HB149

Regular Session

Relating to regulation of the use of artificial intelligence systems in this state; providing civil penalties.

CriticalImmediate action required

High Cost

Effective:2025-06-22

Enforcing Agencies

Office of the Attorney General (Exclusive authority for Chapter 552) • Department of Information Resources (Sandbox Program & AI Council oversight) • Texas Artificial Intelligence Council (Advisory & Sandbox consultation) • State Licensing Agencies (e.g., Medical Board, Dept of Licensing and Regulation) for professional sanctions

Compliance Analysis

Key implementation requirements and action items for compliance with this legislation

Implementation Timeline

Effective Date: January 1, 2026
Compliance Deadline: January 1, 2026. All consumer disclosures (chatbots/medical) and internal documentation protocols must be active on this date.
Agency Rulemaking:
September 1, 2026: The Attorney General will launch the online consumer complaint portal. Expect an immediate surge in Civil Investigative Demands (CIDs) following this launch.
TBD (Immediate): The Department of Information Resources (DIR) will promulgate rules and application forms for the "Regulatory Sandbox" program.

Immediate Action Plan

1. Map Your Stack: Conduct an immediate inventory of all software that makes automated decisions or generates content.
2. Adopt NIST RMF: Formally adopt the NIST AI Risk Management Framework as corporate policy to trigger the liability affirmative defense.
3. Implement Disclosures: Program all chatbots and automated customer service tools to display a clear AI disclosure *before* the consumer interacts.
4. Scrub Biometrics: Verify no current systems are training on non-consensual biometric data scraped from the internet.
5. Renegotiate MSAs: Send contract addendums to all AI vendors requiring data lineage disclosure and indemnification.

Operational Changes Required

Contracts

You must immediately audit and amend Master Services Agreements (MSAs) with software vendors.

Indemnification: Shift liability. Require vendors to indemnify your company for violations of HB149 caused by the software's architecture.
Data Transparency: Mandate that vendors provide the "data lineage" and "training data descriptions" required by Sec. 552.103. If a vendor refuses to disclose how their AI works, you cannot legally deploy it under Texas law.
Processor Duties: Cite the amendments to the Business & Commerce Code to compel data processors to assist in your security compliance assessments.

Hiring/Training

AI Governance Lead: Designate a specific officer responsible for maintaining the "System Inventory" and "Performance Metrics."
Staff Training: Employees using AI (HR recruiters, customer service managers) must be trained on the new disclosure mandates.
Prohibited Actions: Strictly forbid marketing and security teams from using tools that scrape biometric data (facial recognition) from social media or open web sources without explicit consent.

Reporting & Record-Keeping

To utilize the "Right to Cure" (avoiding penalties), you must be able to produce the following upon AG demand:

System Inventory: A catalog of every AI tool in use, its purpose, and intended benefits.
Data Lineage: Documentation of the data categories used to train the system.
Performance Metrics: Written records of how you test the system for accuracy and bias.
Post-Deployment Monitoring: Proof of human oversight.

Fees & Costs

Civil Penalties:
Curable: $10,000 - $12,000 per violation.
Uncurable: $80,000 - $200,000 per violation.
Continuing: Up to $40,000 per day.
Budget Impact: The Legislature has appropriated over $4 million annually for the AG to hire expert witnesses and machine learning engineers. They are funded to litigate; budget for increased legal defense and Tech E&O insurance premiums.

Strategic Ambiguities & Considerations

"Intent" to Discriminate: The law states disparate impact alone proves no intent, but internal communications can. If your internal testing shows bias and you deploy anyway, the AG may treat this as "intentional" discrimination, triggering maximum penalties.
Definition of "AI System": The definition ("infers from inputs") is broad. While simple spreadsheets are likely excluded, "Automated Decision Making" (ADM) tools in loan origination, insurance underwriting, or resume filtering are definitely included. When in doubt, treat it as AI.
NIST Safe Harbor: The law provides an affirmative defense if you comply with the NIST AI Risk Management Framework. However, "substantial compliance" is undefined. You must document adherence to NIST standards meticulously to claim this shield.

Need Help Understanding Implementation?

