Texas TRAIGA Safe Harbor: NIST AI RMF Alignment Checklist (2026)

Texas TRAIGA safe harbor: NIST AI RMF alignment checklist (2026)

Texas's Responsible AI Governance Act (TRAIGA, HB 149) took effect January 1, 2026. What is narrower than laws like Colorado's is not who it covers but what it regulates: instead of imposing broad impact-assessment duties on every deployer, TRAIGA targets a short list of prohibited intentional uses. Its applicability is broad, it reaches any person or entity that conducts business in Texas, produces a product or service used by Texas residents, or develops or deploys an AI system in Texas, and government agencies face additional restrictions. Civil penalties run up to $200,000 per violation, plus up to $40,000 per day for continuing violations. TRAIGA includes an important carve-out: substantial compliance with the NIST AI Risk Management Framework is an affirmative defense in enforcement, a complete defense when you can prove it.

This checklist tells you exactly what that safe harbor requires, how to build the documentation, and what the 60-day cure period does and does not protect you from. Texas has the eighth-largest economy in the world by GDP. If your product touches Texas businesses or consumers, TRAIGA is not a regional compliance footnote.

Who TRAIGA applies to

TRAIGA applies to any person or entity that deploys an AI system affecting Texas residents, regardless of where the company is incorporated or headquartered. A Delaware-incorporated SaaS company serving Texas businesses is in scope. A UK company with a website used by Texas consumers is in scope.

The statute defines "AI system" broadly: any machine-based system that uses quantitative or learning-based methods to influence real-world decisions. That definition captures recommendation engines, automated hiring screeners, AI-generated pricing, chatbots that collect information and route users, and most modern ML-based analytics products. The definition is intentionally wide.

TRAIGA does include some exclusions. AI systems used solely by an individual for personal, non-commercial use are out of scope. Certain government systems operate under separate frameworks. AI systems fully governed by sector-specific federal laws, including some HIPAA-regulated health AI, have a partial carve-out, though the carve-out is narrow and does not extend to health companies using AI in non-clinical functions like marketing or HR.

The practical scope question for most software companies is simpler than the statute makes it sound: if you have Texas customers, Texas employees, or process data involving Texas residents through any AI-powered system, start from the assumption that TRAIGA applies and work backward from there.

What TRAIGA prohibits

TRAIGA's prohibited uses are the core enforcement targets, and they are defined by intent. Unlike the original draft of the bill, which resembled Colorado's broad "high-risk" deployer duties, the enacted law does not require impact assessments or impose a general human-review mandate on consequential decisions. It prohibits a short list of intentional misuses. The Texas AG can bring an action for any of these regardless of whether you have a governance program in place.

Developing or deploying AI with the intent to manipulate human behavior in a way aimed at inciting or encouraging self-harm, harm to another person, or criminal activity is prohibited. Note the intent standard: this is narrower than the EU AI Act's "subliminal manipulation" provision. Ordinary persuasive design or personalization is not the target; the prohibition is aimed at systems intended to push people toward self-harm, violence, or crime.

Developing or deploying AI with the intent to unlawfully discriminate against a protected class, in violation of state or federal civil rights law, is prohibited. TRAIGA requires intent. The statute expressly states that a disparate impact alone is not sufficient to show intent to discriminate. This is a meaningful difference from federal disparate-impact theory under Title VII, an AI hiring screener that produces skewed outcomes is not automatically a TRAIGA violation, though it can still create separate federal exposure.

Developing or deploying AI with the sole intent of producing or distributing child sexual abuse material, or unlawful deepfake sexually explicit content, is prohibited. This is a "sole intent" provision, the highest intent bar in the statute.

Developing or deploying AI with the sole intent to infringe, restrict, or otherwise impair a person's rights under the U.S. Constitution is prohibited. This is also a "sole intent" provision.

Government agencies face additional restrictions that do not apply to private businesses, including a ban on AI-based social scoring and added transparency and biometric-use limits.

Enforcement and the 60-day cure period

The Texas AG is the sole enforcer of TRAIGA. There is no private right of action, meaning individuals cannot sue companies directly under the statute. That is a meaningful protection compared to laws like the CCPA, but it does not eliminate risk. The AG's office has been active in technology enforcement and has publicly stated that AI is a priority enforcement area.

