Skip to main content
Back to Insights

Texas Enacts Comprehensive AI Governance Law with Specific Requirements for Health Care Service Providers – Are You Ready for TRAIGA?

July 3, 2025

On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible Artificial Intelligence Governance Act (TRAIGA) into law, marking a significant milestone in artificial intelligence (AI) regulation. Effective January 1, 2026, TRAIGA establishes a comprehensive framework for the ethical development, deployment, and use of AI systems in Texas.

This law has far-reaching implications for businesses, government entities, and providers of health care service providers. Below, we break down the key aspects of TRAIGA and provide actionable steps to help you prepare.

What is TRAIGA’s Purpose?

TRAIGA aims to promote responsible AI innovation while protecting individuals and groups from foreseeable risks. It emphasizes transparency, accountability, and ethical AI use, ensuring that AI systems deployed in Texas operate in a manner that respects privacy, avoids harm, and complies with legal standards.

Who Does TRAIGA Apply To?

TRAIGA applies broadly to:

  • Entities that develop, deploy, or market AI systems in Texas
  • Businesses offering AI-powered products or services to Texans
  • State agencies using AI systems

Who is Excluded?

Certain entities are exempt, including:

  • Financial institutions retaining voiceprint data
  • Entities using biometric data for non-identifying purposes
  • AI systems used for security, fraud prevention, or law enforcement

What Does TRAIGA Require?

  • Transparency: Clear disclosures when consumers interact with AI systems
  • Accountability: Developers must ensure AI systems avoid manipulative outcomes, unlawful discrimination, and harm
  • Appeals: Consumers can appeal AI-driven decisions that significantly impact their health, safety, or basic rights

What Does TRAIGA Prohibit?

  • Government use of AI for social scoring or biometric surveillance without consent
  • Development or distribution of AI-generated child exploitation material or explicit deepfakes
  • Developing or deploying an AI system with the intentional aim of inciting or encouraging a person to commit self-harm, criminal activity, or discrimination

Key Features of TRAIGA

  • Regulatory Sandbox: A program allowing entities to test AI systems under relaxed regulations for up to 36 months
  • Texas AI Council: A 10-member council overseeing AI ethics, public safety, and innovation
  • Enforcement: The Texas Attorney General has exclusive authority to enforce TRAIGA, with penalties ranging from $10,000 to $200,000 for violations

How Does TRAIGA Impact Providers of Health Care Services?

Health care services providers may be directly affected where they rely on AI for diagnostics, treatment planning, and patient monitoring. TRAIGA defines health care services to mean “services related to human health or to the diagnosis, prevention, or treatment of a human disease or impairment provided by an individual licensed, registered, or certified under applicable state or federal law to provide those services.”

TRAIGA imposes specific requirements on the provider of the service or treatment “if an artificial intelligence system is used in relation to health care service or treatment”:

  • Transparency in AI Use: Providers must disclose to patients when AI systems are used in delivering health care services or treatment.
  • Biometric Data Restrictions: AI systems cannot use biometric data to uniquely identify individuals without consent.
  • Ethical AI Practices: Providers must ensure AI systems avoid manipulative outcomes and biased recommendations.

Notably, TRAIGA does not provide detailed guidance on what constitutes “using an AI system in relation to health care service or treatment.” This lack of specificity raises important questions, such as whether the law applies to providers who use third-party services that incorporate AI, even when the AI functionality is not apparent or directly controlled by the provider. For example, does TRAIGA apply to a health care services provider using a diagnostic tool powered by AI, even if the provider is unaware of the AI’s role in generating results? Or, how many layers of responsibility exist when AI is embedded within a vendor’s product or service?

To address this ambiguity, health care service providers should take proactive steps to demonstrate reasonable efforts to understand and comply with TRAIGA’s requirements. This can be achieved through the following processes:

  • AI Governance: Establish a governance framework to oversee the use of AI systems, including policies for ethical AI use, transparency, and accountability.
  • AI Risk Assessment: Conduct thorough assessments of AI systems to identify potential risks, such as bias, data privacy concerns, or compliance gaps.
  • AI Vendor Risk Management: Evaluate third-party vendors and their AI systems to ensure compliance with TRAIGA and other applicable laws. This includes reviewing contracts, understanding how AI is integrated into their services, and ensuring vendors adhere to ethical and legal standards.

By implementing these measures, health care providers can mitigate risks, demonstrate compliance, and position themselves as responsible users of AI in the evolving regulatory landscape.

Next Steps for Businesses and Health Care Services Providers

  1. Develop an AI Strategy: Align your AI initiatives with your organization’s goals. Identify high-value use cases, assess risks, and ensure AI systems integrate seamlessly into your operations. For health care services providers, this means ensuring AI tools enhance patient care without compromising compliance. 
  1. Establish a Governance Framework: Create a governance structure to oversee AI initiatives. This includes forming an AI governance committee, drafting policies for ethical AI use, and ensuring vendor compliance with TRAIGA. 
  1. Implement Monitoring and Auditing Processes: Regularly review AI outputs for accuracy, fairness, and compliance. Audit data practices to ensure patient and consumer data is handled responsibly. 
  1. Train Your Team: Educate your leadership and staff on TRAIGA’s requirements, AI literacy, and incident response protocols. 
  1. Engage with Experts: TRAIGA introduces complex requirements that demand specialized expertise. Partnering with experienced advisors can help you navigate these challenges while focusing on your core operations.

Let’s Work Together

TRAIGA represents a new era of AI governance, and compliance is critical to avoid penalties and reputational risks. Contact us today to discuss how we can help your organization navigate this new legal landscape with confidence. 

This blog post was drafted by Shawn Tuma and Christine Chasse, attorneys in the Plano, Texas, office of Spencer Fane. For more information, visit www.spencerfane.com.

Click here to subscribe to Spencer Fane communications to ensure you receive timely updates like this directly in your inbox. 

Related Offices

Related Practices

Spencer Fane
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.