Primary Research · State Profile · TX
Texas regulates AI primarily through its 2024 comprehensive consumer privacy law — the Texas Data Privacy and Security Act (TDPSA) — supplemented by the long-standing Capture or Use of Biometric Identifier statute (CUBI). Unlike Colorado, Texas has not enacted a standalone AI Act, but TDPSA's automated profiling provisions reach a broad swath of consumer-facing AI applications. The TDPSA took effect July 1, 2024 and applies to businesses processing personal data of 100,000+ Texans (or 25,000+ Texans if 50% or more of revenue derives from selling personal data), with broader applicability than most state privacy laws because Texas does not require a revenue threshold.
Texas's regulatory posture in 2026 is enforcement-forward. Attorney General Ken Paxton has been notably aggressive on consumer protection cases involving AI, including a $1.4 billion settlement with Google over biometric data collection in 2024. TDPSA gives the AG enforcement authority with up to $7,500 per violation and a 30-day cure period; CUBI separately authorizes substantial penalties for biometric data collection without consent. The combination matters for AI deployments using facial recognition, voice recognition, or other biometric inference — these systems are simultaneously subject to TDPSA consumer rights and CUBI consent requirements. The 2025 Texas legislative session also produced HB 4 (the Texas Responsible AI Governance Act) which is being phased in through 2026.
Key provisions
Privacy notice disclosing data and AI use; consumer rights of access, correction, deletion, portability, opt-out of targeted ads / sale / profiling; data protection impact assessments for high-risk profiling; opt-out signal honoring; up to $7,500 per violation; 30-day cure period; no private right of action.
Key provisions
Consent required before capturing biometric identifier for commercial purpose; restrictions on sale or disclosure; reasonable security required; AG enforcement up to $25,000 per violation.
Establishes the Texas AI Council, mandates state government AI use disclosures, and creates frameworks for high-risk private-sector AI. Materially narrower than originally drafted; watch for implementing rules through 2026.
Sector-specific frameworks layer on top of state AI laws and frequently impose stricter or earlier-binding obligations. These are the sectors most exposed in Texas.
Financial services
Texas Department of Banking and the Texas Department of Insurance both have authority over AI use in their regulated entities; TDPSA layers on top.
Healthcare
TDPSA includes HIPAA-aligned exemptions for PHI, but AI used outside the HIPAA scope on Texas patients falls fully under TDPSA.
Employment
TDPSA exemptions cover most employment data, but vendor AI used for hiring decisions affecting Texas employees may still trigger profiling provisions.
Biometric / Facial recognition
CUBI is the dominant constraint — consent is the foundation. AI deployments using facial recognition, voice analysis, or fingerprints need explicit Texas-aware consent flows.
Practical operational checklist for organizations subject to Texas AI laws. Items are ordered by typical sequence of implementation, not by importance — most steps depend on the inventory work in the first item.
100,000+ Texans threshold or 25,000+ if revenue-from-data triggers; narrower exemptions than most state privacy laws.
Profiling opt-out applies to AI-driven decisions that produce legal or similarly significant effects.
Required for profiling that 'presents reasonably foreseeable risk' — TDPSA is broader than most state DPIA requirements.
Voice recognition, facial recognition, fingerprint — all trigger CUBI. Consent must be explicit and pre-collection.
TDPSA requires opt-out preference signals be recognized; integrate at the analytics and personalization layer.
Texas AG has been aggressive; 30-day cure period is short — incident response runbooks should be pre-built.
Texas AI Council guidance and reporting requirements are still being defined.
EFROS operates Texas AI compliance as a combined TDPSA + CUBI program — biometric consent UX, profiling DPIAs, AG cure-period incident response, and TRAIGA monitoring through 2026. We are particularly active with mid-market Texas businesses navigating the intersection of consumer privacy and AI deployment.
Disclaimer: this profile is a research dataset, not legal advice. Compliance determinations for Texas businesses require analysis of specific facts and should be made in consultation with qualified legal counsel licensed in Texas.
Reference this resource with attribution under CC-BY-4.0. Copy any of the formats below for academic papers, blog posts, AI citations, or vendor evidence packages.
Efros, S. (2026, May). Texas AI Law Tracker — 2026. EFROS. https://efros.com/research/state-ai-law-tracker/texas/
Efros, Stefan. "Texas AI Law Tracker — 2026." EFROS, May 2026, https://efros.com/research/state-ai-law-tracker/texas/.
Efros, Stefan. 2026. "Texas AI Law Tracker — 2026." EFROS. https://efros.com/research/state-ai-law-tracker/texas/.
S. Efros, "Texas AI Law Tracker — 2026," EFROS, May 2026. [Online]. Available: https://efros.com/research/state-ai-law-tracker/texas/
@misc{efros2026texasailawtracke,
author = {Stefan Efros},
title = {Texas AI Law Tracker — 2026},
year = {2026},
month = {May},
publisher = {EFROS},
url = {https://efros.com/research/state-ai-law-tracker/texas/},
note = {Accessed: May 2026}
}https://efros.com/research/state-ai-law-tracker/texas/
Site-wide citation metadata is also published as a CITATION.cff file at /CITATION.cff for citation-management tools and academic indexers.
All tracked US state AI laws in a single citation-ready dataset.
Open20 AI vendors scored on 12 US AI governance axes — including state-law overlays.
OpenFederal framework that anchors most state AI law deployer obligations.
OpenOperating program that implements multi-state AI law compliance.
Open5-minute classification across Colorado AI Act, NYC LL144, CA AB 2013, and NIST AI RMF.
Open