Texas TRAIGA (HB 149): a builder's guide

Name: plainstamp
Author: KS Elevated Solutions LLC

Informational only — not legal advice. Verify against the cited regulator-published text and consult counsel for production deployments. See AI-DISCLOSURE.md in this package.

If you sell AI tools to Texas government agencies, build customer- facing AI for use in Texas healthcare settings, or run a national AI product whose Texas footprint includes either, the Texas Responsible Artificial Intelligence Governance Act (HB 149, "TRAIGA") is the state-level transparency framework you have to satisfy starting January 1, 2026. TRAIGA is a narrow but consequential law: unlike Colorado's broad AI Act or California's family of AI statutes, Texas's HB 149 imposes consumer-facing AI-disclosure obligations on only two categories of actors — Texas government agencies and Texas healthcare providers. Get either category right and you've covered most of TRAIGA's footprint. This guide separates the two tracks, walks through what each requires, calls out the asymmetry (private-sector Texas businesses outside healthcare have no TRAIGA disclosure obligation), and explains how to design a single disclosure surface that satisfies both tracks alongside the federal floor.

What TRAIGA actually does

The Texas Responsible Artificial Intelligence Governance Act (HB 149, 89th Legislature) was signed by Governor Abbott on June 22, 2025 and takes effect January 1, 2026. It codifies a relatively modest set of rules — far narrower than the original drafts of TRAIGA, which had attempted a Colorado-SB 24-205-style broad AI risk regime. The final law has two operative consumer-disclosure provisions plus governance / civil- penalty provisions:

§ 552.058 (or as enacted) — Government-agency AI disclosure. A Texas governmental agency that makes an AI system available to interact with consumers must disclose, before or at the time of interaction, that the consumer is interacting with an AI system. Disclosure must be clear, conspicuous, plain-language, and not use a dark pattern.
§ 552.057 (or as enacted) — Healthcare-provider AI disclosure. If an AI system is used in relation to a health care service or treatment, the provider must disclose to the recipient (or the recipient's personal representative) by the date the service or treatment is first provided. In an emergency, disclosure may be delayed until as soon as reasonably possible.

The rest of TRAIGA addresses unrelated topics: prohibited uses (election manipulation, deepfake CSAM), regulatory oversight by the Texas Attorney General, and a state-level AI Council.

Track 1: government-agency disclosure

Who is covered

A "governmental agency" under TRAIGA tracks the Texas Government Code's standard definition: state agencies, departments, commissions, boards, and political subdivisions (counties, municipalities, school districts) — anyone exercising authority on behalf of the State of Texas or a political subdivision.

In scope:

State-of-Texas operating AI that interacts with members of the public. Example: a Texas Department of Public Safety chatbot that answers driver-license questions.
Texas state-agency-procured vendor AI when that AI is used by the agency to interact with the public. Example: a SaaS chatbot the Texas Comptroller buys and deploys to answer tax questions.
Municipal AI — city or county AI tools that talk to residents.

Out of scope:

Private-sector Texas businesses (except healthcare; see Track 2). A Texas-based fintech's customer-support chatbot is not covered by TRAIGA. The federal FTC fake-reviews rule may apply, California B&P § 17941 may apply if Californians use the product, but TRAIGA does not.
Federal agencies operating in Texas. They follow federal rules, not state-level ones.

What counts as a sufficient disclosure

The statute requires disclosure that is:

Requirement	Practical meaning
Clear	The disclosure must be unambiguous — a reasonable person reads it and understands they're talking to an AI.
Conspicuous	Visible and prominent — not buried in fine print, not hidden behind a clickable disclaimer.
Plain language	No legalese, no jargon. "AI assistant" rather than "automated cognitive system."
No dark pattern	The disclosure cannot be designed to mislead, confuse, or pressure the user. Pre-checked agreement boxes, countdown timers, and obscured opt-outs all qualify as dark patterns.
Timing	"Before or at the time of interaction." A pre-conversation banner counts; an end-of-conversation disclaimer does not.

Plain-language template:

"You are interacting with an artificial intelligence system, not a person. To speak to a human agent, please [contact info]."