Our government affairs experts can walk you through this bill's specific impact on your operations.

Schedule Consultation

Information presented is for general knowledge only and is provided without warranty, express or implied. Consult qualified government affairs professionals and legal counsel before making compliance decisions.

Legislative Timeline

This bill's path through the Texas Legislature

Official Analysis

View HRO Analysis View All Bill Documents

BILL ANALYSIS

C.S.H.B. 149

By: Capriglione

Delivery of Government Efficiency

Committee Report (Substituted)

BACKGROUND AND PURPOSE

According to the House Select Committee on Artificial Intelligence & Emerging Technologies, the state has an opportunity to set standards that ensure the responsible use of artificial intelligence (AI) as it is rapidly evolving and becoming more integrated into society and, while AI offers tremendous opportunities for growth and advancement, it also presents significant risks. Individuals who provided testimony to the select committee and the House Committee on Delivery of Government Efficiency brought to the committees' attention issues with unchecked AI systems, which may inadvertently compromise data privacy, perpetuate bias, or make erroneous decisions that adversely affect consumers.

C.S.H.B. 149 seeks to protect public safety, individual rights, and privacy while encouraging the safe advancement of AI technology in Texas by establishing the Texas Responsible Artificial Intelligence Governance Act, which sets out provisions providing for certain consumer protections and enforcement mechanisms, a regulatory sandbox program for testing innovative AI systems, and the creation of the Artificial Intelligence Council to support innovation and oversee compliance.

CRIMINAL JUSTICE IMPACT

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

RULEMAKING AUTHORITY

It is the committee's opinion that rulemaking authority is expressly granted to the Department of Information Resources in SECTION 4 of this bill.

ANALYSIS

C.S.H.B. 149 amends the Business & Commerce Code and the Government Code to provide for the regulation of the use of artificial intelligence (AI) systems in Texas, including by setting out provisions establishing certain AI protections for consumers, the AI regulatory sandbox program, and the Texas Artificial Intelligence Council.

General Provisions

C.S.H.B. 149 does the following with respect to the bill's provisions relating to AI protection, the sandbox program, and the council:

·defines the following terms:

o"artificial intelligence system" as machine learning and related technology that uses data to train statistical models for the purpose of enabling computer systems to perform tasks normally associated with human intelligence or perception, such as computer vision, speech or natural language processing, and content generation; and

o"consumer" as an individual who is a Texas resident acting only in an individual or household context, excluding an individual acting in a commercial or employment context;

·makes those bill provisions applicable only to a person who does the following:

opromotes, advertises, or conducts business in Texas;

oproduces a product or service used by Texas residents; or

odevelops or deploys an AI system in Texas; and

·requires those bill provisions to be broadly construed and applied to promote its underlying purposes, which are as follows:

oto facilitate and advance the responsible development and use of AI systems;

oto protect individuals and groups of individuals from known and reasonably foreseeable risks associated with AI systems;

oto provide transparency regarding risks in the development, deployment, and use of AI systems; and

oto provide reasonable notice regarding the use or contemplated use of AI systems by state agencies.

Artificial Intelligence Protections

Construction and Local Preemption

C.S.H.B. 149 does the following regarding the bill's provisions relating to AI protections:

·prohibits those provisions from being construed to do the following:

oimpose a requirement on a person that adversely affects the rights or freedoms of any person, including the right of free speech; or

oauthorize any department or agency other than the Texas Department of Insurance to regulate or oversee the business of insurance; and

·establishes that those bill provisions supersede and preempt any ordinance, resolution, rule, or other regulation adopted by a political subdivision regarding the use of AI systems.

Duties and Prohibitions on the Use of Artificial Intelligence

Disclosure to Consumers

C.S.H.B. 149 requires a governmental agency that makes available an AI system intended to interact with consumers to disclose to each consumer, before or at the time of interaction, that the consumer is interacting with an AI system and requires a person to make this disclosure regardless of whether it would be obvious to a reasonable consumer that the consumer is interacting with an AI system. The bill does the following with respect to the disclosure:

·requires the disclosure to be clear, conspicuous, and written in plain language;

·prohibits the disclosure from using a dark pattern, defined by reference to statutory provisions relating to consumer data protection; and

·authorizes the disclosure to be provided by using a hyperlink to direct a consumer to a separate web page or, for an AI system related to health care services, as part of any waivers or forms signed by a patient at the start of service.