The penalty is up to $200,000 per violation. "Per violation" has not been formally defined in TRAIGA guidance, but in analogous state enforcement contexts it typically means per affected individual, per transaction, or per discrete AI decision, not per company per case. A hiring screener that processed 500 applications with a discriminatory AI model could face aggregate penalties in the tens of millions of dollars if the AG interprets each application as a separate violation.

The 60-day cure period works as follows. When the AG notifies a company of a TRAIGA violation, the company has 60 days to cure the violation before penalties apply. Curing means stopping the violating conduct and taking documented steps to prevent recurrence. If the company cures within 60 days and demonstrates it to the AG's satisfaction, the $200,000 penalty does not apply.

This is a meaningful protection, but it has a critical dependency: you have to be able to act within 60 days. A company with no AI governance documentation cannot cure quickly because it cannot demonstrate what its compliance posture was, what changed, or what controls are now in place. A company with NIST AI RMF documentation can immediately point to its governance framework, show what gap caused the violation, document the fix, and provide evidence that the control is now operating. That is the difference between a cure that convinces the AG and one that does not.

The cure period protects you after notice. The safe harbor protects you before a violation is ever alleged. Both require preparation.

The NIST AI RMF safe harbor: what it covers

TRAIGA provides an affirmative defense for companies that can demonstrate "substantial compliance" with the NIST AI Risk Management Framework at the time of an alleged violation. In practice this functions as a rebuttable presumption of compliance and a mitigating factor in enforcement, not an automatic complete defense; the AG can rebut it by showing the compliance was superficial, retroactive, or accompanied by bad faith. Where the presumption holds, it makes penalties significantly harder to impose.

"Substantial compliance" is not defined with precision in the statute. Based on the NIST AI RMF's published structure and the AG's public guidance, it means three things in practice. First, the compliance must be genuine and documented, not retroactively assembled after notice of a violation. Second, it must cover the four core RMF functions: Govern, Map, Measure, Manage. Third, it must be proportionate to the company's risk profile, meaning a startup deploying one low-risk AI tool does not need the same documentation depth as an enterprise deploying AI across hiring, credit, and customer engagement.

The NIST AI RMF was published in January 2023 and is available free from NIST. It is structured as a framework, not a prescriptive standard, which gives organizations flexibility in how they implement it. That flexibility is both an advantage and a gap: without clear minimum requirements, the question of what constitutes "substantial" compliance will ultimately be shaped by enforcement actions and any AG guidance that follows.

NIST AI RMF alignment checklist for TRAIGA safe harbor

The checklist below maps directly to the four RMF core functions. For each item, you should be able to produce a dated document, policy, or log entry as evidence. The date matters: the safe harbor applies to compliance status at the time of an alleged violation, not at the time you receive notice.

Govern function

• Written AI governance policy approved by leadership, covering acceptable uses of AI, prohibited uses, and accountability structure
• Defined roles and responsibilities for AI oversight, including who is responsible for approving new AI systems and who handles AI-related incidents
• Process for approving new AI systems before deployment, with a documented review step that assesses prohibited uses and risk classification
• Employee training on AI acceptable use, with records showing who completed training and when
• Clear escalation path for AI governance questions, so employees know where to go with concerns

Map function

• Inventory of all AI systems in use, listing tool name, vendor, use case, data inputs, and risk classification
• Written risk classification for each system as high-risk, medium-risk, or low-risk, based on potential for discrimination, manipulation, or protected class impact
• Documented assessment of whether any system affects protected class characteristics, even indirectly through proxy variables
• Mapping of which Texas residents or Texas-facing customer segments each system touches
• Documentation of the business context for each AI system, including who made the deployment decision and when

Measure function

• Process for regularly reviewing AI system outputs for accuracy, bias, and consistency with intended use
• Defined performance metrics for each AI system, including thresholds that would trigger a review or suspension
• Mechanism for employees to report AI system issues or unexpected outputs, with a documented review process
• Documented review of vendor AI compliance claims, including any audit reports or certifications provided by AI vendors
• Record of any bias testing performed on AI systems used in consequential decisions

