Texas AI Law FAQ: Every “People Also Ask” Question Answered

When you search for Texas AI law information, Google surfaces dozens of “People Also Ask” questions — and most answers come from law firms, not compliance platforms. This FAQ captures every high-intent PAA question we've seen in SERPs for Texas AI law queries, with concise, snippet-ready answers that put TXAIMS in front of the traffic your organization needs. These questions represent real search volume: people typing “how to comply with Texas AI law,” “what companies need to know about TRAIGA,” and “does TRAIGA apply to my business” — high-intent queries that convert when you provide clear, actionable answers.

Whether you're a compliance officer building your TRAIGA program, a legal team researching multi-state obligations, or a healthcare provider navigating SB 1188 disclosure requirements, these answers are designed to rank for the exact questions your peers are asking. Each section links to deeper guides for implementation. We've structured each answer so the first paragraph is snippet-ready — Google often extracts the opening sentence for “People Also Ask” and featured snippet display. The FAQ schema markup at the bottom of this page helps search engines understand the Q&A structure and may surface individual answers in rich results. Rich results can increase click-through rates from search by displaying your answers directly in the SERP, driving more qualified traffic to your compliance resources and signup funnel.

Has Texas HB 1481 Passed?

If you're searching for HB 1481, you're likely looking for HB 149 — the Texas Responsible AI Governance Act (TRAIGA). HB 1481 is a commonly confused bill number; the correct Texas AI governance bill is HB 149. Yes, it passed. HB 149 was signed into law by Governor Abbott on September 1, 2025, and became fully enforceable on January 1, 2026.

The confusion stems from the 89th Texas Legislature session, where multiple AI-related bills were filed. HB 149 is the comprehensive one — the one that defines prohibited practices, establishes the NIST AI RMF affirmative defense, and carries penalties up to $200,000 per violation. The enforcement clock started January 1, 2026; the Texas Attorney General can bring actions now.

For the full breakdown of bill numbers, effective dates, and compliance implications, see our HB 1481 vs HB 149 explainer.

What Is House Bill 149?

House Bill 149 (HB 149) is the Texas Responsible AI Governance Act — commonly called TRAIGA. It's the centerpiece of Texas's four-statute AI governance framework. HB 149 defines seven prohibited AI practices, establishes NIST AI RMF compliance as a statutory affirmative defense, grants the Texas Attorney General exclusive enforcement authority, and provides a 60-day cure period for first violations. The law passed both chambers with bipartisan support in May 2025 and was signed by Governor Abbott on September 1, 2025.

TRAIGA is intent-based — it regulates what your AI system was designed or deployed to do, not just the harm it causes. This differs from Colorado's impact-based approach. The law applies to any organization deploying AI that affects people in Texas, regardless of where the company is headquartered. Geography, not registration, determines scope.

For a complete guide to HB 149, see our HB 149 explainer and TRAIGA overview.

What Is the Texas Responsible AI Governance Law?

The Texas Responsible AI governance law is TRAIGA (Texas Responsible AI Governance Act), enacted as HB 149. It prohibits seven categories of AI practices: subliminal manipulation, exploitation of vulnerabilities, social scoring, real-time biometric surveillance, discrimination by design, constitutional rights infringement, and CSAM generation. Organizations that deploy AI affecting people in Texas must screen their systems against these prohibited practices and build NIST AI RMF alignment for the affirmative defense. The law is enforced exclusively by the Texas Attorney General, with civil penalties up to $200,000 per violation and a 60-day cure period for first-time violations.

TRAIGA operates alongside three companion statutes: SB 1964 (government AI ethics), SB 1188 (healthcare disclosure), and HB 3512 (state employee AI training). Your obligations depend on your deployer type. A private company faces TRAIGA only; a state agency faces TRAIGA plus SB 1964 and HB 3512; a healthcare provider faces TRAIGA plus SB 1188. See our TRAIGA guide and prohibited practices list for details.

What Are the New Texas Laws for July 2025?

