866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
SOC Essentials for Early-Stage Companies
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
ISO 14001
ISO 45001
ISO 50001
Privacy Assessments
Privacy Assessments
Global CBPR & PRP Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
Privacy Program Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
DoD IL6
Healthcare Assessments
Healthcare Assessments
HITRUST Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Red Teaming
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
AI Red Teaming
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

«  View All Posts

A Breakdown of the Texas Responsible AI Governance Act (TRAIGA) Blog Feature
Jason Lam

By: Jason Lam

Print/Save as PDF

A Breakdown of the Texas Responsible AI Governance Act (TRAIGA)

Artificial Intelligence | ISO 42001

Published: Jun 17, 2025

The widespread use of AI is in full force, reshaping industries, economies, societies, and business practices. From healthcare diagnostics and financial forecasting to enhanced education and public services, AI systems are being deployed at unprecedented speed and scale. With its rapid adoption comes both immense benefits and equal amounts of concern over transparency, accountability, fairness, and privacy.  

As the implications of AI have become more complex, the call for robust AI governance has increased. The risks of unregulated AI development and deployment include algorithmic bias, opaque decision-making, and unchecked data use. In response, governing bodies around the world have started to establish legislative frameworks to ensure AI is developed and used responsibly, ethically, and in ways that align with societal values and benefits—and Texas is no exception.  

The Texas Responsible AI Governance Act (TRAIGA) has emerged as a crucial AI governance approach designed to address the needs and challenges of the use of AI systems in Texas. In this article, we’ll define TRAIGA and its current status, as well as break down the key provisions and regulatory implications of TRAIGA HB 149 and provide considerations for remaining compliant with emerging AI regulations 

What is TRAIGA?  

In a significant legislative effort to regulate the use of AI systems within the state of Texas, State Representative Giovanni Capriglione introduced House Bill 149 (originally HB 1709), now known as the Texas Responsible AI Governance Act (TRAIGA HB 149) in December 2024. Modeled after other emerging AI frameworks such as the EU AI Act and Colorado's AI legislation, TRAIGA aims to establish a risk-based approach to AI governance, focusing on consumer protection, public safety, and the ethical and beneficial deployment of AI systems. 

The bill comes with the creation of an advisory body within the Department of Information Resources, responsible for monitoring AI use in state government, flagging harmful AI practices, and recommending appropriate and timely AI policy updates. Additionally, TRAIGA mandates risk assessments, transparency reports, and consumer protection measures for AI businesses, reiterating its focus on accountability and the protection of individual freedoms.  

What is the Status of TRAIGA HB 149?  

After Rep. Giovanni Capriglione spent two years crafting and revising the bill, TRAIGA HB 149 was filed on March 14, 2025, and subsequently passed on April 23, 2025, in a 146-3 state House vote. On Friday, May 23, 2025, the bill was unanimously approved in a Senate floor vote. If the bill proceeds as expected and is officially signed into law by Gov. Greg Abbott, the Act will go into effect on January 1, 2026.  

Key Provisions and Regulatory Impacts of TRAIGA HB 149  

Considering the state of Texas has a sizeable population and notable tech sector, TRAIGA HB 149 comes with significant regulatory implications, some of which are outlined in the key provisions below:  

Focus on Government-Deployed AI Systems  

TRAIGA places particular emphasis on AI systems deployed by Texas government agencies or entities, especially those classified as "high-risk." High-risk AI systems are defined as those that make or contribute to consequential decisions affecting individuals in areas such as employment, education, financial services, healthcare, and housing. Government agencies utilizing such systems are required to implement oversight mechanisms to prevent algorithmic discrimination and ensure transparency in decision-making processes. 

Additionally, TRAIGA mandates that government agencies disclose to consumers when they are interacting with any AI system, prior to the interaction occurring. TRAIGA also bans the creation of “social scores”, which refers to using AI algorithms to assign scores to individual users based on their social behavior or characteristics. The government is also prohibited from using AI for the use of biometric data or identifiers to identify specific individuals. Also notably, the bill prohibits “dark pattern” interactions, meaning user interfaces designed to manipulate or impair user autonomy.  

