Texas AI Compliance Requirements in 2026: The Complete Regulatory Map
Texas didn't pass one AI law — it passed four. TRAIGA (HB 149) gets the headlines, but SB 1964, SB 1188, and HB 3512 create additional obligations for government agencies and healthcare providers that most compliance guides overlook. This is the complete 2026 regulatory map.
The Four Texas AI Statutes in Effect
1. TRAIGA — HB 149 (All Deployers)
The Texas Responsible AI Governance Act is the baseline. It applies to every organization that deploys AI systems affecting people in Texas. Core requirements:
- Prohibited practice screening. Seven categories of AI use are prohibited by intent — subliminal manipulation, vulnerability exploitation, social scoring, biometric categorization, real-time biometric ID, predictive policing, and workplace emotion inference.
- NIST AI RMF alignment. Not mandatory, but recognized as an affirmative defense under Section 546.103. This is the strongest compliance signal you can build.
- 60-day cure period. After AG notification of a violation, you have 60 days to remediate and demonstrate good faith.
- Penalties. Up to $200,000 per violation, enforced exclusively by the Texas AG.
2. SB 1964 — AI Ethics Code (Government Agencies)
Mandatory for all Texas state agencies and local government entities:
- AI ethics code adoption. Agencies must adopt a formal ethics code governing AI use, aligned with DIR (Department of Information Resources) guidance.
- Public AI system inventory. Every AI system used by the agency must be cataloged and made available for public review.
- Heightened scrutiny assessments. AI systems used in critical decisions (law enforcement, benefits, licensing) require documented risk assessments with increased oversight.
- Annual reporting. Agencies report AI usage, incidents, and ethics code compliance to DIR.
3. SB 1188 — Healthcare AI Disclosure (Healthcare Providers)
Applies to any healthcare provider using AI in patient care in Texas:
- Pre-service disclosure. Patients must be informed before or at the time of service that AI is being used in their care.
- Conspicuous notice. Disclosures must be clear, visible, and free of dark patterns — no buried notices in fine print.
- Documentation. Providers must maintain records of all disclosures, including timestamps and acknowledgment.
- Scope. Covers diagnostic AI, triage AI, treatment recommendation systems, and AI-assisted documentation.
4. HB 3512 — Government AI Training (State Employees)
Applies to state employees who use computers for 25% or more of their job duties:
- Annual DIR-certified training. Employees must complete AI training through a program certified by the Department of Information Resources.
- Tracking and renewal. Training records must be maintained and certifications renewed annually.
- Fiscal year alignment. Training must be completed within each Texas fiscal year (September 1 – August 31).
How the Statutes Stack by Deployer Type
| Deployer Type | TRAIGA | SB 1964 | SB 1188 | HB 3512 |
|---|---|---|---|---|
| Private company | Yes | No | No* | No |
| State agency | Yes | Yes | No* | Yes |
| Local government | Yes | Yes | No* | Yes |
| School district | Yes | Yes | No | Yes |
| Healthcare provider | Yes | No | Yes | No |
| Insurance (regulated) | Partial | No | No | No |
| Financial (federal reg.) | Partial | No | No | No |
*Healthcare providers in any category also trigger SB 1188 if they use AI in patient care.
Key Deadlines and Timelines
- TRAIGA: Enforceable now. No grace period. Every day without compliance is a day of exposure.
- SB 1964: DIR ethics code guidance is published. Agencies should have adopted codes by now. Those that haven't are non-compliant.
- SB 1188: Effective now. Healthcare providers must have disclosure processes in place.
- HB 3512: FY2026 training must be completed by August 31, 2026. Q1-Q2 is the window to schedule and complete certifications.
What “Compliance” Actually Looks Like
Compliance isn't a document you produce once. It's a running state. In practice, a compliant Texas organization in 2026 has:
- A complete AI system inventory with risk classifications
- Documented prohibited practice screenings for each system
- Measurable NIST AI RMF alignment scores (Govern, Map, Measure, Manage)
- A cure response playbook with assigned roles and timelines
- Current evidence bundles that can be produced on demand
- Deployer-specific documentation (ethics codes, disclosure records, training logs) if applicable
- Active regulatory monitoring for legislative and AG enforcement updates
TXAIMS builds and maintains this entire compliance posture automatically, tailored to your deployer type.
Related Resources
- TRAIGA Is Already In Effect — the compliance clock is ticking
- The Complete Guide to TRAIGA (HB 149) — section-by-section law breakdown
- Texas AI Compliance Framework: Step-by-Step — the systematic path
- NIST AI RMF: Your Affirmative Defense — building the safe harbor
- Healthcare AI Compliance — SB 1188 specifics for providers
- Government AI Compliance — SB 1964 + HB 3512 for agencies
Ready to automate your TRAIGA compliance?
TXAIMS screens your AI systems, builds your NIST defense, and generates evidence bundles in minutes.
Start 14-day free trial