Texas passed four AI laws in 2025 that took effect January 1, 2026. They are: (1) HB 149 (TRAIGA) — comprehensive AI governance with prohibited practices, NIST safe harbor, and $200K penalties; (2) SB 1964 — mandatory AI ethics codes and public inventories for government agencies; (3) SB 1188 — patient-facing AI disclosure requirements for healthcare providers; and (4) HB 3512 — mandatory annual DIR-certified AI training for state employees. All four emerged from the 89th Texas Legislature and create a coordinated framework that stacks by deployer type.

All four were signed on September 1, 2025. Private sector companies face TRAIGA only; government agencies face TRAIGA + SB 1964 + HB 3512; healthcare providers face TRAIGA + SB 1188. The stacking effect means a single organization can have obligations under multiple laws — a government hospital, for example, faces all four. For the full breakdown with tables and deployer-type mapping, see our new Texas AI laws guide.

What Does the Colorado AI Act Require?

The Colorado AI Act (SB 24-205) is an impact-based law. It requires developers and deployers of high-risk AI systems to conduct risk assessments, implement governance programs, provide consumer notices, and maintain documentation. High-risk AI includes systems that make or assist consequential decisions affecting employment, housing, credit, healthcare, education, and insurance. Colorado also mandates annual bias audits for high-risk AI — a requirement Texas does not impose on private sector deployers. Colorado's approach asks: what are the consequences of your AI's decisions? Texas asks: what was your AI designed or deployed to do?

Colorado has no NIST safe harbor, no 60-day cure period, and allows a private right of action. Texas TRAIGA is fundamentally different: intent-based, NIST affirmative defense, AG-only enforcement, and 60-day cure. Colorado compliance does not equal Texas compliance. Your risk assessments and bias audits from Colorado are helpful but don't substitute for TRAIGA's prohibited practice screening and NIST alignment documentation.

Quick reference: Colorado requires impact-based risk assessments and consumer notices; Texas requires intent-based prohibited practice screening and NIST alignment. Colorado has private right of action; Texas has AG-only enforcement. Colorado has no cure period; Texas offers 60 days. See our Texas vs Colorado AI law comparison for the full side-by-side table and multi-state strategy guidance.

Who Does the Colorado AI Act Apply To?

The Colorado AI Act applies to developers and deployers of high-risk AI systems that make or assist consequential decisions affecting Colorado residents. High-risk domains include employment, housing, credit, healthcare, education, and insurance. Colorado uses a binary risk classification: high-risk vs. low-risk. Insurance is partially exempt under Colorado's law, similar to Texas's partial exemption for TDI-regulated insurers.

Texas TRAIGA applies more broadly: any deployer of AI systems that affect people in Texas, regardless of risk tier. There's no “high-risk only” carve-out for private sector. If your AI assists decisions affecting Texans — whether that's a chatbot, hiring algorithm, lending model, or recommendation engine — TRAIGA applies. Use our TRAIGA applicability framework to determine your obligations.

What Is the 30% Rule in AI?

The “30% rule” in AI typically refers to thresholds used in regulatory frameworks to determine when AI systems trigger heightened obligations. In the EU AI Act and some industry guidance, percentage thresholds (e.g., proportion of automated decisions, workforce affected) can influence risk classification. The concept appears in discussions of when human oversight is required versus when AI can operate with minimal intervention. Some organizations mistakenly assume that if AI handles less than 30% of their decisions, they're exempt from regulation.

Texas TRAIGA has no explicit 30% threshold. Applicability is based on whether your AI system assists decisions affecting natural persons in Texas — not on a percentage cutoff. If AI meaningfully participates in decisions about people in Texas, TRAIGA applies regardless of how much of your workflow is automated. Human-in-the-loop systems are still in scope; the law covers AI that assists decisions, not just autonomous AI. Focus on intent and function, not percentages.

Practical takeaway: don't waste time calculating whether your AI touches 29% or 31% of decisions. If you deploy AI that affects Texans in any material way — hiring, lending, healthcare, customer service, recommendations — TRAIGA applies. Document your systems, screen for prohibited practices, and build NIST alignment.

What Are the Requirements of the AI Act?

AI Act requirements vary by jurisdiction. Texas TRAIGA requires: (1) screening AI systems against seven prohibited practices; (2) building NIST AI RMF alignment (Govern, Map, Measure, Manage) for the affirmative defense; (3) maintaining cure readiness for the 60-day window; and (4) deployer-type-specific obligations (government, healthcare) under companion statutes. There are no mandatory third-party audits for private sector deployers — your documentation is the primary compliance artifact.

