Short answer: The Texas Responsible Artificial Intelligence Governance Act (TRAIGA, House Bill 149) was signed in June 2025 and takes effect on January 1, 2026. It applies to organisations doing business in Texas, organisations that develop or deploy AI systems used by Texas residents, and Texas government agencies. Unlike Colorado's broader AI Act, TRAIGA is built around intent — it prohibits specific harmful uses of AI (intentional behavioural manipulation that causes harm, intentional unlawful discrimination, certain biometric and government uses) rather than imposing a general duty of care across all "high-risk" systems. Enforcement is exclusively by the Texas Attorney General, with a 60-day cure period and civil penalties; there is no private right of action. This guide explains what TRAIGA requires and how to prepare.

What TRAIGA is

TRAIGA is Texas's comprehensive AI statute. After several drafts that resembled Colorado's risk-based model, the enacted version (HB 149) landed on a narrower, intent-based design. It governs the development and deployment of AI systems with a Texas nexus and adds specific obligations for government agencies.

It takes effect January 1, 2026, which makes 2026 the first year organisations need an actual TRAIGA posture rather than a watching brief.

Who TRAIGA applies to

TRAIGA reaches:

A person who does business in Texas or produces a product or service used by Texas residents;
A person who develops or deploys an AI system in Texas; and
State agencies and certain healthcare providers, which carry additional disclosure duties.

Because it follows the Texas-resident and Texas-business nexus rather than a headquarters test, many out-of-state companies are in scope if their AI-touching products reach Texans.

What TRAIGA prohibits

Rather than regulating broad categories of "high-risk" systems, TRAIGA targets specific intentional misuses. The core prohibitions include:

Intentional behavioural manipulation. Developing or deploying an AI system with the intent to manipulate a person's behaviour to encourage self-harm, harm to others, or criminal activity.
Intentional unlawful discrimination. Developing or deploying an AI system with the intent to unlawfully discriminate against a protected class. The intent requirement is the key difference from Colorado: a disparate-impact outcome alone is not, by itself, a TRAIGA violation — though it remains relevant under other civil-rights law.
Social scoring by government. Government use of AI to assign social scores that lead to detrimental treatment.
Unlawful biometric identification. Using AI to identify individuals through biometric data captured without the consent required by Texas law.
Prohibited content. Building AI systems for the purpose of producing unlawful content such as child sexual abuse material or certain non-consensual deepfakes.

Government-agency and healthcare disclosure

TRAIGA imposes transparency duties on the public sector and on healthcare:

State agencies must disclose to consumers when they are interacting with an AI system, in clear and conspicuous terms.
Healthcare providers that use AI in patient interactions face disclosure obligations as well.

These disclosure duties are among the most operationally concrete parts of the law for the entities they cover.

Enforcement, penalties, and the cure period

Exclusive enforcement by the Texas Attorney General. There is no private right of action — individuals cannot sue under TRAIGA.
A 60-day cure period. Before penalties attach, the AG must notify the organisation and allow 60 days to cure the alleged violation.
Tiered civil penalties. Penalties scale with the nature of the violation, with the highest tiers (for uncurable or continuing violations) reaching into six figures per violation.

TRAIGA also establishes a regulatory sandbox for testing AI systems under reduced regulatory exposure, and a Texas Artificial Intelligence Council to advise on policy.

TRAIGA vs the Colorado AI Act

| Dimension | Texas TRAIGA (HB 149) | Colorado AI Act (SB 24-205) | | --- | --- | --- | | Effective date | January 1, 2026 | June 30, 2026 | | Structure | Intent-based prohibitions | Risk-based duty of care for "high-risk" systems | | Discrimination standard | Requires intent | Reasonable care to avoid algorithmic discrimination (incl. disparate impact) | | Documentation mandate | Lighter for private deployers | Impact assessments, risk-management program, disclosures | | Enforcement | Texas AG, 60-day cure, no private right | Colorado AG, no private right |

The practical takeaway: TRAIGA is narrower and harder to violate accidentally, but the two laws together signal that US state-level AI regulation is now a multi-jurisdiction compliance problem, not a single statute to track.

How to prepare for TRAIGA in 2026

Inventory AI systems with a Texas nexus. Know which of your AI products and internal tools touch Texas residents or are operated in Texas.
Screen for the prohibited uses. Confirm none of your systems are designed to manipulate behaviour toward harm, to discriminate unlawfully, or to perform unlawful biometric identification. Document that review.
Stand up disclosures where required. If you are a government agency or a healthcare provider using AI in interactions, implement the consumer-facing AI disclosure.
Watch your consent posture on biometrics. Align any AI biometric processing with Texas's biometric-consent requirements.
Don't neglect the data-protection layer. TRAIGA governs uses; it does not relieve you of the obligation to keep personal data, PHI, and confidential information out of AI tools that lack the right safeguards. Detecting and masking sensitive data before it reaches a model remains a foundational control that supports TRAIGA, the Texas Data Privacy and Security Act, and your other obligations at once.

Frequently asked questions

When does TRAIGA take effect?

January 1, 2026. The law was signed in June 2025, giving organisations roughly half a year to prepare.

Does TRAIGA have a private right of action?

No. Only the Texas Attorney General can enforce TRAIGA, and the AG must provide a 60-day cure period before penalties attach.

Is a biased AI outcome automatically a TRAIGA violation?

Not by itself. TRAIGA's discrimination prohibition requires intent to unlawfully discriminate. A disparate-impact outcome with no discriminatory intent is not a TRAIGA violation — though it may still expose you under federal civil-rights and employment law and under other state regimes like Colorado's.

We're not based in Texas. Are we in scope?

Possibly. TRAIGA reaches organisations that do business in Texas or whose products and services are used by Texas residents. A Texas headquarters is not required.

How does TRAIGA relate to data-privacy compliance?

TRAIGA regulates how AI systems may be used; it sits alongside data-protection law rather than replacing it. You still need controls that prevent regulated data from flowing into AI tools without proper safeguards — which is a data-security and privacy obligation independent of TRAIGA's use-based prohibitions.

The bottom line

TRAIGA makes Texas one of the first US states with an operative comprehensive AI law in 2026. Its intent-based design means most organisations using AI in good faith won't trip its prohibitions — but in-scope companies still need an inventory, a documented screen against the prohibited uses, disclosures where required, and a sound underlying data-protection posture. Combined with Colorado's law taking effect mid-year, 2026 is the year US AI compliance becomes a multi-state exercise.

Texas TRAIGA: The Responsible AI Governance Act Compliance Guide (2026)