What are the Texas TRAIGA private sector AI obligations?
Answer
TRAIGA (HB-149, effective January 1, 2026) is prohibition-based, not an affirmative-obligation regime like Colorado's. Private-sector businesses operating in Texas may not deploy AI that incites harm, intentionally discriminates against protected classes, or infringes constitutional rights. Biometric identification and social-scoring bans apply to government entities only. There is no risk-assessment, governance-policy, or recordkeeping mandate. Enforcement is exclusive to the Attorney General, with no private right of action.
Texas HB-149 (the Texas Responsible Artificial Intelligence Governance Act, or TRAIGA) — effective January 1, 2026 — is structured as a prohibition-based statute, not an affirmative-obligation regime like Colorado's AI Act. Private-sector businesses that promote, advertise, or conduct business in Texas, produce products or services for Texas residents, or develop/deploy AI systems in the state are prohibited from: (1) using AI designed to incite self-harm, harm to others, or criminal activity (behavioral manipulation); (2) intentionally deploying AI to discriminate against protected classes (disparate impact alone is insufficient to prove intent); and (3) using AI to infringe constitutional rights or target individuals based on constitutionally protected characteristics. Two further TRAIGA prohibitions — biometric identification from publicly available sources, and social scoring — apply to government entities only; for private-sector employers, biometric consent for AI tools is governed by Texas's CUBI statute (Tex. Bus. & Com. Code §503.001), not TRAIGA. TRAIGA's consumer-disclosure duty (telling a person they are interacting with AI) applies to government agencies; healthcare-provider AI disclosure to patients is governed separately by SB 1188, not TRAIGA. There is no statewide mandate for risk assessments, governance policies, or high-impact-system recordkeeping. Enforcement is exclusive to the Texas Attorney General; no private right of action. A 36-month regulatory sandbox allows approved companies to test AI systems with certain requirements waived.
Sources checked
Scope
Explains TRAIGA's (HB-149) prohibition-based structure for private-sector entities — the behavioral-manipulation, intentional-discrimination, and constitutional-rights bans — and clarifies which prohibitions are government-only. Biometric consent (CUBI) and hiring-specific application have their own answers. It does not address Colorado's affirmative-obligation regime except by contrast.
Operational implication
TRAIGA imposes no affirmative paperwork, but the intentional-discrimination bar makes documentation the defense. If an employer knows an AI produces skewed outcomes and keeps using it, intent becomes arguable. Maintain bias-testing records, NIST AI RMF alignment (a statutory safe harbor), and human-review logs so prohibited-practice exposure stays demonstrably absent.
Applicable Regulations
Texas Responsible Artificial Intelligence Governance Act (TRAIGA)
Signed June 22, 2025; effective January 1, 2026. TRAIGA is Texas's primary comprehensive AI governance law from the 89th Legislature. It establishes prohibited AI practices applying to all entities that promote, advertise, or conduct business in Texas, produce products or services for Texas residents, or develop/deploy AI systems in the state. Key prohibitions cover behavioral manipulation (inciting self-harm, violence, or criminal activity), government social scoring, unlawful discrimination, government biometric identification from public sources without consent, and constitutional rights infringement via AI. Government agencies must disclose to consumers when they are interacting with an AI system, using clear and conspicuous language free of dark patterns; healthcare-provider AI disclosure to patients is governed separately by Texas SB 1188. Enforcement is exclusively by the Texas Attorney General; no private right of action exists. A 36-month regulatory sandbox program allows companies to test AI systems with certain requirements waived. The law also establishes the Texas Artificial Intelligence Council (seven members) to advise on ethical, privacy, and public safety implications — though the Council cannot adopt binding rules.
Key Requirements
Full State Analysis
Where this lands operationally
Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.
Map This Workflow With Gridex
Stand up bias-testing records, NIST AI RMF alignment, and human-review logging through Gridex's governed AI deployment workflow (/services/governed-ai-deployment/).