Colorado SB 24-205 requires risk assessments, governance programs, and consumer notices for high-risk AI. The EU AI Act uses a risk-tiered approach (unacceptable, high-risk, limited, minimal). Texas is unique in its intent-based model and NIST safe harbor — documented alignment with the NIST AI Risk Management Framework (Govern, Map, Measure, Manage) creates a statutory affirmative defense in enforcement proceedings. That means your NIST documentation isn't just best practice; it's a legal defense.

For government agencies, SB 1964 adds: adopt an AI ethics code, publish a public AI inventory, conduct heightened scrutiny assessments for AI affecting rights or benefits, and prohibit social scoring. For healthcare, SB 1188 adds patient disclosure. See our TRAIGA compliance checklist and NIST safe harbor guide for implementation steps.

What Is the AI Act Medical Device Regulation?

In Texas, medical device AI is regulated by TRAIGA (prohibited practice screening, NIST alignment) and SB 1188 (patient disclosure). Healthcare providers deploying AI-powered medical devices must screen against TRAIGA's seven prohibited practices and disclose to patients when AI assists in diagnosis, treatment, or care — before or at the time of service. This includes diagnostic imaging AI, clinical decision support, triage systems, surgical AI, remote monitoring devices, ambient scribes, and EHR-embedded AI features.

FDA clearance does not satisfy Texas requirements. The FDA evaluates safety and efficacy; TRAIGA evaluates prohibited intent; SB 1188 evaluates patient transparency. These are separate regulatory surfaces. An FDA-cleared diagnostic AI device still needs TRAIGA screening and SB 1188 disclosure in Texas. Manufacturers should support hospital compliance with prohibited practice attestations and NIST alignment documentation; hospitals bear deployer responsibility under TRAIGA.

The EU AI Act classifies certain AI medical devices as high-risk and imposes conformity assessments. Texas takes a different path: no federal preemption of state law, so TRAIGA and SB 1188 apply regardless of FDA status. See our medical device AI compliance guide for the full implementation checklist and per-device disclosure strategies.

Is AI Regulated in Healthcare?

Yes. In Texas, healthcare AI is regulated by TRAIGA (HB 149) and SB 1188. Healthcare providers must: (1) screen every AI system against TRAIGA's seven prohibited practices; (2) build NIST AI RMF alignment for the affirmative defense; and (3) provide patient-facing disclosure before or at the time of AI-assisted services under SB 1188. This applies to AI used in diagnostic support, treatment recommendations, triage, patient communication, and clinical documentation.

SB 1188 requires clear, conspicuous disclosure — no dark patterns, no buried consent, no post-hoc notification. The disclosure must identify that AI is used, explain its role, and state that a human provider remains responsible. Timing matters: disclosure must occur before or at the time of the AI-assisted service, not in discharge paperwork. A single patient encounter may involve multiple AI systems; each requires appropriate disclosure.

Healthcare providers face dual compliance: TRAIGA for prohibited practice screening and NIST alignment, plus SB 1188 for patient transparency. Government hospitals and health systems may also face SB 1964 and HB 3512. For implementation details, see our SB 1188 healthcare disclosure guide and medical device AI compliance guide.

What Is the SB 205 Colorado AI Act?

SB 24-205 (often cited as SB 205) is the Colorado AI Act — an impact-based law regulating high-risk AI systems. It requires developers and deployers to conduct risk assessments, implement governance programs, and provide consumer notices for AI affecting employment, housing, credit, healthcare, education, and insurance. Colorado has no NIST safe harbor and allows private right of action, meaning individuals can sue for violations. Texas, by contrast, reserves enforcement exclusively to the Attorney General — no private lawsuits under TRAIGA.

Texas TRAIGA is fundamentally different: intent-based (not impact-based), NIST AI RMF as affirmative defense, AG-only enforcement, 60-day cure period, and no mandatory audits for private sector. If you operate in both states, you need separate compliance strategies. The pragmatic approach: build on NIST as the common foundation, then add state-specific layers — prohibited practice screening for Texas, impact assessments for Colorado. See our Texas vs Colorado comparison.