The bill defines "health care services" for these purposes as services related to human health or to the diagnosis, prevention, or treatment of a human disease or impairment provided by an individual licensed, registered, or certified under applicable state or federal law to provide those services.

Manipulation of Human Behavior

C.S.H.B. 149 prohibits a person from developing or deploying an AI system in a manner that intentionally aims to incite or encourage a person to do the following:

·commit physical self-harm, including suicide;

·harm another person; or

·engage in criminal activity.

Social Scoring

C.S.H.B. 149 prohibits a governmental entity from using or deploying an AI system that evaluates or classifies a natural person or group of natural persons based on social behavior or personal characteristics, whether known, inferred, or predicted, with the intent to calculate or assign a social score or similar categorical estimation or valuation of the person or group of persons that results or may result in the following:

·detrimental or unfavorable treatment of a person or group of persons in a social context unrelated to the context in which the behavior or characteristics were observed or noted;

·detrimental or unfavorable treatment of a person or group of persons that is unjustified or disproportionate to the nature or gravity of the observed or noted behavior or characteristics; or

·the infringement of any right guaranteed under the U.S. Constitution, the Texas Constitution, or state or federal law.

Capture of Biometric Data

C.S.H.B. 149 prohibits a governmental entity from developing or deploying an AI system for the purpose of uniquely identifying a specific individual using biometric data or the targeted or untargeted gathering of images or other media from the Internet or any other publicly available source without the individual's consent, if the gathering would infringe on any right of the individual under the U.S. Constitution, the Texas Constitution, or state or federal law. The bill establishes that a violation of statutory provisions relating to the capture or use of a biometric identifier, as amended by the bill, is a violation of this prohibition. The bill defines "biometric data" for these purposes as data generated by automatic measurements of an individual's biological characteristics, including a fingerprint, voiceprint, eye retina or iris, or other unique biological pattern or characteristic that is used to identify a specific individual. The term does not include a physical or digital photograph, a video or audio recording, data generated from such a photograph or recording, or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

Political Viewpoint Discrimination

C.S.H.B. 149 prohibits a person from doing the following:

·developing or deploying an AI system with the intent for the AI system to do the following:

olimit an individual's ability to express beliefs or opinions or receive the expression of another individual's beliefs or opinions based solely on the individual's political beliefs, opinions, or affiliations; or

ootherwise infringe on an individual's freedom of association or ability to freely express the individual's beliefs or opinions; and

·using an AI system on an interactive computer service, defined by reference to statutory provisions relating to the provision of software or services to block or screen Internet material, to intentionally do the following:

oengage in such prohibited behavior;

oblock, ban, remove, deplatform, demonetize, debank, de-boost, restrict, or otherwise limit an individual; or

omodify or manipulate content posted by an individual for the purpose of censoring the individual's political speech.

C.S.H.B. 149 does the following:

·makes prohibitions regarding the use of an AI system on an interactive computer service applicable regardless of whether the interactive computer service is automated or overseen by an individual;

·makes the bill's provisions relating to political viewpoint discrimination inapplicable to speech that, as follows:

ois illegal under state or federal law;

oconstitutes a credible threat of violence or incitement to imminent lawless action;

ocontains material that is obscene, defined by reference to Penal Code provisions relating to obscenity offenses;

ocontains a deep fake video produced or distributed in violation of Penal Code provisions relating to the unlawful production or distribution of certain sexually explicit videos;

oviolates intellectual property rights; or

oviolates a developer's or deployer's publicly available terms of service; and

·requires the bill's provisions relating to political viewpoint discrimination to be construed in a manner consistent with applicable federal law, including the U.S. Constitution and federal provisions relating to protections for private blocking and screening of offensive material.

The bill defines "deployer" as a person who deploys an AI system for use in Texas and "developer" as a person who develops an AI system that is offered, sold, leased, given, or otherwise provided in Texas for purposes of the bill's provisions relating to AI protections.

