TRAIGA FAQ — Everything Texas Businesses Need to Know
The Texas Responsible AI Governance Act went into effect January 1, 2026. These are the questions Texas business owners, HR professionals, and attorneys ask most often about what TRAIGA requires, who it covers, and what compliance looks like in practice. Every answer is written in plain English with no attorney jargon.
What is TRAIGA?
TRAIGA stands for the Texas Responsible AI Governance Act. It is a Texas state law signed by Governor Greg Abbott on June 22, 2025 that regulates how businesses develop and deploy artificial intelligence systems in Texas. The law went into effect January 1, 2026, making Texas one of the first states in the country to impose specific AI governance obligations on private businesses.
What does TRAIGA stand for?
TRAIGA stands for Texas Responsible AI Governance Act. It is formally codified as House Bill 149, 89th Texas Legislature, Regular Session 2025, and is now part of the Texas Business and Commerce Code as the Artificial Intelligence Protection subtitle.
When did TRAIGA go into effect?
TRAIGA went into effect on January 1, 2026. It was signed into law on June 22, 2025, giving businesses approximately six months to prepare for compliance. The law is currently in effect and enforceable by the Texas Attorney General.
Who signed TRAIGA into law?
Texas Governor Greg Abbott signed TRAIGA into law on June 22, 2025. The bill was sponsored in the Texas House by Representative Giovanni Capriglione. It passed the Texas Legislature with bipartisan support before being sent to the Governor.
Does TRAIGA apply to my small business?
TRAIGA applies to any business that deploys an AI system in a consequential decision affecting a Texas resident. If you use any major hiring platform, scheduling software, background check service, tenant screening tool, or CRM with AI features, you are almost certainly a TRAIGA deployer. The law does not have a small business exemption based on size. However, the reasonable care compliance standard is calibrated to what a business can accomplish given its resources.
What is a TRAIGA deployer?
A TRAIGA deployer is any person or business that uses an AI system in Texas in a consequential decision affecting a Texas resident. You do not have to build AI to be a deployer. If you subscribe to a platform that uses AI and that platform influences consequential decisions about employees, customers, applicants, or tenants, you are a deployer under TRAIGA.
What is a consequential decision under TRAIGA?
A consequential decision under TRAIGA is one that has a material legal or similarly significant effect on a person. This includes decisions about employment, credit, housing, insurance, healthcare, and access to essential services. If the outcome of an AI-assisted process could significantly help or hurt a Texas resident in one of these areas, it is almost certainly a consequential decision under TRAIGA.
Does TRAIGA apply to out-of-state businesses?
Yes. TRAIGA applies to any person or entity that conducts business in Texas, produces a product or service used by Texas residents, or develops or deploys an AI system in Texas. This means out-of-state and international businesses whose AI systems affect Texas residents are covered by the law, even if the business has no physical presence in Texas.
Does TRAIGA apply if I only use third-party AI software?
Yes. TRAIGA's deployer obligations apply to businesses that use AI systems, not just those that build them. If you use Indeed, Workday, Checkr, Salesforce, or any other platform that uses AI in consequential decisions affecting Texas residents, you are a TRAIGA deployer regardless of whether you built the AI yourself.
Does TRAIGA apply to restaurants?
Yes. Texas restaurants using AI-assisted scheduling platforms like 7shifts, HotSchedules, Deputy, or When I Work are TRAIGA deployers. Additionally, any restaurant that has posted jobs on Indeed, ZipRecruiter, or similar AI-powered hiring platforms is a TRAIGA deployer for those hiring decisions.
Does TRAIGA apply to construction companies?
Yes. Texas construction companies using Procore, Buildertrend, major job platforms, or background check services are TRAIGA deployers. Any construction company that uses AI-assisted platforms to hire workers, screen subcontractors, or manage workforce has TRAIGA compliance obligations.
Does TRAIGA apply to landlords?
Yes. Texas landlords using AI-assisted tenant screening platforms like TransUnion SmartMove, RentSpree, or similar services are TRAIGA deployers. Housing decisions are explicitly within the category of consequential decisions that TRAIGA governs.
Does TRAIGA apply to trucking companies?
Yes. Texas trucking companies using AI-assisted load matching platforms like DAT or Truckstop, driver performance scoring systems like Motive or KeepTruckin, or AI-assisted hiring platforms are TRAIGA deployers. Driver scoring decisions that affect employment or income are consequential decisions under the law.
What does TRAIGA require businesses to do?
