What TRAIGA Actually Requires The Plain English Guide Every Texas Business Needs

A new Texas law went into effect on January 1, 2026. It carries a $200,000 fine per violation. And the overwhelming majority of Texas small businesses that it applies to have never heard of it.

That is not an exaggeration. That is the current state of TRAIGA compliance in Texas.

This guide exists to change that. No legal jargon. No attorney billing by the hour. Just a plain-language explanation of what TRAIGA requires, who it applies to, and what you can actually do about it today.

What Is TRAIGA?

TRAIGA stands for the Texas Responsible AI Governance Act. It is a state law that went into effect January 1, 2026, making Texas one of the first states in the country to impose specific compliance obligations on businesses that use artificial intelligence in consequential decisions.

The law was designed to ensure that businesses deploying AI — or using AI-powered platforms — take reasonable steps to understand how that AI works, document their vendor relationships, and protect the people affected by AI-assisted decisions.

The critical point most businesses miss: you do not have to build AI to be covered by TRAIGA. If you use a platform that uses AI — and you almost certainly do — you are a TRAIGA deployer.

Who Does TRAIGA Apply To?

TRAIGA applies to any business operating in Texas that uses an AI system in a consequential decision affecting a Texas resident. A consequential decision is one that has a material effect on someone's legal rights, economic situation, or access to services.

In plain English, that means:

Hiring and employment — If you use Indeed, LinkedIn Recruiter, ZipRecruiter, Workday, HireVue, or any platform that uses AI to rank, score, filter, or recommend job applicants, you are a TRAIGA deployer. Every major job platform now uses AI. This is not optional or hidden — it is a core feature of how these platforms work.

Customer lending and credit — If you use any AI-assisted tool to evaluate loan applications, set credit terms, or make eligibility decisions, TRAIGA applies.

Insurance — If you use AI-assisted underwriting, claims processing, or risk scoring tools, TRAIGA applies.

Healthcare — AI-assisted scheduling, triage, and clinical decision support tools qualify.

Real estate — AI-assisted tenant screening, property matching, and pricing algorithms qualify.

Customer service and marketing — AI tools that make or influence decisions about which customers receive offers, pricing, or service qualify.

The honest answer to "does TRAIGA apply to my business" is: if you use Salesforce, HubSpot, QuickBooks, Shopify, Square, or any major SaaS platform released or updated in the last three years, the answer is almost certainly yes. Every major software vendor has embedded AI into their core product. You are using it whether you realize it or not.

What Does TRAIGA Actually Require You to Do?

Here is where most coverage of TRAIGA gets overly complicated. The law's core requirement for a small business deployer is actually straightforward when you strip away the legal language.

Step 1 — Identify your AI vendors. You need to know which platforms in your business use AI in consequential decisions. This is your AI vendor inventory. It does not need to be exhaustive on day one, but it needs to exist and be documented.

Step 2 — Send formal documentation requests to each vendor. TRAIGA requires you to take reasonable steps to understand how your vendors' AI systems work. The mechanism for this is a formal written request asking the vendor to provide their AI governance documentation — their bias audit results, their model documentation, their compliance posture.

This is the step most businesses don't know about. You cannot simply use Indeed and assume you are covered. You must formally ask Indeed to document their AI compliance. That request needs to be in writing, dated, and kept as part of your compliance record.

Step 3 — Document the vendor's response. Whether the vendor responds fully, responds evasively, or does not respond at all, you document it. A vendor that refuses to provide compliance documentation is itself a piece of evidence in your compliance record — it shows you asked and they declined.

Step 4 — Implement human oversight. TRAIGA requires that AI-assisted consequential decisions have a human in the loop. For a small business, this means having a named person who reviews AI-generated rankings or recommendations before acting on them. For hiring, it means the owner or hiring manager personally reviews the AI-generated candidate list before making contact decisions. This process needs to be documented.

Step 5 — Issue consumer disclosures. When you use AI in a process that affects someone — a job applicant, a customer, a tenant — you are required to disclose that AI was used. This disclosure needs to be in writing and kept as part of your record.

Step 6 — Maintain a certified compliance record. All of the above needs to be kept as a dated, auditable record. Not a folder of PDFs. Not a spreadsheet. A documented, timestamped record that you can produce if you are ever subject to an enforcement action.

What Is the Penalty for Non-Compliance?

The maximum fine under TRAIGA is $200,000 per violation.

That is not a theoretical number. It is the statutory maximum that the Texas Attorney General can pursue against a non-compliant business. For a small business, that is potentially an existential event.

It is worth noting that the Texas AG's office has not yet issued formal enforcement guidance or pursued public enforcement actions since the law took effect January 1st. That window of relative quiet will not last indefinitely. The plaintiff bar is already organized around AI employment law in other jurisdictions — New York City's similar law has generated demand letters and settlements since 2023. The infrastructure for TRAIGA enforcement is being assembled right now.

The businesses that will be least exposed when enforcement begins are the ones that built their compliance records before the first demand letter arrived.

What the Law Does NOT Require

This is equally important, because much of the anxiety around TRAIGA comes from misunderstanding its scope.

TRAIGA does not require you to:

• Audit Indeed's algorithm or demand access to their training data
• Fix the AI in your vendors' platforms
• Build your own AI governance infrastructure
• Hire a compliance officer or an attorney
• Achieve perfect compliance with every provision of a complex regulatory framework

What TRAIGA requires of a small business is reasonable care — a legal standard explicitly calibrated to what you can actually accomplish given your size, resources, and leverage. A 12-person roofing company is not held to the same standard as JPMorgan Chase.

Reasonable care means you identified your AI vendors, you asked them for documentation, you noted what they said, you told your job applicants that AI was used, and you had a human review the AI output before acting on it. That is it. That is the complete reasonable care compliance posture for a small Texas business.

TRAIGA.news is an independent publication covering the Texas Responsible AI Governance Act. This article is for informational purposes and does not constitute legal advice. For legal advice specific to your situation, consult a licensed Texas attorney.