Unlawful Discrimination

C.S.H.B. 149 prohibits a person from developing or deploying an AI system with the intent to unlawfully discriminate against a protected class in violation of state or federal law. The bill defines "protected class" as a group or class of persons with a characteristic, quality, belief, or status protected from discrimination by state or federal civil rights laws, which includes race, color, national origin, sex, age, religion, or disability. The bill establishes that a disparate impact is not sufficient by itself to demonstrate an intent to discriminate for purposes of these provisions.

C.S.H.B. 149 makes the bill's provisions relating to unlawful discrimination inapplicable to an insurance entity for purposes of providing insurance services if the entity is subject to applicable statutes regulating unfair discrimination, unfair methods of competition, or unfair or deceptive acts or practices related to the insurance business. The bill defines "insurance entity" as follows:

·a company regulated by the commissioner of insurance, as described by Insurance Code provisions relating to sanctions;

·a fraternal benefit society regulated under applicable Insurance Code provisions; or

·the developer of an AI system used by such a company or fraternal benefit society.

Certain Sexually Explicit Videos, Images, and Child Pornography

C.S.H.B. 149 prohibits a person from developing or distributing an AI system with the sole intent of producing, assisting or aiding in producing, or distributing visual material in violation of Penal Code provisions relating to the possession or promotion of child pornography or deep fake videos or images in violation of Penal Code provisions relating to the unlawful production or distribution of certain sexually explicit videos. The bill requires a court determining the sole intent of a person under these provisions to consider marketing materials or terms of use associated with the AI system.

Enforcement

Enforcement Authority

C.S.H.B. 149 establishes that the attorney general has exclusive authority to enforce the bill's provisions relating to AI protections, except to the extent provided by the bill's provisions governing enforcement actions by state agencies. The bill's provisions relating to AI protections expressly do not provide a basis for, and are not subject to, a private right of action for a violation of those provisions or any other law.

Information and Complaints, and Investigative Authority

C.S.H.B. 149 requires the attorney general to create and maintain an online mechanism on the attorney general's website through which a consumer may submit a complaint under the bill's provisions relating to AI protections to the attorney general. The attorney general must post on that website the information and online mechanism required by these provisions not later than September 1, 2026. The bill authorizes the attorney general, on receiving a complaint through the online mechanism alleging a violation of the bill's provisions relating to AI protections, to issue a civil investigative demand to determine if a violation has occurred and requires such demands to be issued in accordance with and under procedures established under statutory provisions governing such demands.

C.S.H.B. 149 authorizes the attorney general to request the following from the person reported through the online mechanism, pursuant to such a civil investigative demand:

·a description of the purpose, intended use, deployment context, and associated benefits of the AI system with which the person is affiliated;

·a description of the type of data used to program or train the AI system;

·a description of the categories of data processed as inputs for the AI system;

·a description of the outputs produced by the AI system;

·any metrics the person uses to evaluate the performance of the AI system;

·any known limitations of the AI system;

·a description of the post-deployment monitoring and user safeguards the person uses for the AI system, including, if the person is a deployer, the oversight, use, and learning process established by the person to address issues arising from the system's deployment; or

·any other relevant documentation reasonably necessary for the attorney general to conduct an investigation under these provisions.

Notice of Violation and Opportunity to Cure

C.S.H.B. 149 requires the attorney general, on determining that a person has violated or is violating the bill's provisions relating to AI protections, to notify the person in writing of the determination, identifying the specific provisions the attorney general alleges have been or are being violated. The bill prohibits the attorney general from bringing an action against the person, as follows:

·before the 60th day after the date the attorney general provides the notice; or

·if, before the 60th day after the date the attorney general provides the notice, the person cures the identified violation and provides the attorney general with a written statement that the person has done the following:

ocured the alleged violation;

onotified the Texas Artificial Intelligence Council created under the bill's provisions and, if technically feasible, the consumer who submitted the complaint that the violation has been addressed;

oprovided supporting documentation to show the manner in which the person cured the violation; and

omade any necessary changes to internal policies to reasonably prevent further violation.

