The Texas Responsible Artificial Intelligence Governance Act (TRAIGA), enacted as House Bill 149, took effect on 1 January 2026. It is one of the more comprehensive entries in a rapidly expanding patchwork of US state AI laws, in which different states regulate different aspects of AI in different ways. This article explains TRAIGA’s main features and how state approaches diverge. It is informational and not legal advice.
What TRAIGA does
TRAIGA establishes a framework governing the development and deployment of AI systems in Texas. Reported features include:
- A broad definition of AI systems, covering machine-based systems that infer from inputs how to generate outputs such as content, decisions, predictions or recommendations — not only generative AI.
- Prohibited uses, including AI developed or deployed for unlawful behavioural manipulation, certain forms of unlawful discrimination, and specified harmful content.
- Obligations on government entities, such as disclosure to consumers that they are interacting with an AI system, and restrictions on social-scoring and certain biometric uses.
- A duty for healthcare providers to disclose to patients where AI is used in their care.
- A regulatory sandbox for testing AI systems and an AI advisory council to inform policy.
Enforcement is reserved to the Texas Attorney General, with civil penalties and a cure period before action, and the law does not create a private right of action. The statute and analyses are summarised in published legal commentary; the bill itself is available through the Texas Legislature.
Scope and reach
TRAIGA is reported to apply broadly: to those conducting business in Texas, offering products or services to Texas residents, or developing or deploying AI systems in the state. That framing can pull in out-of-state organisations whose systems reach Texas residents, a common feature of state-level technology laws. As enacted, the law was described as a pared-back version of earlier, more expansive drafts, with some of the broadest proposed duties narrowed before passage. This trajectory — an ambitious initial proposal trimmed during the legislative process — is itself characteristic of how several state AI bills have moved from introduction to law.
The patchwork problem
TRAIGA’s significance is amplified by its context. In the absence of a single comprehensive federal AI statute, US states have moved at different speeds and along different conceptual lines. The result is a patchwork in which the same AI system can face materially different rules depending on where it is used. Broad themes include:
- Comprehensive risk frameworks. The Colorado AI Act (SB24-205) pioneered a developer-and-deployer model centred on algorithmic discrimination in consequential decisions, though its effective date was repeatedly deferred.
- Targeted use-case rules. NYC Local Law 144 regulates a single use — automated employment decision tools — through mandatory bias audits and disclosure.
- Transparency and disclosure laws. Several states have enacted measures focused on disclosing AI-generated content, chatbots or deepfakes, themes we follow under generative-AI disclosure.
- Broad governance statutes. TRAIGA itself blends prohibited-use rules, government-specific duties, sectoral disclosure and a sandbox.
For a structured comparison of these regimes, see our overview of US AI laws by state.
What differs state to state
The divergence runs along several axes. States differ on who is regulated (developers, deployers, government, specific sectors), on what triggers obligations (consequential decisions, employment screening, content generation, biometric use), on core mechanisms (impact assessments, bias audits, consumer notices, prohibited-use lists), and on enforcement (attorney-general action versus, in some cases, other routes). Even shared concepts like “high-risk” or “consequential decision” can carry different statutory meanings. This variability is the defining operational challenge of the patchwork.
The sandbox and advisory council
Two features distinguish TRAIGA from purely prohibitive approaches. The regulatory sandbox is intended to let participants develop and test AI systems under a relaxed regulatory posture, with the aim of encouraging innovation while gathering information about emerging uses. The AI advisory council is positioned to inform the legislature and state agencies on AI policy, the use of AI within government, and improvements to the sandbox. Together these reflect a model that pairs enforcement with structured experimentation and ongoing policy review — an approach that contrasts with measures focused solely on prohibitions or audits.
Federal-state tension
The patchwork exists against a backdrop of debate about whether AI should be governed primarily at the federal or state level. Proposals to limit or pre-empt state AI regulation have surfaced in national policy discussions, and the outcome of that debate would directly affect how durable individual state laws prove to be. For organisations, this adds a layer of uncertainty: the rules in force today reflect a particular moment in an unsettled allocation of authority, and the balance between state initiative and federal coordination remains an open question that could reshape the landscape.
How organisations respond
Faced with multiple overlapping regimes, many organisations build a governance baseline using voluntary frameworks and then layer state-specific obligations on top. The NIST AI RMF is frequently used to structure risk management, and ISO/IEC 42001 to provide an auditable management system; international comparisons are also drawn with the EU AI Act. None of these substitutes for a given state’s legal requirements, but they offer common scaffolding across jurisdictions. Readers encountering terms such as deployer, consequential decision or regulatory sandbox may find our dictionary helpful.
In summary
TRAIGA, effective 1 January 2026, adds a broad governance statute to a US state AI-law patchwork that already spans comprehensive risk frameworks, targeted use-case rules and transparency measures. The practical consequence is divergence: scope, triggers, mechanisms and enforcement vary by state. This article is a neutral overview, not legal advice; organisations should consult qualified counsel and the relevant statutes for their own circumstances.