Texas Passes TRAIGA: A New Template for State AI Regulation

texas state-law traiga April 21, 2025 · by Priya Vasquez

Governor Abbott signed the Texas Responsible Artificial Intelligence Governance Act (HB 149) on April 14, after a substantially revised version cleared both chambers in the 89th Legislature. The bill is the first comprehensive AI statute enacted by a Republican-led state, and reading it as a Texas-flavored Colorado SB 24-205 misses what is genuinely new. TRAIGA is a meaningfully different model.

Effective date and scope

TRAIGA takes effect January 1, 2026. It applies to "high-risk artificial intelligence systems" used to make or be a substantial factor in "consequential decisions" affecting Texas consumers — language deliberately tracking the Colorado statute. The categories are similar but not identical: TRAIGA's list excludes legal services and includes a more detailed treatment of insurance.

What is conceptually new in TRAIGA:

• Government use bucket. TRAIGA imposes specific obligations on Texas state agencies and local governments using AI systems, parallel to but distinct from the private-sector obligations. This is the first state statute to take this dual-track approach in earnest.
• "Behavioral manipulation" prohibition. TRAIGA prohibits AI systems "intentionally designed to manipulate human behavior in a manner that circumvents informed decision-making and causes harm." Read alongside the new Texas data privacy law and the existing UDAP statute, this is a serious provision. It is also conceptually adjacent to the EU AI Act's Article 5(1)(a) — a convergence I did not expect to see in Texas.
• Deepfake provisions. Integrates Texas's existing election-deepfake statute and adds civil-side provisions for nonconsensual intimate-image deepfakes, with statutory damages.
• Sandbox program. Creates a regulatory sandbox under the office of the AG, with up to thirty-six months of curated relief from specified Texas regulatory regimes for participating AI developers. The sandbox model has been borrowed from the U.K. and from Utah's broader sandbox program; it is the first time an AI-specific sandbox has been created at the state level.

Comparing TRAIGA to Colorado SB 24-205

Both statutes regulate "high-risk" AI in "consequential decisions" via a developer/deployer split, with AG enforcement and an affirmative defense for adherence to recognized risk management frameworks. Both take effect in 2026. So far so similar.

The differences worth noting:

1. Behavioral manipulation prong. Colorado has nothing like this. TRAIGA's prohibition is an additional, freestanding obligation applicable to all AI systems, not just high-risk ones.
2. Government coverage. Colorado largely exempts state agencies from substantive obligations. TRAIGA covers them.
3. Sandbox. Colorado has none. Texas's is a meaningful operational provision.
4. Disclosure scope. TRAIGA's pre-deployment notification obligation is narrower than Colorado's — limited to consequential decisions where the AI is a "primary basis," rather than a "substantial factor."
5. Penalty structure. TRAIGA caps penalties at $200,000 per violation with daily continuing-violation increments. Colorado's penalties are at the AG's discretion under the broader consumer protection regime, potentially much larger.
6. Affirmative defense. Colorado names NIST AI RMF and ISO 42001. TRAIGA names NIST AI RMF and a specific Texas-developed framework that the AG is to publish by mid-2025. Watch the Texas framework drafting closely.

The political read

TRAIGA passing under Republican leadership matters because it forecloses one of the easier objections to AI regulation in red states — that AI regulation is a Democratic project hostile to innovation. TRAIGA's drafters explicitly framed it as a pro-innovation statute (sandbox program, narrower scope, regulatory clarity). The framing has substance behind it; the bill is genuinely lighter-touch than its Colorado counterpart in important respects.

The implication: expect more Republican-led state AI legislation in 2025-26 than the post-November narrative suggested. Florida, Tennessee, and Georgia have bills in early-stage drafting that we expect to track TRAIGA. The patchwork problem is going to deepen, but with Texas having added a meaningful template, the patchwork will at least have two recognizable patterns rather than fifteen ad hoc ones.

The behavioral manipulation prohibition

Worth an extended note. TRAIGA's behavioral-manipulation prohibition is much narrower than the EU AI Act's Article 5(1)(a) — it requires intent and actual harm — but it is meaningful. Practical implications:

• Plaintiffs' bar will use it. Texas has aggressive plaintiffs' firms in the consumer-protection space, and the statute has private-right-of-action provisions for some violations.
• It will be litigated against advertising-tech targeting practices. The "informed decision-making" language is broad enough to support that argument; whether Texas courts will accept it is a different question.
• The intent requirement will do most of the limiting work. Discovery into design choices will be the battleground.

Sandbox program: actually useful?

Sandboxes have a mixed track record at producing meaningful innovation outcomes. Most have ended up being structured mostly as PR vehicles or as informal liaison programs. The TRAIGA sandbox is more ambitious — actual enforcement-relief authority under specified statutes — and is anchored in the AG's office, which gives it teeth. We expect the first cohort to be heavily oversubscribed and the program to be one of the early successes of the statute, regardless of the substantive impact of the regulatory provisions. Watch the program's RFP, which the AG is supposed to issue by the end of 2025.

Action items

For practitioners with Texas exposure: TRAIGA's January 1, 2026 effective date is closer than it sounds. The compliance build-out is similar to but not identical to Colorado's. If your client has both Colorado and Texas operations, mapping the two statutes side-by-side and building a unified compliance program is the right move. The Texas-published risk management framework, due mid-2025, will be the document that determines how usable the affirmative defense is.