Is the Colorado AI Act Delayed?

The Colorado AI Act (SB 24-205) has faced implementation delays and phased effective dates. Key provisions were scheduled for 2025-2026, with some enforcement and rulemaking pushed back. Stakeholders should monitor the Colorado Attorney General's office and official guidance for current timelines. Legislative amendments and rulemaking have extended some deadlines, creating uncertainty for multi-state operators.

Texas TRAIGA has no delays. It became fully enforceable on January 1, 2026. The Texas Attorney General has exclusive enforcement authority and can bring actions now. Organizations operating in both Texas and Colorado must track each law's timeline independently — what applies in one state does not automatically apply in the other. Don't assume Colorado delays give you more time for Texas; TRAIGA compliance is due now.

Common Texas AI Law Misconceptions

Before we get to the quick reference table, here are the misconceptions we hear most often — and why they're wrong. “We only use ChatGPT for internal tasks.” If those tasks involve decisions about employees, applicants, or customers, TRAIGA applies. Internal-only use doesn't equal exempt use. “Our vendor handles AI compliance.” TRAIGA places obligations on deployers, not just developers. Your vendor's compliance doesn't substitute for yours. “We're a small business.” Size doesn't determine applicability — function does. A customer-facing chatbot falls under scope regardless of company size.

“Our AI doesn't make final decisions — humans do.” TRAIGA covers AI that assists decisions, not just autonomous decisions. Human-in-the-loop doesn't mean exempt. “We're compliant with Colorado, so we're good for Texas.” Colorado compliance does not equal Texas compliance. The frameworks are fundamentally different. “FDA cleared our medical device, so we're compliant.” FDA clearance addresses safety and efficacy; TRAIGA and SB 1188 address prohibited intent and patient disclosure. You need both.

“We'll wait for enforcement to ramp up before acting.” The AG has signaled that early compliance documentation will be treated favorably. Organizations that build their posture before an investigation maximize the 60-day cure window and affirmative defense credibility. “We're exempt because we're in insurance/financial services.” Partial exemption is not full exemption. Both industries remain subject to TRAIGA's prohibited practice restrictions. You cannot use subliminal manipulation or social scoring even if you're otherwise partially exempt.

Texas AI Law Quick Reference

For readers who need a fast lookup, here's how the key statutes and concepts fit together. Bookmark this table for quick answers during compliance planning or stakeholder discussions. Use it when explaining TRAIGA to executives, board members, or procurement teams who need the high-level view before diving into implementation details.

Next Steps: Compliance, Not Confusion

These PAA questions represent high-intent traffic — people actively seeking answers about Texas AI law compliance. If you've determined that TRAIGA applies to your organization, the next step is building your compliance baseline: run through the checklist, screen your AI systems against prohibited practices, and document your NIST alignment. Organizations that document compliance before an AG investigation maximize their cure period effectiveness and affirmative defense credibility. The 60-day cure window only helps if you can actually remediate in 60 days — and that requires having your AI inventory, prohibited practice screening, and NIST documentation in place before you need it. Organizations that discover a potential violation during an internal audit can fix it proactively; those that learn about it from an AG notice have 60 days to demonstrate remediation. The difference between those two scenarios is often whether you had documentation ready before the notice arrived.

TXAIMS automates the full compliance workflow — prohibited practice screening, NIST scoring, deployer-type classification, evidence bundles, and cure readiness. The platform screens your AI systems, builds your NIST defense, and generates audit-ready evidence bundles in minutes. Enterprise customers and government RFPs are increasingly requiring TRAIGA compliance evidence from vendors; having documentation ready accelerates procurement and reduces legal review cycles. The platform supports private sector, government, and healthcare deployer types with workflows tailored to each statute stack.

Start your 14-day free trial and capture the high-intent traffic that law firms are currently winning. For more answers, visit our FAQ or explore our blog for deeper guides on each statute. We've structured this FAQ to rank for the exact questions your peers are searching — and to give you the compliance documentation you need when the AG or your procurement team asks. Every question in this article maps to a real search query; every answer is designed to convert that traffic into compliance action. Bookmark this page for quick reference during stakeholder meetings, procurement reviews, or when the AG sends a notice — having these answers at your fingertips saves time and reduces compliance risk.