On June 22, Gov. Greg Abbott signed into law the Texas Responsible AI Governance Act (TRAIGA), which takes effect Jan. 1, 2026. Upon effect, TRAIGA will introduce a new section under the Texas Business & Commerce Code, labeled “Artificial Intelligence Protection” (AI Subtitle). The AI Subtitle applies to individuals or entities that either conduct business in Texas, provide goods or services to Texas residents, or develop or use AI systems within the state. Critically, the definition of “AI system” is unusually broad: “any machine-based system that, for any explicit or implicit objective, infers from the inputs the system receives how to generate outputs, including content, decisions, predictions, or recommendations, that can influence physical or virtual environments.” It should be noted that there is pending federal legislation that, if enacted, would limit or restrict the states’ ability to enact AI regulations. That federal preemption legislation is being debated in the context of the current budget reconciliation in Congress.

Prohibited Uses for All Regulated Parties

The AI Subtitle establishes certain prohibitions for developers and deployers (end users) of AI systems. These prohibitions are designed to bar development or use of AI systems that could have substantially harmful effects. These include prohibitions on AI systems that:

• intentionally encourage self-harm, suicide, violence toward others, or criminal behavior;
• are designed solely to violate constitutional rights;
• aim to unlawfully discriminate against protected classes in violation of federal or state law.

TRAIGA further restricts the development and distribution of AI tools intended to:

• produce or assist in producing sexually explicit content, particularly involving minors;
• engage in sexually suggestive text-based interactions while impersonating or mimicking children under the age of 18.

Regulations for Government Entities

Many of the AI Subtitle’s provisions specifically target government agencies by imposing the following restrictions:

• Disclosure to Consumers: Government entities must inform consumers when AI systems are being used.
• Prohibition on Social Scoring: Agencies are barred from using AI systems that evaluate individuals based on behavior or personal traits to assign a “social score.”
• Restrictions on Biometric Identification: AI systems may not be developed or used to uniquely identify individuals through biometric data or public media without explicit consent.

Amendments to Existing Texas Laws

TRAIGA amends the Capture of Use of Biometric Identifier (CUBI) Act.  TRAIGA carves out exceptions for biometric data used in connection with AI systems, so long as the data is not used to uniquely identify individuals. TRAIGA also creates exemptions from consent requirements, including financial institutions using voiceprint data, training AI systems used for purposes such as fraud prevention, security monitoring, and response to cyber or criminal threats.

Additionally, the law updates the Texas Data Privacy and Security Act by clarifying the obligations of data processors in supporting compliance related to AI-driven personal data processing.

Safe Harbor Exceptions

TRAIGA establishes a handful of safe harbors for developers and deployers that discover violations through feedback from others, testing, following applicable state agency guidelines, substantially complying with the National Institute of Standards and Technology’s AI Risk Management Framework, or similar AI risk management frameworks.  TRAIGA also shields developers from liability if an end user operates the AI system in a manner prohibited by TRAIGA.

Enforcement and Penalties

TRAIGA requires the Texas Attorney General to create an online portal through which consumers may submit complaints alleging violations of the new law.  Upon receiving a complaint, the Texas Attorney General may request production of the following AI system information from either developers or deployers:

• Description of AI system’s purpose, intended use, deployment context, and associated benefits.
• Description of AI system’s programing or training data.
• Descriptions of data processed as inputs and outputs produced.
• Any metrics used to evaluate performance.
• Any risk or impact assessments conducted.
• Known limitations of the AI system.
• Description of post deployment monitoring and safeguards used for the AI system.

The Texas Attorney General has exclusive enforcement authority over the AI Subtitle. No private right of action exists, and before pursuing legal action, the Texas Attorney General must provide notice and offer a 60-day period for the alleged violator to address and cure the issue.

For curable violations, fines can range from $10,000 to $12,000 per violation.  For uncurable violations (such as prohibited activities), penalties can range from $80,000 to $200,000 per violation. For ongoing violations, daily fines can range from $2,000 to $40,000.

How Should Businesses Prepare?

For developers, distributors, and deployers of AI systems, building an AI Governance Program is essential. Organizations should:

1. Review their AI portfolio and identify any high-risk systems that could be impacted by TRAIGA or other AI regulations (such as the Colorado AI Act or the EU AI Act).
2. Establish an AI Governance Committee responsible for oversight and compliance. Fill the committee with a cross-section of disciplines, including representatives from legal, technology, and operations.
3. Document risk and impact assessment findings and establish a process for re-evaluating.
4. Consider formally adopting and documenting substantial adherence to the NIST AI Risk Management Framework or a similar, nationally recognized risk management framework for AI systems.
5. Document and publish the intended purposes of AI systems and any safeguards to prevent unlawful or harmful outputs that may cause harm or self-harm.

In sum, TRAIGA marks one of the most comprehensive state-level attempts to regulate the development and use of AI. With broad definitions, detailed prohibitions, and a motivated state attorney general, businesses that develop, distribute, or deploy AI systems in Texas must take proactive steps now to align their practices with the law’s upcoming requirements.