Map This Workflow With Gridex →Related Questions
- Does the Texas TRAIGA require biometric consent? For private-sector employers, no — TRAIGA itself does not impose the biometric consent obligation. Texas HB-149's (TRAIGA) prohibition on identifying individuals from publicly available biometric data without consent applies to government entities only. The controlling biometric consent law for private-sector employers is Texas's CUBI statute (Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code §503.001): before capturing a biometric identifier — such as face geometry or a voiceprint in an AI video interview — for a commercial purpose, an employer must inform the individual and obtain consent, protect the data, and destroy it within a set period after the collection purpose ends. TRAIGA's 2025 amendments to CUBI, effective January 1, 2026, add an AI-model-training exception and clarify that media appearing publicly online does not by itself constitute consent unless the individual made it public. Enforcement of both TRAIGA and CUBI is exclusive to the Texas Attorney General; CUBI carries civil penalties up to $25,000 per violation. Employers already compliant with a strict biometric regime such as Illinois BIPA will generally meet CUBI's consent requirements.
- What AI rules apply to hiring in Texas? Texas does not currently have a private-sector AI hiring disclosure or candidate opt-out law comparable to Illinois, Colorado, or NYC Local Law 144. Texas HB-2060 was a state-agency AI advisory and inventory law, not an employer hiring rule. The main Texas AI law for private employers is HB-149 (TRAIGA), effective January 1, 2026: for hiring AI it matters mainly if the system is intentionally deployed to discriminate against protected classes or otherwise falls into TRAIGA's prohibited-practice categories. TRAIGA's biometric-identification and social-scoring prohibitions apply to government entities only — biometric consent for private-sector AI tools, such as video-interview face or voice capture, is governed by Texas's CUBI statute (Tex. Bus. & Com. Code §503.001), not TRAIGA. Employers using AI in Texas should still document the tool, human review points, bias controls, and any biometric consent process.
- Can I use AI for hiring in Illinois? Yes, but two distinct Illinois laws apply. HB-3773 (effective January 1, 2026) amended the Illinois Human Rights Act to prohibit employers from using AI that discriminates against protected classes or uses zip codes as a proxy, and it requires notice to employees that AI is being used in employment decisions (recruitment, hiring, promotion, discipline, tenure, or terms and conditions). Separately, the Illinois Artificial Intelligence Video Interview Act (PA 101-0260, 820 ILCS 42), in effect since 2020, applies specifically when AI analyzes applicant video interviews: employers must notify the applicant, explain how the AI works, obtain written consent, limit video sharing to necessary evaluators, delete videos within 30 days of an applicant's request, and — per the 2022 amendment (PA 102-47) — report applicant racial/ethnicity data annually to DCEO. If AI hiring tools also capture biometric identifiers (e.g., facial geometry from video), the separate Illinois Biometric Information Privacy Act (BIPA) creates additional consent and liability obligations. Illinois employers using AI for any form of employment decision should map their process against all three regimes.
- Does Colorado require AI impact assessments? No longer. SB 26-189 (signed 2026-05-14) repealed and reenacted Colorado's AI Act, eliminating the impact-assessment requirement entirely. Colorado now instead requires deployers of automated decision-making technology (ADMT) to: give consumers clear interaction notice, disclose adverse consequential decisions within 30 days, allow correction of incorrect personal data, and provide meaningful human review and reconsideration. The statute formally takes effect 2026-08-12, but all compliance obligations — for deployers and developers alike — begin 2027-01-01.
- How should multistate employers comply with AI hiring laws? Multistate employers should baseline AI hiring workflows against the strictest active regimes, then layer state-specific rules. In practice, that means Illinois notice, consent, non-discrimination, and reporting obligations; Colorado ADMT interaction notice, adverse-outcome disclosure, data correction, and meaningful human review for consequential employment decisions beginning January 1, 2027; Minnesota profiling and data-protection-assessment obligations where covered; and Texas TRAIGA controls for prohibited discriminatory or biometric AI uses. Texas HB-2060 should not be treated as a private-employer hiring disclosure or opt-out law; it was a state-agency AI advisory and inventory statute.