Civil Penalty and Injunction

C.S.H.B. 149 makes a person who violates the bill's provisions relating to AI protections and does not cure the violation in accordance with the bill liable to the state for a civil penalty as follows:

·for each violation the court determines to be curable or a breach of a written statement submitted to the attorney general under the bill's provisions, in an amount that is not less than $10,000 and not more than $12,000;

·for each violation the court determines to be uncurable, in an amount that is not less than $80,000 and not more than $200,000; and

·for a continued violation, in an amount that is not less than $2,000 and not more than $40,000 for each day the violation continues.

The bill authorizes the attorney general to bring an action in the state's name to collect such a civil penalty, seek injunctive relief against further violation, and recover attorney's fees and reasonable court costs or other investigative expenses.

C.S.H.B. 149 does the following with respect to civil penalties and actions brought by the attorney general under these provisions:

·establishes the rebuttable presumption that a person used reasonable care as required under the bill's provisions relating to AI protections;

·authorizes a defendant in such an action to seek an expedited hearing or other process, including a request for declaratory judgment, if the person believes in good faith that the person has not violated the applicable bill provisions;

·prohibits a defendant in an action from being found liable if another person uses the AI system affiliated with the defendant in a manner prohibited by the bill's provisions relating to AI protections or the defendant discovers a violation of those provisions through the following:

ofeedback from a developer, deployer, or other person who believes a violation has occurred;

otesting, including adversarial testing or red-team testing;

ofollowing guidelines set by applicable state agencies; or

oan internal review process, if the defendant substantially complies with the most recent version of the "Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile" published by the National Institute of Standards and Technology or another nationally or internationally recognized risk management framework for AI systems; and

·prohibits the attorney general from bringing an action to collect a civil penalty under the bill's provisions relating to AI protections against a person for an AI system that has not been deployed.

Enforcement Actions by State Agencies

C.S.H.B. 149 authorizes a state agency to impose sanctions against a person licensed, registered, or certified by that agency for a violation of the bill's provisions relating to duties and prohibitions on the use of AI under the following conditions:

·the person has been found in violation under the bill's provisions relating to civil penalties and injunctions; and

·the attorney general has recommended additional enforcement by the applicable agency.

The bill authorizes those sanctions to include the following:

·suspension, probation, or revocation of a license, registration, certificate, or other authorization to engage in an activity; and

·a monetary penalty capped at $100,000.

Artificial Intelligence Regulatory Sandbox Program

Definitions

C.S.H.B. 149 defines the following terms for purposes of its provisions governing the AI regulatory sandbox program:

·"applicable agency" as a department of the state established by law to regulate certain types of business activity in Texas and the people engaging in that business, including the issuance of licenses and registrations, that the department determines would regulate a program participant if the person were not operating under the bill's provisions governing the sandbox program;

·"program" as the regulatory sandbox program established under the bill that allows a person, without being licensed or registered under state law, to test an AI system for a limited time and on a limited basis; and

·"program participant" as a person whose application to participate in the program is approved and who may test an AI system under the bill's provisions governing the sandbox program.

Sandbox Program Framework

Sandbox Program Establishment

C.S.H.B. 149 requires the Department of Information Resources (DIR), in consultation with the Texas Artificial Intelligence Council, to create a regulatory sandbox program that enables a person to obtain legal protection and limited access to the market in Texas to test innovative AI systems without obtaining a license, registration, or other regulatory authorization. The program is designed to do the following:

·promote the safe and innovative use of AI systems across various sectors including healthcare, finance, education, and public services;

·encourage responsible deployment of AI systems while balancing the need for consumer protection, privacy, and public safety;

·provide clear guidelines for a person who develops an AI system to test systems while certain laws and regulations are waived or suspended; and

·allow a person to engage in research, training, testing, or other pre-deployment activities to develop an AI system.

C.S.H.B. 149 prohibits the attorney general from filing or pursuing charges against a program participant for violation of a law or regulation waived under the bill's provisions governing the program that occurs during the testing period. The bill prohibits a state agency from filing or pursuing punitive action against a program participant, including the imposition of a fine or the suspension or revocation of a license, registration, or other authorization, for violation of a law or regulation waived under the bill's provisions governing the program that occurs during the testing period. However, the bill prohibits the requirements of the bill's provisions relating to duties and prohibitions on the use of AI from being waived and authorizes the attorney general or a state agency to file or pursue charges or action against a program participant who violates those provisions.

