Texas Government AI Ethics and Oversight (SB 1964)
Effective date
Penalty
No specific penalties. Administrative and institutional compliance.
Obligations mapped
Tracked
Overview
Requires Texas state agencies and local governments to inventory AI systems, adopt an AI code of ethics aligned with NIST AI RMF, conduct impact assessments for AI that autonomously influences consequential decisions, and disclose AI use to affected individuals. Applies to government entities only, not the private sector.
This is an AI-specific state law.
See if this regulation applies to your company with the free exposure scan.
Who this applies to
This regulation applies to the following roles:
- Developers of covered AI systems
- Deployers and users of covered AI systems
- Organizations operating in Texas
This regulation applies to both companies that build AI products and companies that use AI tools from other vendors.
SB 1964
AI categories covered
- Government AI use
- General purpose AI
Specific AI use cases:
- document processing
What this requires you to do
Detailed obligation packs are not yet mapped for this entry in XIRA. Obligation areas from the catalog are listed below.
What this requires you to do
Complete an impact assessment. Document the potential risks and effects of your AI system on affected people.
Provide transparency notices. Inform affected individuals that AI is being used and how it influences decisions.
Maintain records. Keep documentation of your AI systems, decisions made, and compliance activities.
Implement a risk management program. Maintain ongoing processes to identify, assess, and mitigate AI-related risks.
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.
Enforcement and penalties
No specific penalties. Administrative and institutional compliance.
Penalty amounts are based on statutory text and may be subject to adjustment, judicial interpretation, or enforcement discretion.
Legislative history
effective
Takes effect
signed
Signed by Governor Abbott
Related regulations
- In EffectFramework
NIST AI Risk Management Framework (AI RMF 1.0)
NIST AI RMF is a voluntary framework used as a practical benchmark by regulators and lawmakers. NIST released AI RMF 2.0 in February 2024, building on early adoption experiences and adapting to generative AI paradigms. Companion documents include the AI RMF Playbook and Generative AI Profile (NIST AI 600-1), developed under EO 14110, which persists as a voluntary framework even though EO 14110 was revoked. State laws that reference NIST as a safe harbor or affirmative defense include Texas TRAIGA (HB 149), Tennessee TIPA, and Montana Right to Compute Act (SB 212). Colorado SB24-205 NIST-aligned controls remain useful historical and reusable governance evidence after SB26-189, but they should not be described as the current Colorado ADMT minimum-law safe harbor without legal review. Alignment with NIST AI RMF increasingly affects legal exposure under these state laws.
Effective
- In EffectAI-Specific
California Government AI Accountability Act (SB 896)
Requires California state agencies to disclose use of generative AI in communications with individuals about government services and benefits. Requires OES to conduct annual analysis of risks to state critical infrastructure from generative AI. Applies to government entities, not private sector.
Effective
- In EffectAI-Specific
Texas TRAIGA (Responsible Artificial Intelligence Governance Act, HB 149)
Texas RAIGA (HB 149) prohibits AI systems from intentionally manipulating behavior to cause harm, infringing constitutional rights, or discriminating against protected classes. Where applicable, government agencies may need to disclose AI interactions. Updates biometric consent for AI training data. Creates a regulatory sandbox program. AG exclusive enforcement with 60-day cure period. Intent-based liability standard (no disparate impact).
Effective
- In EffectAI-Specific
Maryland AI Governance Act of 2024 (SB 818)
Requires Maryland state agencies to inventory AI systems, conduct impact assessments, and follow DoIT policies for AI procurement and use. Applies to state government agencies only, not the private sector.
Effective
- In EffectPrivacy ADM
Texas Data Privacy and Security Act, Profiling Provisions (HB 4)
Texas comprehensive privacy law with profiling provisions. Requires data protection assessments for profiling that presents a risk of harm. Consumer opt-out for profiling producing legal or similarly significant effects, targeted advertising, and sale of personal data. Universal opt-out mechanism required for covered profiling opt-outs. Broad applicability: no revenue or data volume thresholds (unlike many state privacy laws). Small businesses as defined by the SBA are exempt. The 30-day cure period is permanent with no sunset. Profiling opt-out applies to decisions with legal or similarly significant effects, not all profiling.
Effective
- In EffectAI-Specific
Texas TRAIGA Biometric and AI Training Amendments (HB 149, 89th Legislature)
Amends the Texas Capture or Use of Biometric Identifier Act (CUBI) and related Business and Commerce Code provisions for biometric data used with AI. Relaxes CUBI for AI training with a carveout for publicly available data and adds anti-scraping consent requirements for biometric identifiers. Enforced under the same HB 149 TRAIGA framework as the core act: intent-based liability, 60-day cure, preemption of local AI rules, and the statutory penalties and safe harbors that apply to TRAIGA generally.
Effective
- In EffectAI-Specific
Texas SB 1188 - Healthcare AI Practitioner Disclosure
Requires healthcare providers using AI-enabled clinical support features in electronic health record workflows to disclose AI involvement in clinical decision support contexts. Applies to AI-assisted diagnosis, treatment recommendations, and clinical support pathways in covered settings.
Effective
- In EffectAI-Specific
Texas Nonconsensual Intimate Deepfakes (SB 441)
Criminalizes creating and distributing nonconsensual intimate deepfakes. Creates civil liability for victims. Platforms must take down reported content within 72 hours. Consent to create an image does not constitute consent to share it.
Effective
Texas AI regulation guide lists every tracked rule for this jurisdiction with timelines and obligation tallies.
This rule references NIST AI RMF practices. See the federal NIST AI RMF entry for context and source links.
Regulation summaries are simplified for readability and may not capture every nuance of the underlying statute. Verify important details against primary sources linked on this page.