With the state attorney general's enforcement infrastructure still taking shape and the complaint portal not yet live, the first half of 2026 has been a critical window for businesses to get ahead of compliance.

They say everything's bigger in Texas—and apparently that now includes the state's appetite for AI regulation. On January 1, 2026, the Texas Responsible Artificial Intelligence Governance Act (TRAIGA 2.0) quietly took effect, making Texas one of the first states in the country to put real guardrails around AI development and deployment. We're now nearly five months in, and the dust is settling enough to see what this law actually means for businesses operating in Texas. For manufacturers deploying AI on the production floor, employers using it to screen resumes, tech companies building the next large language model and vendors selling AI-powered tools, this law has real implications. Here's what it does.

How We Got Here

The "2.0" in the name isn't just branding. It tells you something went wrong the first time. An earlier version of the bill, TRAIGA 1.0, tried to do too much: mandatory risk management policies for employers, pre-deployment impact assessments and a broad "algorithmic discrimination" standard that would have made it illegal for AI systems to produce biased outcomes, even unintentionally. The business community pushed back, and the bill never made it out of committee. What emerged in its place is narrower, lighter on the private sector and notably more innovation-friendly—though not toothless. Governor Greg Abbott signed the final version on June 22, 2025. With the state attorney general's enforcement infrastructure still taking shape and the complaint portal not yet live, the first half of 2026 has been a critical window for businesses to get ahead of compliance.

What the Law Actually Says

Who's Covered

So, what does TRAIGA 2.0 actually require, and of whom? The jurisdictional hook is wide. Any person or entity that does business in Texas, sells to Texans or deploys AI in the state is subject to the law. And the definition of "artificial intelligence system" is deliberately expansive, covering any machine-based system that generates outputs (content, decisions, predictions, recommendations) from its inputs that can influence physical or virtual environments. A predictive maintenance algorithm on a factory floor? In scope. An AI-driven applicant tracking system? Also in scope.

The saving grace for employers: "Consumer" under this law specifically excludes anyone acting in an employment or commercial context. That means most of the law's consumer-facing obligations don't directly apply to your workforce interactions. That said, the carveout doesn’t render private employers invisible to the statute.

Discrimination: Intent Is the Trigger, Not Outcomes

This is the provision that matters most for employers. TRAIGA 2.0 makes it unlawful to develop or deploy AI with the intent to discriminate against a protected class: race, color, national origin, sex, age, religion or disability. But the statute draws a hard line: Unequal outcomes alone (i.e., “disparate impact”) do not establish a violation. In practical terms, an AI hiring tool that produces skewed outcomes but wasn't designed to do so doesn’t violate TRAIGA 2.0. However, it may still run afoul of federal employment discrimination laws like Title VII, the Age Discrimination in Employment Act or the Americans with Disabilities Act, since those statutes do allow claims based on unequal outcomes. But under this Texas law specifically, intent is required.

What About Disclosure to Employees?

Short answer: TRAIGA 2.0 doesn't require it. The law's disclosure obligations apply to government agencies interacting with consumers, not to private employers communicating with their workforce. That said, this is an area where the regulatory landscape is shifting. Other states are beginning to require employer-side AI disclosures, and the fact that Texas hasn't gone there yet is no guarantee it won’t in a future legislative session.

Biometric Data: A Quick Flag for Manufacturers

Operations that involve AI systems processing biometric data (facial recognition for access control, for example) benefit from a TRAIGA 2.0 exemption: the training and development of AI models is generally carved out from Texas's existing consent-and-retention requirements. But the exemption has limits. If the system is used to uniquely identify a specific person, or if biometric data collected for training later gets repurposed for a different commercial use, the full compliance weight of Section 503.001 applies, penalties included.

Enforcement: Who's Watching and What Happens If You Slip

Enforcement Is Public, Not Private

The Texas attorney general has exclusive enforcement authority, and the statute does not allow individuals to file their own lawsuits. That means no plaintiff-side class actions under this law. The attorney general's office, however, has real investigative and enforcement power. Before bringing an action, the attorney general must provide written notice of the specific provisions allegedly violated. The alleged violator then has 60 days to cure the issue and document the fix. A successful cure closes the matter.

The Price Tag for Noncompliance

If the violation isn’t cured, penalties escalate. Curable violations (or breaches of a written statement certifying the fix) carry fines of $10,000 to $12,000 per violation. Uncurable violations range from $80,000 to $200,000 each. And if the violation is ongoing? That's $2,000 to $40,000 per day. On top of all that, the attorney general can seek court orders stopping the violation and recover attorney's fees and costs.

The Defenses

The law presumes that a defendant acted with reasonable care unless the attorney general proves otherwise. Third-party misuse of a system doesn’t create liability for the developer or deployer. Companies that follow established AI risk management standards, such as the framework published by the National Institute of Standards and Technology, or that proactively identify problems through their own internal testing, have a statutory defense against liability. Defendants can also ask a court for a fast-track ruling confirming they’re not in violation, rather than waiting out a lengthy enforcement proceeding. State licensing agencies can add their own penalties (up to $100,000), but only on the attorney general's recommendation after a finding, not independently.

A Few Other Things Worth Noting

TRAIGA 2.0 also establishes a regulatory sandbox program that lets approved participants test AI systems for up to 36 months without needing a license or other regulatory authorization, though the core prohibitions still apply during testing. It creates an advisory (not regulatory) seven-member Texas AI Council. And it preempts all local AI ordinances, meaning one set of rules applies statewide—no city-by-city patchwork.

What's Coming Next

The attorney general's online complaint portal goes live by September 1, 2026, about three months from now. Once consumers have a streamlined mechanism to file complaints, expect enforcement activity to pick up. On the federal front, pending congressional AI legislation could include a 10-year moratorium on state enforcement, which would effectively put TRAIGA 2.0 on ice. Governor Abbott has signaled he'd comply to protect federal funding. But until that happens—if it happens—the law is very much enforceable.

The Bottom Line: What Employers Should Be Doing Right Now

The discrimination prohibition applies to any "person,” not just the government. And the attorney general's investigative authority allows it to demand granular documentation about how an AI system works, what trained it and what it produces. For companies deploying AI in hiring, performance management, quality control, safety monitoring or workforce planning, the practical priorities are:

Know the Inventory

Whether it's an applicant screening platform, a predictive scheduling algorithm or a vision system on the line, every AI tool touching operations should be catalogued.

Stress Test Vendor Relationships

Under Section 552.103, the attorney general can demand documentation on system purpose, training data, inputs, outputs, performance metrics, known limitations and post-deployment safeguards. Vendors that can’t produce this on short notice represent a compliance gap.

Document Governance

Written AI use policies covering ownership, escalation paths and monitoring for changes in how AI systems perform over time should be in place.

Train Decision-Makers

The people acting on AI outputs need to understand the legal and practical guardrails.

Watch the Federal Landscape

A congressional moratorium could sideline state enforcement for a decade. Building compliance infrastructure now is sound strategy regardless of what happens at the federal level.

For More Information

If you have any questions about this Alert, please contact Joseph A. Ciucci, Nicolette J. Zulli, any of the attorneys in our Employment, Labor, Benefits and Immigration Practice Group or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.