Privacy & Information Security Law Blog

On May 30, 2025, the Texas legislature passed the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”). TRAIGA imposes a number of requirements and restrictions related to “artificial intelligence systems” (“AI systems”), which term is defined as  “any machine-based system that, for any explicit or implicit objective, infers from the inputs the system receives how to generate outputs, including content, decisions, predictions, or recommendations, that can influence physical or virtual environments.” TRAIGA awaits signature by Governor Abbott.

TRAIGA adds to the state’s Business & Commerce Code a subtitle related to “Artificial Intelligence Protection” (the “AI Subtitle”). The AI Subtitle applies to a person who (1) promotes, advertises or conducts business in Texas; (2) produces a product or service used by residents of Texas; or (3) develops or deploys an AI system in Texas. Many of the AI Subtitle’s provisions apply only to government agencies, such as those:

• requiring disclosure of AI systems to consumers;
• prohibiting use of AI systems that evaluate or classify persons based on social behavior or personal characteristics to calculate or assign a social score; and
• prohibiting developing or deploying an AI system for the purpose of uniquely identifying a specific individual using biometric data or the targeted or untargeted gathering of images or other media from the Internet or any other publicly available source without the individual’s consent.  

The AI Subtitle also contains provisions that apply to any person subject to the law (i.e., not just government entities), which establish prohibited uses for AI systems. 

These prohibited uses include developing or deploying an AI system:

• in a manner that intentionally aims to incite or encourage a person to commit physical self-harm, including suicide, harm another person, or engage in criminal activity;
• with the sole intent for the system to infringe, restrict, or otherwise impair an individual's rights guaranteed under the U.S. Constitution; or
• with the intent to unlawfully discriminate against a protected class in violation of state or federal law.

In addition, a person may not develop or distribute an AI system (1) with the sole intent of producing, assisting or aiding in producing, or distributing certain sexually explicit content and child pornography; or (2) that engages in text-based conversations that simulate or describe sexual conduct while impersonating or imitating a child under 18.

The Texas Attorney General has exclusive authority to enforce the AI Subtitle and is required to provide notice and a 60-day cure period before bringing an action. Violations of the AI Subtitle are subject to penalties of up between $10,000 and $12,000 for each violation a court determines to be curable or a breach of a statement to the Texas Attorney General under TRAIGA, or between $80,000 and $200,000 for each violation a court determines to be uncurable. Continued violations are subject to penalties between $2,000 and $40,000 for each day the violation continues.

In addition to the AI Subdivision, TRAIGA also contains provisions related to the creation of a regulatory sandbox program and an AI intelligence Council. TRAIGA also amends two existing Texas laws to incorporate requirements and carveouts related to AI systems:

• TRAIGA amends the state’s existing Capture Or Use Of Biometric Identifier (“CUBI”) Act, to include certain carve outs for biometric identifiers processed in connection with AI systems. Under the amended law, CUBI does not apply to (1) the training, processing or storage of biometric identifiers involved in developing, training, evaluating, disseminating, or otherwise offering AI models or systems, unless a system is used or deployed for the purpose of uniquely identifying a specific individual; or (2) the development or deployment of an AI model or system for certain purposes, such as preventing, detecting, protecting against, or responding to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any other illegal activity.
• TRAIGA also amends provisions of the Texas Data Privacy and Security Act related to processor’s obligations to assist controllers with complying with requirements related to the personal data collected, stored, and processed by an AI system.

If signed by the Governor (or not vetoed), TRAIGA will take effect January 1, 2026.