TRAIGA Enforcement: What the Texas AG Has and Has Not Done And What Comes Next

Three months have passed since TRAIGA took effect on January 1, 2026. The Texas Attorney General has not yet filed a formal enforcement action under the new law. No civil investigative demands have been publicly reported. No notices of violation have been disclosed.

For Texas businesses that have not yet begun building TRAIGA compliance records, the absence of enforcement activity might feel like permission to continue waiting. It is not.

Here is what the current enforcement landscape actually looks like — and what the near-term picture is likely to be.

Why There Are No Enforcement Actions Yet

TRAIGA's enforcement mechanism has a built-in lag. Before the Texas AG can pursue any enforcement action, three things must happen in sequence.

First, the AG must receive a consumer complaint. TRAIGA requires the AG to create and maintain an online mechanism for consumers to submit complaints. That portal is still being built — the statute requires it to be operational by September 1, 2026. Without the complaint portal, the primary channel through which violations reach the AG is not yet open.

Second, after receiving a complaint, the AG may issue a civil investigative demand requesting detailed information about the AI system involved. This investigation takes time.

Third, if the AG determines a violation has occurred, it must provide written notice to the alleged violator and allow a 60-day cure period before any enforcement action can be filed. The AG cannot skip this step.

The practical result of this sequence is that even if the AG received a TRAIGA complaint on January 2nd, the earliest a formal enforcement action could be filed — accounting for investigation time and the mandatory cure period — would be several months later. The absence of filed actions three months in reflects the mechanics of the law, not the absence of enforcement intent.

What the AG's Office Is Actually Doing

The Texas Attorney General has not been passive on AI enforcement. The office has been actively building its TRAIGA enforcement infrastructure since the law was signed in June 2025.

The Texas Department of Information Resources is developing detailed rules for the regulatory sandbox program. The AG's office is staffing its enforcement operations and building the technical capacity to evaluate AI system documentation. State agencies are training staff and developing AI disclosure policies required by the law's government transparency provisions.

Legal observers watching the Texas AG's enforcement posture have noted that the office has a track record of pursuing high-visibility technology enforcement actions. The AG has filed lawsuits against major technology companies in recent years related to data privacy and biometric data practices. AI enforcement is expected to follow a similar pattern — prioritizing high-visibility cases that establish precedent and signal enforcement priorities to the broader market.

The Per-Violation Math

One aspect of TRAIGA enforcement that most businesses have not fully absorbed is the per-violation penalty structure. The law does not set a single fine for non-compliance. It sets penalties that accrue per violation.

The penalty tiers under TRAIGA are:

For curable violations: $10,000 to $12,000 per violation. For uncurable violations: $80,000 to $200,000 per violation. For continuing violations: $2,000 to $40,000 per day the violation continues.

The per-violation structure means that a single AI deployment affecting thousands of people could generate thousands of separate violations. A company that uses an AI hiring tool to process 1,000 job applications — if that tool is found to have intentionally discriminated against a protected class — faces potential liability calculated per applicant affected, not as a single aggregate fine.

The law's sponsor, State Representative Giovanni Capriglione, has specifically noted this structure in public statements. The comparison to the Illinois Biometric Information Privacy Act is instructive — BIPA's per-scan penalty structure generated billions of dollars in class action litigation before the Illinois legislature reformed it in 2024. TRAIGA's per-violation structure is designed with similar teeth.

The Federal Preemption Threat

TRAIGA's enforcement outlook is complicated by a significant federal development. Congress is currently considering legislation that would impose a ten-year moratorium on state AI regulation. If enacted, this measure would override TRAIGA and suspend its enforcement mechanisms, replacing state-level AI governance with federal standards — which do not yet exist in comprehensive form.

The moratorium proposal has generated significant opposition from state legislators including Representative Capriglione, who has publicly stated he does not support federal preemption of TRAIGA. The Texas AG's office is expected to defend the law's constitutionality aggressively if challenged.

The federal preemption question creates genuine uncertainty for businesses trying to build long-term compliance strategies. However, legal observers across the political spectrum note that federal preemption legislation faces significant procedural and political hurdles. TRAIGA is likely to remain in force through at least 2026.

What Businesses Should Take Away from the Current Enforcement Gap

The three-month absence of formal TRAIGA enforcement actions is not a compliance grace period. It is a window.

The businesses that will be in the strongest position when enforcement begins — and enforcement will begin — are the ones that built their compliance records before the first demand letter arrived. A company that can show the AG a dated, documented record of AI vendor identification, formal documentation requests, vendor responses, human oversight protocols, and consumer disclosures is in a fundamentally different legal position than a company that began its compliance efforts after receiving a civil investigative demand.

The cure period — 60 days after the AG's written notice — sounds generous. In practice, it requires a business to build in 60 days what should have been built over months. Companies that have done no preparation will struggle to produce meaningful compliance documentation in 60 days. Companies that have been building records since January will simply point to what already exists.

The Complaint Portal Timeline

The AG is required to have the consumer complaint portal operational by September 1, 2026. That date represents a meaningful inflection point in TRAIGA enforcement. Once the portal opens, consumers who have been affected by AI-assisted decisions — job applicants who were rejected, tenants who were screened out, customers who were denied service — will have a formal channel to submit complaints.

The plaintiff bar is watching this portal development closely. Consumer advocacy organizations that have been tracking AI discrimination in employment and lending are preparing to use the portal systematically once it opens. The first formal TRAIGA enforcement actions are likely to follow within months of the portal's launch.

September 1, 2026 is five months away.

This article is for informational purposes and does not constitute legal advice. For advice specific to your situation, consult a licensed Texas attorney.