LIVE NOW — Effective January 1, 2026
Texas TRAIGA
(HB 149)
The Texas Responsible AI Governance Act is law. Penalties reach up to $200,000 per uncurable violation plus up to $40,000/day for continuing violations. Five affirmative defense grounds reference NIST AI RMF — but you need evidence, not just policies.
What the law says
Prohibited AI practices
- • Behavioral manipulation — AI that incites self-harm, harm to others, or criminal activity (applies to all entities)
- • Social scoring — government AI that classifies persons based on social behavior (government entities only)
- • Discrimination — AI used to intentionally discriminate against protected classes
- • Unauthorized biometrics — government capture without consent
- • Constitutional infringement — AI designed to infringe constitutional rights
- • CSAM — AI-generated sexually explicit content involving minors
Disclosure requirements
- • Government agencies: Must disclose AI use before or at time of consumer interaction — clear, conspicuous, plain language, no dark patterns
- • Healthcare providers: Must disclose AI use no later than when service is first provided; in emergencies, as soon as reasonably possible
- • Private companies: No general disclosure obligation (unlike Colorado/EU)
Companion bill SB 1188 adds human oversight requirements for AI in medical decisions; our healthcare page covers the runtime evidence behind that oversight.
Where this bites first: hiring. AI in employment decisions is the clearest discrimination exposure under TRAIGA, and the affirmative defenses turn on evidence of testing and controls. See how signed runtime evidence works for hiring AI.
Penalties (Section 552.105)
AG enforcement with injunctive relief + attorney's fees. Licensed professionals face additional sanctions up to $100K (Section 552.106). 60-day notice and cure period before AG action (Section 552.104).
Five affirmative defense grounds (Section 552.105(e))
TRAIGA establishes five grounds for affirmative defense, including NIST AI RMF compliance which creates a rebuttable presumption of reasonable care (Section 552.105(c)):
1. Third-party misuse — not liable if another person uses the AI system in a prohibited manner
2. Discovery through feedback — violation discovered via feedback from developers, deployers, or other persons
3. Discovery through testing — including adversarial and red-team testing
4. Agency guidelines — following guidelines set by applicable state agencies
5. Framework compliance — substantial compliance with NIST AI RMF (AI 600-1) or another nationally/internationally recognized framework
How GLACIS activates your defense
GLACIS provides the NIST AI RMF evidence trail needed to substantiate your affirmative defense under TRAIGA. Framework compliance (defense ground #5) requires evidence of NIST AI RMF adherence — not just documentation — proof.
1. Assess your gaps
The 30-day Sprint maps one named AI workflow against TRAIGA requirements and NIST AI RMF controls.
2. Continuous attestation
Every AI decision generates a cryptographic receipt, countersigned by an independent witness. Tamper-evident. Zero data egress.
3. Activate your defense
Your evidence trail is audit-ready on day one. When the AG comes knocking, you have the proof to substantiate all five affirmative defense grounds under Section 552.105(e).
TRAIGA’s affirmative defenses turn on evidence of testing and framework adherence; signed runtime receipts are that record.