TRAIGA requires deployers to take reasonable steps to understand the AI systems they use, document their vendor relationships, implement human oversight of AI-assisted decisions, provide appropriate disclosures, and maintain a certified compliance record. The specific steps include identifying AI vendors, sending formal documentation requests, documenting vendor responses, implementing human review of AI outputs, and maintaining a dated auditable record of all compliance activities.
What is a TRAIGA vendor demand letter?
A TRAIGA vendor demand letter is a formal written request sent to an AI platform vendor asking for their AI governance documentation. The letter should be addressed to the vendor's legal or compliance department, cite TRAIGA by name, request specific documentation about the AI system's operation and bias testing, and set a response deadline. Sending and documenting these letters is a core component of a defensible TRAIGA compliance record.
What should a TRAIGA compliance record include?
A TRAIGA compliance record should include a documented inventory of all AI vendors used in consequential decisions, copies of formal documentation requests sent to each vendor with dates, documentation of vendor responses or non-responses, records of human review of AI outputs before decisions were made, consumer or employee disclosure records, and timestamps and cryptographic verification for all documents. Static PDF templates are not sufficient — the record needs verifiable dates and tamper-evident documentation.
Does TRAIGA require impact assessments?
TRAIGA does not explicitly require annual impact assessments in the specific format that Colorado's AI Act does. However, TRAIGA's reasonable care standard and its NIST AI RMF safe harbor effectively require documented risk assessment. Businesses aligned with NIST AI RMF will have conducted assessments that satisfy the reasonable care standard. Impact assessments are strongly recommended as part of any defensible TRAIGA compliance program.
Do I have to disclose AI use to employees under TRAIGA?
TRAIGA's explicit disclosure requirements apply primarily to government agencies interacting with consumers and healthcare providers treating patients. Private employers are not explicitly required to disclose AI use to employees or job applicants under the current text of TRAIGA. However, documenting disclosures as part of a reasonable care compliance posture is recommended and may become increasingly expected as enforcement guidance develops.
What is the fine for violating TRAIGA?
TRAIGA's civil penalties are: $10,000 to $12,000 per curable violation, $80,000 to $200,000 per uncurable violation, and $2,000 to $40,000 per day for continuing violations. The per-violation structure means that a single AI deployment affecting thousands of people could generate thousands of separate violations. These penalties are assessed by the Texas Attorney General after the enforcement process is complete.
Can I be sued under TRAIGA?
TRAIGA does not create a private right of action, which means individuals cannot sue businesses directly for TRAIGA violations. Only the Texas Attorney General can bring enforcement actions under TRAIGA. However, violations of TRAIGA may support claims under other Texas laws that do allow private lawsuits, and the lack of a private right of action does not eliminate litigation risk entirely.
Does TRAIGA have a private right of action?
No. TRAIGA explicitly states that there is no private right of action. Only the Texas Attorney General has authority to bring enforcement actions under the law. Individuals who believe a business violated TRAIGA can submit complaints to the AG's complaint portal once it is operational, but they cannot sue the business directly under TRAIGA.
What is the TRAIGA cure period?
TRAIGA provides a 60-day cure period after the Texas AG issues a written notice of violation. During this period, the business must cure the violation, provide documentation showing how it was cured, and explain what changes were made to prevent recurrence. If the business cures the violation within 60 days, the AG may decline to pursue further enforcement. If the violation is not cured, enforcement action and civil penalties can follow.
Has the Texas AG filed any TRAIGA enforcement actions?
As of April 2026, no formal TRAIGA enforcement actions have been publicly reported. The Texas AG's complaint portal, which is required to be operational by September 1, 2026, is still being built. The absence of formal enforcement actions reflects the mechanics of the law's enforcement process, not a lack of enforcement intent. The AG's office has been actively building enforcement infrastructure since the law was signed.
When will the TRAIGA complaint portal be available?
TRAIGA requires the Texas Attorney General to have a consumer complaint portal operational by September 1, 2026. Once the portal opens, Texas residents who believe a business violated TRAIGA can submit complaints directly to the AG's office. Legal observers expect the first formal enforcement actions to follow within months of the portal's launch.
What is the TRAIGA safe harbor?
TRAIGA provides an explicit affirmative defense for businesses that substantially comply with the NIST AI Risk Management Framework or another nationally or internationally recognized AI risk management framework. A business that can demonstrate NIST AI RMF alignment has the strongest available defense against TRAIGA enforcement actions.
Does NIST AI RMF compliance protect me under TRAIGA?
Yes. TRAIGA explicitly provides that substantial compliance with the NIST AI Risk Management Framework serves as an affirmative defense against enforcement actions. This is one of the strongest safe harbors available under TRAIGA. Businesses that document their NIST AI RMF alignment — particularly the Govern, Map, Measure, and Manage functions — are in the best possible legal position under the law.
