Five months ago, on January 1, 2026, the Texas Responsible Artificial Intelligence Governance Act — TRAIGA, HB 149 — took effect. Governor Greg Abbott signed it on June 22, 2025, making Texas the third US state to adopt a comprehensive AI law, after Colorado and Utah. The Texas Attorney General has exclusive enforcement authority. There is no private right of action. The penalty ceiling is $200,000 per uncurable violation plus up to $40,000 per day for continuing violations.
That is not an EU AI Act number. That is a Texas state penalty, today, for an AI system that touches a Texas resident.
Most enterprise compliance teams in Texas have spent the last five months treating TRAIGA as background noise — partly because the law was pared back during the legislative session, partly because the Attorney General has not yet announced a public enforcement action. Both of those signals are misleading. The statute's safe harbor is what makes it operationally hard, and the safe harbor is something you cannot manufacture during the 60-day cure window after the AG sends a letter.
The number that should be on your risk register
The penalty tiers are layered. Per K&L Gates' analysis summarizing the final bill text:
- Curable violations: $10,000 to $12,000 in civil penalties.
- Uncurable violations: $80,000 to $200,000.
- Continuing violations: $2,000 to $40,000 per day.
The AG must provide notice to cure and cannot sue until 60 days have passed without a cure. Whether a violation is "curable" turns substantially on whether the deployer can produce evidence that the violation was caught — through documented testing, governance process, or framework compliance — rather than discovered only after a complaint landed in the AG's online portal.
The 60-day cure clock starts when the AG sends notice. It does not pause while you build a NIST AI RMF program from scratch.
This matters because the statutory definition of an AI system is broad enough to sweep in essentially every generative tool an enterprise employee touches. TRAIGA defines an "artificial intelligence system" as "any machine-based system that, for any explicit or implicit objective, infers from the inputs the system receives how to generate outputs, including content, decisions, predictions, or recommendations, that can influence physical or virtual environments." That is ChatGPT typed into a browser tab. That is Claude pasted with customer data. That is Gemini summarizing a meeting transcript that includes a Texas resident's name.
The safe harbor is a runtime evidence problem
TRAIGA does not require private employers to implement an AI risk management policy. It does not require impact assessments. It does not require disclosure to job applicants. What it does is offer affirmative-defense safe harbors to organizations that the Attorney General has moved against — and those safe harbors are the operating bar.
DLA Piper's analysis quotes the statute directly. A defendant may not be found liable if they discover a violation "through testing, including adversarial testing or red-team testing" or if they "substantially compl[y] with the most recent version of the 'Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile' published by the National Institute of Standards and Technology or another nationally or internationally recognized risk management framework for AI systems."
Read that twice. The safe harbor is not "we wrote a policy." It is two things, both runtime:
- Adversarial / red-team testing — documented, repeatable, with evidence of what was tested, when, what was found, what was remediated.
- Substantial compliance with NIST AI RMF Generative AI Profile — also documented, also evidenced against your actual deployed systems, not against a generic vendor questionnaire.
If the Attorney General sends you a notice tomorrow alleging an intent-to-discriminate violation in an HR screening tool, the cure path is the safe harbor evidence. The cure path is not your terms of service.
The intent standard is not the relief most lawyers think it is
TRAIGA's discrimination provision requires intent. Per K&L Gates: "TRAIGA only prohibits the use of AI systems that are developed or deployed 'with the intent to unlawfully discriminate against a protected class'... Disparate impact alone cannot show an intent to discriminate."
This was the headline win for the pared-back final version of the bill. It also reframes — but does not eliminate — the documentation problem. To defend against an intent allegation, an enterprise has to demonstrate the absence of intent, and the absence of intent is provable only by documentation of legitimate business purpose, vendor due-diligence trails, system testing protocols, and use-case boundaries.
If your AI use in Texas consists of "employees can use ChatGPT subject to a written policy nobody reviews," the intent standard does not protect you. You have no documented system at all, which makes the intent question one of broad organizational practice rather than narrow product configuration. That is worse, not better.
What governance teams actually need to have in place
The five-months-in operating question is whether your governance program produces the artifacts a Texas AG cure response would require. Concretely:
- A live inventory of AI tools your employees use — including consumer-grade tools (ChatGPT free, Claude.ai, Gemini in personal Gmail) accessed through corporate browsers. Vendor lists that only include sanctioned, paid AI subscriptions miss the surface area TRAIGA actually covers.
- Per-tool, per-policy enforcement evidence — what data classes are blocked, what is logged, what gets surfaced for review. "We have a DLP policy" is not enforcement evidence unless the DLP can see the AI submission and act on it before it leaves the browser.
- NIST AI RMF Generative AI Profile mapping — concrete, current, with the NIST AI 600-1 profile tied to specific deployed systems, not a SOC 2 attestation that mentions AI in a paragraph.
- Adversarial / red-team test records — including for shadow AI access paths, not only sanctioned tools.
- Healthcare disclosure workflow — if you provide healthcare services in Texas, you have an additional, mandatory disclosure obligation to patients when AI is used in their treatment. That is a separate compliance gate from the general business framework.
Most enterprises we talk to in Texas have inventory at best. The runtime-evidence layer is where the gap is widest, and the gap is the exact surface the safe harbor expects you to fill.
The shadow-AI exposure compounds the rest
The single largest source of unreported AI use in regulated enterprises right now is employees pasting into a consumer AI tab in their browser. That activity sits outside every API-layer governance product on the market. It sits outside Microsoft Purview's view of M365 Copilot. It sits outside Databricks Unity AI Gateway's logs. It sits outside an LLM proxy that only sees sanctioned API calls.
For TRAIGA, the legal status of that paste is not ambiguous. If the system the employee used "infers from the inputs the system receives how to generate outputs" and that activity touches a Texas resident, the deployer — your company — is the responsible party. Your safe harbor is whatever evidence you can produce that you tested, blocked, or governed that path.
This is the gap containment.ai was built to close. Real-time enforcement at the browser layer, before sensitive data reaches a non-sanctioned AI surface. Per-policy block / allow / log decisions, with an audit trail that survives a 60-day cure request. NIST AI RMF Generative AI Profile alignment as a deployment posture, not a compliance theory.
What to do this week
If you operate in Texas and have not yet treated TRAIGA as an active obligation:
- Build the AI inventory including consumer-grade browser tools, not only API contracts.
- Identify your two highest-volume shadow paths — typically ChatGPT and one other — and stand up enforcement, not only monitoring, on those paths.
- Draft the NIST AI RMF Generative AI Profile mapping to the systems you have already deployed; if the mapping is empty for any in-scope tool, that tool is your highest-risk path.
- Document the testing protocol — even a quarterly red-team review of policy bypass paths is evidence; no review is no evidence.
- For healthcare providers: wire the patient-disclosure step into your service-start workflow now. It is the one TRAIGA obligation private healthcare entities owe directly to consumers.
The AG's cure clock is 60 days. Five months in, your audit trail either exists or it doesn't. Build it before you need it.
containment.ai provides runtime AI governance for regulated enterprises — real-time enforcement at the browser and proxy layers, with a per-policy audit trail aligned to NIST AI RMF and state AI laws including TRAIGA. Talk to us about closing the audit-trail gap before the AG sends a notice.