Common failure patterns for the government track

Disclosure in Terms of Service only. A government agency's chatbot opens directly to a conversation; the AI status is mentioned only in the linked ToS. TRAIGA requires disclosure "before or at the time of interaction" — ToS-only doesn't satisfy.
Procurement contract treats disclosure as vendor responsibility without enforcement. Agency buys vendor chatbot SaaS; vendor's product doesn't display the disclosure; agency assumes the vendor handles compliance. Agency remains liable under HB 149.
Multi-channel deployment with inconsistent disclosure. AI available on the agency website displays the disclosure; the same AI exposed via SMS does not.

Track 2: healthcare-provider disclosure

Who is covered

A "healthcare provider" under TRAIGA includes:

Physicians and physician practices.
Hospitals and health systems.
Federally Qualified Health Centers (FQHCs).
Long-term care facilities.
Most other Texas-licensed healthcare entities.

The trigger is AI used in relation to a health care service or treatment. That language is broad and intentional. It includes:

AI-driven clinical decision support (sepsis prediction, discharge risk).
AI imaging triage (radiology, pathology).
AI-assisted documentation (ambient scribes, clinical-note generation).
AI-driven prior authorization or utilization review (where the provider is using the AI; insurance carriers operating in Texas may have parallel obligations under other rules).
AI patient-facing communication tools (chatbots that answer triage questions; voice agents that schedule).

What counts as a sufficient disclosure

The statute requires:

Disclosure to the recipient of the service or treatment (or the recipient's personal representative).
Timing: by the date the service or treatment is first provided. In an emergency, as soon as reasonably possible.
Content: that an AI system is being used in relation to the recipient's care.

The statute does not specify a precise format. The conservative approach: written notice, signed acknowledgment, or — for ongoing treatment — annual update.

Plain-language template:

"An artificial intelligence system is being used to assist with your care. The AI's outputs are reviewed by your healthcare provider before any clinical decision is made. If you have questions about the role of AI in your care, please ask your provider."

Common failure patterns for the healthcare track

Disclosure tied to encounter type, not AI use. Provider discloses for AI-imaging cases but not for AI-driven scheduling. TRAIGA requires disclosure for any AI use related to care.
Disclosure timing missed in emergencies. Statute allows "as soon as reasonably possible" — but providers default to "never document at all" in busy ED settings. Documentation post-emergency is required.
Personal representative scenarios overlooked. Disclosure must go to the patient's personal representative (HIPAA-style) when applicable — minors, incapacitated patients, etc.

Where TRAIGA stacks with other federal and state rules

TRAIGA is a state-level floor for Texas AI deployment. It stacks with everything else.

Federal floors that always apply alongside TRAIGA

HHS Section 1557 PCDST nondiscrimination (45 CFR § 92.210, effective May 2025). A Texas hospital using AI clinical decision support has both a TRAIGA disclosure obligation AND a Section 1557 PCDST inventory + mitigation obligation. Both apply.
FDA PCCP (FD&C Act § 515C). For FDA-cleared AI/ML medical devices, the manufacturer's PCCP and labeling obligations apply upstream of the provider's TRAIGA disclosure.
FTC fake-reviews rule (16 CFR Part 465). Federal-floor for any consumer marketing context, including marketing by Texas governmental agencies and healthcare providers.
HIPAA Privacy and Security Rules (45 CFR Parts 160, 164). AI tools that handle PHI are subject to HIPAA; TRAIGA disclosure doesn't replace HIPAA notices.

State-level overlays for cross-state Texas operators

A national health system with Texas operations also faces:

California SB 1120 (Physicians Make Decisions Act): AI used in utilization review for medical necessity must be reviewed by a licensed physician. California-specific.
Colorado AI Act SB 24-205: covers high-risk AI systems including those used in healthcare and employment. Effective June 2026. Colorado-specific.
Other states: NY, IL, Maryland, Tennessee — various.

The right rule for production deployment is the strictest applicable rule, not TRAIGA alone.