Manage function

• Written mitigation steps for each identified risk in the AI inventory
• Incident response process for AI-related harms, including who is notified, what is documented, and how affected individuals are addressed
• Vendor contract terms covering AI liability, data handling, and the vendor's own compliance obligations under TRAIGA
• Regular review schedule for the AI inventory, at minimum annual, with dated review records
• Process for retiring or modifying AI systems that are found to be out of compliance or producing harmful outputs

How to build the documentation in a week

Seven days is enough time to build a documentation baseline that would support a TRAIGA safe harbor claim, assuming you do not have a large fleet of complex AI systems. The structure is straightforward.

Days one and two: Draft an AI governance policy. If your company already has an acceptable use policy, adapt it to cover AI specifically. Add sections on prohibited AI uses (aligned to TRAIGA's list), the approval process for new AI tools, and the escalation path for concerns. Get a leadership signature and date it.

Day three: Complete the AI system inventory. This often takes longer than expected because AI is embedded in many tools people do not immediately think of as AI: email filtering, CRM lead scoring, scheduling assistants, resume screeners. Go through your software subscriptions, your vendor contracts, and ask department heads what tools their teams use. Build a spreadsheet with at minimum: tool name, vendor, primary use, data it processes, whether it touches any consequential decisions, and a preliminary risk level.

Day four: Classify each system by risk level. High risk means the system influences employment, housing, credit, healthcare, or public safety decisions, or processes data that could reveal protected class characteristics. Medium risk means the system influences business outcomes but not individual consequential decisions. Low risk means the system handles internal productivity tasks with no direct impact on external individuals. Write a short rationale for each classification.

Day five: Write risk mitigation notes for each high-risk and medium-risk system. These do not need to be long. A paragraph per system describing what the risk is, what control is in place, and what the review process is. For high-risk systems, document the human review checkpoint that exists before AI outputs affect a consequential decision.

Save all of this in a dated folder. Use a file naming convention that makes the creation date visible. If you later need to demonstrate that your compliance documentation existed at the time of an alleged violation, the file metadata and any version control history will matter.

The 60-day cure period: what you can and cannot fix in 60 days

The cure period is most useful for companies that already have a governance baseline and encounter an unexpected compliance gap. Here is a realistic breakdown.

What you can fix in 60 days: discontinue a non-compliant AI tool, add a human review checkpoint to an automated decision pipeline, update vendor contracts to add TRAIGA compliance representations, deploy employee training on a specific AI risk area, or implement a reporting mechanism that was missing.

What you cannot fix in 60 days: retroactively document compliance that did not exist at the time of a violation, build an AI governance program from zero and claim it was in place before the violation, or undo harm to individuals that has already occurred. The AG's assessment of whether a cure is adequate will consider whether the company was acting in good faith and had any pre-existing compliance posture. A company that had no AI governance documentation before receiving notice is in a much weaker position than one that had documentation and encountered a specific gap.

The cure period and the safe harbor work together. Use the next 30 days to build the documentation. Use the cure period, if it becomes necessary, to fix what the documentation reveals you missed.

Related resources

If you are building a TRAIGA compliance program from scratch, the most practical starting points are an AI acceptable use policy template and an AI tool register template. Both give you the documented artifacts that map directly to the Govern and Map functions of the NIST AI RMF. Combined with the mitigation notes described above, they form the core of a defensible safe harbor package.

For the broader regulatory picture, including state laws with overlapping requirements, see the AI regulation deadline calendar 2026. Colorado SB 189, Connecticut SB 5, and the EU AI Act all have requirements that a NIST AI RMF compliance program substantially addresses.

Related Reading

• Texas TRAIGA compliance checklist 2026
• Multi-state AI compliance strategy 2026
• NYC Local Law 144: AI bias audit employer guide 2026
• FCRA AI hiring disclosure requirements 2026
• AI regulation deadline calendar 2026
• AI acceptable use policy template
• AI tool register template
• AI governance guide for small teams
• Texas TRAIGA biometric AI hiring compliance 2026
• Utah AI Policy Act compliance 2026
• ISO 42001 vs EU AI Act vs NIST AI RMF which framework 2026