Establishment of the Texas Artificial Intelligence Council  

The Act includes a proposal for the creation of the Texas Artificial Intelligence Council, a regulatory body responsible for: 

  • Monitoring compliance with TRAIGA provisions and flagging harmful AI practices 
  • Issuing guidelines and advisory opinions on AI deployment 
  • Recommending regulatory and legislative updates to address emerging AI challenges 
  • Reporting annually on AI governance efforts 

It is proposed that this council be comprised of ten members, appointed by government officials, with expertise in various fields including risk management, AI ethics, and governance. This council is envisioned as a central authority to oversee the ethical and responsible use of AI across the state and would have rulemaking authority to ensure AI systems are compliant with state laws.  

Prohibitions on Harmful AI Applications  

TRAIGA bans AI systems designed to manipulate human behavior to incite harm or criminal activity and those intended to unlawfully discriminate against protected classes. TRAIGA explicitly prohibits certain AI applications deemed to pose unacceptable risks, including: 

  • Social scoring systems that evaluate individuals based on personal behavior 
  • AI systems that manipulate human behavior through subliminal techniques 
  • Inference of sensitive personal attributes (e.g., race, religion, disability) without consent 
  • Emotion recognition technologies deployed without user consent 
  • Generation of unlawful explicit content or deepfakes 

These prohibitions, among others, aim to safeguard individual rights and prevent discriminatory or manipulative practices through the development or deployment of AI systems.  

Regulatory Sandbox Program  

To foster innovation and facilitate the use of AI systems in Texas while ensuring safety, TRAIGA introduces an AI Regulatory Sandbox Program. This program aims to balance innovation with the protection of human rights and allows developers to test AI systems under a supervised environment with temporary exemptions from certain regulatory requirements. As such, it offers safeguards against costly and time-consuming lawsuits. 

The sandbox is designed to facilitate the development and testing of innovative AI applications, provide a controlled setting to assess potential risks, and encourage responsible innovation by offering guidance and oversight. Participation in the sandbox requires detailed reporting, and protections can be revoked if a project poses public harm or fails to meet obligations. 

Key Considerations for Remaining Compliant with Emerging AI Regulations 

Organizations operating in Texas should proactively prepare for compliance with TRAIGA by taking the following measures: 

  1. Conduct AI Impact and Risk Assessments:  
    Evaluate existing and developing AI systems to determine if they fall under the "high-risk" category and regularly assess the societal and ethical impacts on the individuals involved. 
  2. Implement Transparency Measures:  
    Ensure that AI decision-making processes are transparent, and affected individuals are informed about how decisions are made. 
  3. Establish Oversight Mechanisms:  
    Develop internal policies and procedures to monitor AI system performance and address any instances of algorithmic discrimination. 
  4. Engage with the AI Council:  
    Stay informed about guidelines and recommendations issued by the Texas Artificial Intelligence Council to align practices with state expectations. 
  5. Participate in the Sandbox Program:  
    For innovative AI applications, consider applying to the Regulatory Sandbox Program to test systems in a controlled environment. 
  6. Become ISO 42001 Certified:  
    Achieving ISO 42001 certification comes with ethical AI management validation and enhanced risk management while demonstrating your commitment to the responsible use and deployment of AI systems.  

Even if you don’t practice business within the state of Texas, taking these steps can help your organization navigate the evolving regulatory landscape and contribute to the responsible development and deployment of AI technologies. If you have additional questions about emerging AI regulations, ISO 42001 certification specifically, or any other AI compliance service, Schellman can help. Contact us today and we’ll get back to you shortly.  

In the meantime, discover additional AI insights in these helpful resources:  

About Jason Lam

Jason Lam is a Senior Manager with Schellman based in New York City, NY. Prior to joining Schellman in 2015, Jason worked as an Enterprise Risk Management Associate at Freed Maxick CPAs, specializing in Sarbanes-Oxley compliance audits and Service Organization Controls (SOC) examinations. Over a year of experience comprised of serving clients in various industries ranging from financial services, healthcare, call centers, and data centers. Jason is now mainly dedicated to performing Service Organization Controls (SOC) examinations.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.