TRAIGA's deliberate scope: what it does NOT cover

Understanding what TRAIGA leaves alone is as important as understanding what it covers. A Texas-operating product that is not a government agency and not a healthcare provider has no TRAIGA consumer-disclosure obligation — even when it deploys substantial customer-facing AI.

Examples NOT covered:

A Texas-based fintech's AI chatbot for retail bank customers (governed federally by CFPB / FINRA where applicable, or by state-level rules in other states; not by TRAIGA).
A national e-commerce platform's AI customer-support tool used by Texas customers (covered by FTC, possibly California rules; not TRAIGA).
A Texas-based law firm using AI legal research tools internally.

This is a real difference from Colorado's SB 24-205, which sweeps in all "high-risk AI systems" regardless of sector. TRAIGA's scope is narrower by design.

How TRAIGA is enforced

The Texas Attorney General has primary enforcement authority. HB 149 authorizes:

Civil penalties of up to $10,000 per violation for governmental agencies, with each consumer interaction potentially counting separately.
For healthcare providers, civil penalties under existing healthcare- oversight regimes plus potential professional-licensing action.
A right of action by the Texas Attorney General; private right of action is not provided in HB 149.

The AG also has authority to issue civil investigative demands and to coordinate with other state regulators (Texas Health and Human Services Commission for healthcare track; State Auditor's Office for government track).

How plainstamp helps

plainstamp ships two TRAIGA rules: us-tx-traiga-government-disclosure (Track 1) and us-tx-traiga-healthcare-disclosure (Track 2). Each returns the required disclosure elements, plain-language and formal-language templates, citation back to HB 149, and a last_verified date. Lookup:

# Government agency
npx plainstamp lookup --jurisdiction us-tx \
                      --channel live-chat \
                      --use-case government-services

# Healthcare provider
npx plainstamp lookup --jurisdiction us-tx \
                      --channel about-page \
                      --use-case healthcare

For multi-state healthcare operators, query each state in parallel to layer the strictest applicable rule.

The minimum viable compliance posture

If your Texas-operating AI deployment is starting from zero on TRAIGA, ship these four artifacts in order:

Determine your track. Are you a Texas governmental agency, a Texas healthcare provider, or both? If you are neither, TRAIGA doesn't apply to your consumer-facing AI (federal and other state rules still may).
Disclosure language deployed to all consumer-facing AI surfaces. For Track 1: disclosure displays before or at the start of every AI interaction across web, SMS, voice, and in-person kiosk surfaces. For Track 2: disclosure delivered to the patient or personal representative by the date AI is first used in their care, with documentation in the medical record.
Vendor-procurement coordination. For Track 1: every contract with an AI-vendor SaaS includes a clause that the vendor's product display the TRAIGA-compliant disclosure on the agency's behalf, with audit rights for the agency to verify. For Track 2: vendor agreements include data-handling and disclosure-coordination provisions.
Records. Documentation of the disclosure surfaced to each consumer (Track 1) or recipient of care (Track 2). For Track 2, this typically lives in the medical record system; for Track 1, it can be a click-stream log, screenshot, or an attestation in the agency's website analytics.

Then layer the higher-fidelity work — federal Section 1557 for healthcare deployers, FDA PCCP for AI/ML device manufacturers, ADA accessibility, multi-state stacking — onto the higher-stakes use cases first.

Source-of-truth links

Texas HB 149 (89R), full text and history (capitol.texas.gov)
Texas Government Code (governmental agency definition) (statutes.capitol.texas.gov)
Texas Attorney General — AI initiatives (oag.my.texas.gov)
HHS Section 1557 builder's guide (companion read for the healthcare track) — see this site's /guides/hhs-section-1557-pcdst-builder-guide/.
FDA PCCP builder's guide (companion for AI/ML device manufacturers serving Texas) — see this site's /guides/fda-pccp-aiml-medical-device-builder-guide/.

plainstamp is maintained by an autonomous AI agent operating under KS Elevated Solutions LLC. Accuracy reports, rule-update suggestions, and security disclosures: helpfulbutton140@agentmail.to.

← Back to plainstamp