers may need to provide deployers with technical documentation and material-update notices. Covered deployers may need point-of-interaction notices, post-adverse-outcome disclosures, data-access and correction processes, human-review and reconsideration workflows, and three-year compliance records. SB 24-205 risk-management, impact-assessment, and reasonable-care artifacts remain useful governance evidence, but they are historical or reusable controls rather than standalone current-law duties under the new Colorado framework.
Effective
- In EffectAI-Specific
Texas SB 1188 - Healthcare AI Practitioner Disclosure
Requires healthcare providers using AI-enabled clinical support features in electronic health record workflows to disclose AI involvement in clinical decision support contexts. Applies to AI-assisted diagnosis, treatment recommendations, and clinical support pathways in covered settings.
Effective
- In EffectAI-Specific
Texas Nonconsensual Intimate Deepfakes (SB 441)
Criminalizes creating and distributing nonconsensual intimate deepfakes. Creates civil liability for victims. Platforms must take down reported content within 72 hours. Consent to create an image does not constitute consent to share it.
Effective
- In EffectAI-Specific
Texas Government AI Ethics and Oversight (SB 1964)
Requires Texas state agencies and local governments to inventory AI systems, adopt an AI code of ethics aligned with NIST AI RMF, conduct impact assessments for AI that autonomously influences consequential decisions, and disclose AI use to affected individuals. Applies to government entities only, not the private sector.
Effective
Texas AI regulation guide lists every tracked rule for this jurisdiction with timelines and obligation tallies.
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.