What happens if my AI vendor does not respond to my compliance request?
Vendor non-response does not eliminate your TRAIGA compliance obligation but it does satisfy a portion of it. A business that sent a formal dated request, set a response deadline, logged the non-response, sent a follow-up, and continued to implement human oversight of the vendor's AI output has demonstrated reasonable care. The vendor's silence becomes part of your compliance record showing that you took every step available to you and the vendor was the limiting factor.
Will federal law override TRAIGA?
As of April 2026, TRAIGA is in effect and no federal law has overridden it. Congress has twice rejected federal AI preemption proposals — the Senate voted 99 to 1 to remove a 10-year moratorium from the One Big Beautiful Bill Act, and Congress declined to include preemption in the 2025 National Defense Authorization Act. A December 2025 executive order directing the DOJ to challenge state AI laws faces significant legal hurdles. TRAIGA remains enforceable until a court or Congress says otherwise.
What did the Trump executive order do to TRAIGA?
President Trump signed an executive order in December 2025 establishing an AI Litigation Task Force within the DOJ and directing federal agencies to challenge state AI laws deemed onerous. The executive order also conditions some federal funding on states not enforcing certain AI regulations. However, an executive order cannot preempt a state law by itself — only Congress or a court ruling can do that. TRAIGA remains in effect.
Did Congress pass a moratorium on state AI laws?
No. Congress has twice declined to pass a moratorium on state AI laws. The Senate voted 99 to 1 to remove a 10-year moratorium from the One Big Beautiful Bill Act in July 2025. Congress also declined to include a similar moratorium in the 2025 National Defense Authorization Act. As of April 2026, no federal moratorium on state AI laws is in effect.
Is TRAIGA still in effect?
Yes. TRAIGA is in effect as of January 1, 2026 and remains fully enforceable. No court has invalidated the law, no federal legislation has preempted it, and the Texas Attorney General has not indicated any intention to suspend enforcement. Businesses operating in Texas or serving Texas residents must comply with TRAIGA now.
Does using Indeed trigger TRAIGA compliance?
Yes. Indeed uses AI to rank and recommend job applicants. Every Texas employer that uses Indeed to post jobs and review candidates is a TRAIGA deployer for those hiring decisions. Texas employers using Indeed should send a formal TRAIGA documentation request to Indeed's legal department, implement human review of AI-generated candidate rankings, and maintain a compliance record.
Does using Checkr trigger TRAIGA compliance?
Yes. Checkr uses AI in its background screening workflow including automated adverse action flagging, continuous monitoring, and report generation. Texas employers using Checkr to screen job applicants or employees are TRAIGA deployers and must send documentation requests to Checkr, implement human review of screening reports before taking adverse action, and maintain a compliance record.
Does using Workday trigger TRAIGA compliance?
Yes. Workday uses AI across its talent acquisition, performance management, skills inference, workforce planning, and compensation modules. Texas employers using any of Workday's AI-enabled HR features in consequential employment decisions are TRAIGA deployers. The compliance obligation covers each AI-enabled module separately.
Does using Salesforce trigger TRAIGA compliance?
It depends on how you use it. Salesforce Einstein and Salesforce's AI features use machine learning to score leads, recommend actions, and prioritize customer interactions. If your use of Salesforce's AI features influences decisions about which customers receive services, credit, or other consequential outcomes, that use triggers TRAIGA compliance obligations.
How long does it take to build a TRAIGA compliance record?
Building an initial TRAIGA compliance record typically takes a few hours to a few days depending on how many AI vendors your business uses. The process involves identifying your AI vendors, drafting and sending documentation requests, waiting for vendor responses (30 days), implementing human review protocols, and organizing your compliance file. Ongoing maintenance takes roughly 30 minutes per month to log new vendor communications and review activities.
What is the difference between TRAIGA and the Colorado AI Act?
TRAIGA is intent-based — it focuses on whether AI was deliberately deployed to harm, discriminate, or manipulate. The Colorado AI Act is impact-based — it focuses on whether AI could cause algorithmic discrimination regardless of intent. Colorado requires annual impact assessments and a specific appeal process that TRAIGA does not mandate. TRAIGA has an explicit NIST AI RMF safe harbor that Colorado does not. Both laws apply to deployers of AI in consequential decisions, but Colorado's compliance requirements are more procedurally detailed.
This FAQ is for informational purposes and does not constitute legal advice. For legal advice specific to your situation, consult a licensed Texas attorney. Last updated April 2026.