Application for Program Participation

C.S.H.B. 149 requires a person to obtain approval from DIR before testing an AI system under the sandbox program. The bill requires DIR by rule to prescribe the application form. The form must require the applicant to do the following:

·provide a detailed description of the AI system the applicant desires to test in the program and its intended use;

·include a benefit assessment that addresses potential impacts on consumers, privacy, and public safety;

·describe the applicant's plan for mitigating any adverse consequences that may occur during the test; and

·provide proof of compliance with any applicable federal AI laws and regulations.

Duration and Scope of Participation

C.S.H.B. 149 authorizes a program participant approved by DIR to test and deploy an AI system under the sandbox program for a period of not more than 36 months. The bill authorizes DIR to extend a test if DIR finds good cause for the test to continue.

Oversight and Compliance

Coordination with Applicable Agencies

C.S.H.B. 149 requires DIR to coordinate with all applicable agencies to oversee the operation of a program participant and authorizes the Texas Artificial Intelligence Council or an applicable agency to recommend to DIR that a program participant be removed from the program if the applicable agency finds that the program participant's AI system does the following:

·poses an undue risk to public safety or welfare;

·violates any federal law or regulation; or

·violates any state law or regulation not waived under the program.

Periodic Reports by Program Participants and Annual Reports by DIR

C.S.H.B. 149 requires a program participant to provide a quarterly report to DIR. The report must include the following:

·metrics for the AI system's performance;

·updates on how the AI system mitigates any risks associated with its operation; and

·feedback from consumers and affected stakeholders that are using an AI system tested under the program.

The bill requires DIR to maintain confidentiality regarding the intellectual property, trade secrets, and other sensitive information it obtains through the program.

C.S.H.B. 149 requires DIR to submit an annual report to the legislature. The report must include the following:

·the number of program participants testing an AI system in the program;

·the overall performance and impact of AI systems tested in the program; and

·recommendations on changes to laws or regulations for future legislative consideration.

Texas Artificial Intelligence Council

Council Creation and Organization

Council Creation

C.S.H.B. 149 establishes that the Texas Artificial Intelligence Council is created to do the following:

·ensure AI systems in Texas are ethical and developed in the public's best interest;

·ensure AI systems in Texas do not harm public safety or undermine individual freedoms by finding issues and making recommendations to the legislature regarding the Penal Code and Civil Practice and Remedies Code provisions governing product liability;

·identify existing laws and regulations that impede innovation in the development of AI systems and recommend appropriate reforms;

·analyze opportunities to improve the efficiency and effectiveness of state government operations through the use of AI systems;

·make recommendations to applicable state agencies regarding the use of AI systems to improve the agencies' efficiency and effectiveness;

·investigate and evaluate potential instances of regulatory capture, including undue influence by technology companies or disproportionate burdens on smaller innovators caused by the use of AI systems;

·investigate and evaluate the influence of technology companies on other companies and determine the existence or use of tools or processes designed to censor competitors or users through the use of AI systems;

·offer guidance and recommendations to the legislature on the ethical and legal use of AI systems;

·conduct and publish the results of a study on the current regulatory environment for AI systems;

·monitor the regulatory sandbox program in coordination with DIR; and

·make recommendations for improvements to the sandbox program.

C.S.H.B. 149 establishes that the council is administratively attached to DIR and requires DIR to provide administrative support to the council as provided by the bill's provisions. The bill requires DIR and the council to enter into a memorandum of understanding detailing the following:

·the administrative support the council requires from DIR to fulfill the council's purposes;

·the reimbursement of administrative expenses to DIR; and

·any other provisions necessary to ensure the efficient operation of the council.

