GLACIS logo GLACIS
LIVE NOW — Effective January 1, 2026

Texas TRAIGA
(HB 149)

The Texas Responsible AI Governance Act is law. Penalties reach $200,000 per uncurable violation plus $40,000/day for continuing violations. Five affirmative defense grounds reference NIST AI RMF — but you need evidence, not just policies.

Free Compliance Assessment Read the full guide →

What the law says

Prohibited AI practices

  • Behavioral manipulation — AI that incites self-harm, harm to others, or criminal activity (applies to all entities)
  • Social scoring — government AI that classifies persons based on social behavior (government entities only)
  • Discrimination — AI used to intentionally discriminate against protected classes
  • Unauthorized biometrics — government capture without consent
  • Constitutional infringement — AI designed to infringe constitutional rights
  • CSAM — AI-generated sexually explicit content involving minors

Disclosure requirements

  • Government agencies: Must disclose AI use before or at time of consumer interaction — clear, conspicuous, plain language, no dark patterns
  • Healthcare providers: Must disclose AI use no later than when service is first provided; in emergencies, as soon as reasonably possible
  • Private companies: No general disclosure obligation (unlike Colorado/EU)

Companion bill SB 1188 adds human oversight requirements for AI in medical decisions.

Penalties (Section 552.105)

$10,000–$12,000
per curable violation
$80,000–$200,000
per uncurable violation
$2,000–$40,000/day
for continuing violations

AG enforcement with injunctive relief + attorney's fees. Licensed professionals face additional sanctions up to $100K (Section 552.106). 60-day notice and cure period before AG action (Section 552.104).

Five affirmative defense grounds (Section 552.105(e))

TRAIGA establishes five grounds for affirmative defense, including NIST AI RMF compliance which creates a rebuttable presumption of reasonable care (Section 552.105(c)):

1. Third-party misuse — not liable if another person uses the AI system in a prohibited manner

2. Discovery through feedback — violation discovered via feedback from developers, deployers, or other persons

3. Discovery through testing — including adversarial and red-team testing

4. Agency guidelines — following guidelines set by applicable state agencies

5. Framework compliance — substantial compliance with NIST AI RMF (AI 600-1) or another nationally/internationally recognized framework

How GLACIS activates your defense

GLACIS provides the NIST AI RMF evidence trail needed to substantiate your affirmative defense under TRAIGA. Framework compliance (defense ground #5) requires evidence of NIST AI RMF adherence — not just documentation — proof.

1. Assess your gaps

Free compliance wizard maps your AI systems against TRAIGA requirements and NIST AI RMF controls.

2. Continuous attestation

Every AI decision generates a cryptographic receipt — witnessed by an independent network. Tamper-proof. Zero data egress.

3. Activate your defense

Your evidence trail is audit-ready on day one. When the AG comes knocking, you have the proof to substantiate all five affirmative defense grounds under Section 552.105(e).

Start Free Compliance Assessment

5 minutes. Personalized report. Share with your GC.

Go deeper

Coming Soon
Colorado AI Act — $20K/violation
Framework
NIST AI RMF: Your Safe Harbor Key
Pricing
Plans from $500/mo — vs. $200K/violation