The phrase, “don’t mess with Texas,” has taken on a whole new meaning. If you were considering using AI for business in Texas, you might want to hold your horses and review recent privacy laws first. In June 2024, the Texas Attorney General’s office announced a dedicated task force to uphold the Texas Data Privacy and Security Act (TDPSA) and other privacy-related laws, with more potential regulations to come. Clearly, Texas meant business regarding data privacy, because on June 22, 2025, Texas Governor Greg Abbott signed House Bill 149, enacting the Texas Responsible Artificial Intelligence Governance Act (TRAIGA) into law. Additionally, another council to regulate AI has been formed, the Texas Artificial Intelligence Council (TAIC).
What is TRAIGA, and what does the TAIC do?
TRAIGA's main purpose is to protect public safety, individual rights and privacy, and encourage the safe advancement of artificial intelligence (AI) technology in Texas. Other states, such as California, Colorado, and Utah, have also established frameworks to regulate AI. Texas’s approach is focused more on public-sector use and consumer protection rather than imposing broad mandates on private businesses or automated decision-making technology.
The Texas Artificial Intelligence Council (TAIC) was formed as part of efforts to monitor and regulate AI use under TRAIGA. The TAIC's responsibilities include ensuring that AI systems are developed ethically and in the state’s best interest. Additionally, TAIC ensures that AI systems do not harm the public’s best interests and freedoms and that opportunities for reform and efficiency are analyzed as needed. TAIC is also tasked with conducting AI training programs for Texas state agencies and local governments.
What employers want to know
The law will take effect on January 1, 2026, giving organizations some time to prepare. Below is a high-level overview of who TRAIGA applies to, responsibilities that may apply to employers, and other details employers want to know.
Who does TRAIGA apply to?
TRAIGA assigns responsibilities based on the entity's role. There are three primary categories: developers, deployers, and government entities.
Developers are defined as individuals or entities who create, offer, sell, lease, or otherwise provide an AI system in Texas. Deployers are defined as individuals or entities who put an AI system into service or use in Texas. Government entities are defined as any department, commission, board, office, authority, or other administrative unit of the state, or any political subdivision of Texas, that exercises governmental functions under the authority of the state's laws.
Duties and prohibitions
TRAIGA outlines several key obligations and restrictions for deployers, developers, and government entities. Some restrictions are specific to government entities, while others apply more broadly to businesses.
- Manipulation of human behavior: AI systems may not be used to incite self-harm, violence, or criminal activity.
- Protection of constitutional rights: AI systems may not be developed or deployed with the sole intent to infringe on rights under the U.S. Constitution or to unlawfully discriminate against protected classes.
- Sexually explicit content involving minors: AI systems may not be used to produce or distribute child sexual abuse material or deepfake sexual content depicting minors.
Regulations specific to government entities include, but are not exclusive to the following:
- Consumer transparency: Governmental entities are required to disclose when individuals are interacting with an AI system. Disclosures need to be clear, conspicuous, and in "plain language."
- Social scoring ban: Government entities are prohibited from using AI to assign "social scores" that could result in unjustified or
- Biometric data guardrails: Governmental use of biometric data from public sources to uniquely identify individuals is banned without consent if it violates constitutional or legal rights.
Regulatory sandbox
TRAIGA will introduce a first-in-the-nation “AI regulatory sandbox,” administered by the Texas Department of Information Resources (DIR) in consultation with the Texas Artificial Intelligence Council. This 36-month program will allow approved participants to test innovative AI applications without needing state licenses or permits.
Enforcement process and penalties
The Texas Attorney General has sole authority to investigate complaints and enforce the law. According to the Act, the Attorney General will be responsible for developing a reporting mechanism for consumer complaints and can issue a civil investigation upon receiving a complaint. Notably, there is no private right of action under TRAIGA, meaning individuals cannot sue. However, TRAIGA has some steep penalties for violations.
- Cure Period: Entities have 60 days to correct violations.
- Civil Penalties:
- Curable violations: $10,000–$12,000 per violation
- Uncurable violations: $80,000–$200,000 per violation
- Ongoing violations: $40,000 per day
To get the full details of enforcement, responsibilities, TAIC, and other details, please take a look at the full text of the law here.
The future of AI regulations is uncertain
TRAIGA was passed following a proposed federal 10-year suspension on state AI laws in the One Big Beautiful Bill Act, which initially presented some uncertainty around the Act’s future enforcement. The proposed ban was stripped from the bill in an early Senate vote on July 1, 2025. As of August 2025, the suspension of state AI regulation has not moved forward, but this could change as Congress continues to debate the issue.
At the same time, laws regulating data privacy and AI have been on the rise, creating uncertainty on the fate of restrictions on AI for employers. TRAIGA’s emphasis on role-based accountability, biometric data protection, and constitutional rights may also influence future legislation in other states.
TRAIGA extends beyond the state's physical boundaries to employers that use or plan to use AI, those who conduct business or hire in Texas, and developers who sell software that leverages AI in the state, regardless of location. Employers considering leveraging AI in their business practices should consult their legal counsel to see how it applies to their circumstances and remain compliant.
This content is for informational purposes only and shall not constitute legal opinion or advice. Consult your legal counsel to ensure compliance.