Council Membership, Qualifications, Staff, and Administration

C.S.H.B. 149 does the following regarding the council's membership:

·sets out the composition of the 10-member council as follows:

ofour members of the public appointed by the governor;

otwo members of the public appointed by the lieutenant governor;

otwo members of the public appointed by the speaker of the house of representatives;

oone senator appointed by the lieutenant governor as a nonvoting member; and

oone member of the house of representatives appointed by the speaker of the house as a nonvoting member;

·establishes that voting members of the council serve staggered four-year terms, with the terms of four members expiring every two years;

·requires the governor to appoint a chair from among the members and the council to elect a vice chair from its membership; and

·authorizes the council to establish an advisory board composed of individuals from the public who possess expertise directly related to the council's functions, including technical, ethical, regulatory, and other relevant areas.

C.S.H.B. 149 requires council members to be Texas residents and have knowledge or expertise in one or more of the following areas:

·AI systems;

·data privacy and security;

·ethics in technology or law;

·public policy and regulation;

·risk management related to AI systems;

·improving the efficiency and effectiveness of governmental operations; or

·anticompetitive practices and market fairness.

C.S.H.B. 149 authorizes the council to hire an executive director and other personnel as necessary to perform its duties.

Council Powers and Duties

C.S.H.B. 149 authorizes the council to issue reports to the legislature regarding the use of AI systems in Texas. The council may issue reports on the following:

·the compliance of AI systems in Texas with state law;

·the ethical implications of deploying AI systems in Texas;

·data privacy and security concerns related to AI systems in Texas; or

·potential liability or legal risks associated with the use of AI systems in Texas.

C.S.H.B. 149 requires the council to conduct training programs for state agencies and local governments on the use of AI systems and prohibits the council from doing the following:

·adopting rules or promulgating guidance that is binding for any entity;

·interfering with or overriding the operation of a state agency; or

·performing a duty or exercising a power not granted by the bill's provisions relating to the council.

Miscellaneous Provisions

C.S.H.B. 149 revises statutory provisions governing the capture or use of biometric identifiers for commercial purposes as follows:

·defines "artificial intelligence system" by reference to the bill's applicable definition of that term;

·establishes that, for purposes of the statutory prohibition against a person capturing a biometric identifier of an individual for a commercial purpose unless the person informs the individual before capturing the biometric identifier and receives the individual's consent to do so, an individual has not been informed of and has not provided consent for the capture or storage of an individual's biometric identifier for a commercial purpose based solely on the existence of an image or other media containing one or more biometric identifiers of the individual on the Internet or other publicly available source;

·makes the statutory provisions governing the capture or use of a biometric identifier inapplicable to the training, processing, or storage of biometric identifiers involved in AI systems, unless the training, processing, or storage is performed for the purpose of uniquely identifying a specific individual; and

·subjects a person possessing a biometric identifier that is captured for the purpose of training an AI system and is subsequently used for a commercial purpose to those statutory provisions for the possession and destruction of a biometric identifier and to the penalties associated with a violation of those provisions.

C.S.H.B. 149 includes among the duties of a consumer data processor assisting a data controller in meeting or complying with the controller's duties or requirements under statutory provisions relating to consumer data protection with respect to requirements relating to the security of processing the data collected, stored, and processed by an AI system, as defined by the bill, as applicable.

C.S.H.B. 149 includes among the criteria under which the Sunset Advisory Commission is required to consider whether a public need exists for the continuation of a state agency or its advisory committees or for the performance of those entities' functions an assessment of the agency's use of AI systems, as defined by the bill, in its operations and its oversight of the use of AI systems by persons under the agency's jurisdiction, and any related impact on the agency's ability to achieve its mission, goals, and objectives, made using information available from DIR, the attorney general, or any other appropriate state agency.

C.S.H.B. 149 includes among the information DIR is required to collect from each state agency regarding the status and condition of the agency's information technology infrastructure an evaluation of the use or considered use of AI systems, as defined by the bill, by each state agency. Furthermore, the bill includes an inventory of an agency's AI systems, as defined by the bill, among the required components of each agency's biennial review regarding the operational aspects of the applicable agency's information resources deployment following DIR instructions.

EFFECTIVE DATE

January 1, 2026.

COMPARISON OF INTRODUCED AND SUBSTITUTE

While C.S.H.B. 149 may differ from the introduced in minor or nonsubstantive ways, the following summarizes the substantial differences between the introduced and committee substitute versions of the bill.

General Provisions

The substitute revises provisions of the introduced providing definitions for applicable terms as follows:

·makes the definitions for "artificial intelligence system" and "consumer" applicable to the bill's provisions relating to AI protections, the sandbox program, and the Texas Artificial Intelligence Council, whereas the introduced made these definitions applicable only to the bill's provisions relating to AI protections;

·omits definitions present in the introduced for "biometric identifier," "deploy," "distributor," "personal data," "political viewpoint discrimination," and "sensitive personal attribute" that were applicable to the bill's provisions relating to AI protections;

·changes the definition of "deployer" from a person doing business in Texas that deploys an AI system, as in the introduced, to a person who deploys an AI system for use in Texas;

·changes the definition of "developer" from a person doing business in Texas that develops an AI system, as in the introduced, to a person who develops an AI system that is offered, sold, leased, given, or otherwise provided in Texas; and

·changes provisions defining "health care service or treatment" as follows:

oreplaces the term "health care service or treatment," as established in the introduced, with the term "health care services";

ochanges the bill provisions to which the term is applicable from provisions relating to AI protections, as in the introduced, to certain of those provisions relating to disclosure to consumers; and

ochanges the definition of the term as revised by the substitute from a health care treatment, service, or procedure designed to maintain, treat, diagnose, prevent, alleviate, cure, or heal a patient's physical or mental condition, illness, injury, or disease, including preventative care, as in the introduced, to services related to human health or to the diagnosis, prevention, or treatment of a human disease or impairment provided by an individual licensed, registered, or certified under applicable state or federal law to provide those services.

The substitute changes the applicability of the bill's provisions as follows:

·changes the bill provisions to which the applicability provisions apply from the bill's provisions relating to AI protections, as in the introduced, to the bill's provisions relating to AI protections, the sandbox program, and the council;

·changes the persons subject to these respective applicability provisions from a person that conducts business, promotes, or advertises in Texas or produces a product or service consumed by Texas residents, or a person that engages in the development, distribution, or deployment of an AI system in Texas, as in the introduced, to a person who promotes, advertises, or conducts business in Texas, produces a product or service used by Texas residents, or develops or deploys an AI system in Texas; and

·omits the provision present in the introduced establishing that the bill's provisions relating to AI protections do not apply to the development of an AI system that is used exclusively for research, training, testing, or other pre-deployment activities performed by active participants of the sandbox program.

Both the introduced and the substitute provide for the construction and application of certain of the bill's provisions. However, the substitute does so with respect to the bill's provisions relating to AI protections, the sandbox program, and the council, whereas the introduced does so only with respect to the bill's provisions relating to AI protections.

Both the introduced and the substitute establish as one of the bill's purposes providing reasonable notice regarding the use of AI systems by state agencies. However, the substitute also includes in that purpose state agencies' contemplated use, whereas the introduced did not.

Artificial Intelligence Protections

The substitute includes a provision absent from the introduced prohibiting the bill's provisions relating to AI protections from being construed to authorize any department or agency other than the Texas Department of Insurance to regulate or oversee the business of insurance.

The substitute makes the following changes to provisions of the introduced relating to the disclosure of AI systems made available by a governmental agency intended to interact with consumers:

·replaces the authorization present in the introduced for the disclosure to be linked to a separate webpage of the developer or deployer with an authorization for the disclosure to be provided using a hyperlink to direct a consumer to a separate web page; and

·omits a provision present in the introduced exempting any requirement under the bill's provisions relating to disclosure to consumers that may conflict with state or federal law.

The substitute omits a prohibition present in the introduced prohibiting an AI system from intentionally using deceptive trade practices, as defined by applicable state law.

The substitute makes the following changes to provisions of the introduced relating to social scoring:

·prohibits a governmental entity from deploying an AI system that evaluates or classifies persons or groups of persons for purposes of social scoring, which did not appear in the introduced;

·includes a specification absent from the introduced that conditions the prohibition against a governmental entity using or deploying certain AI systems on having the intent to calculate or assign a social score or similar categorical estimation or valuation of the person or group of persons;

·changes the following relating to the consequences necessary to be caused by the social score in order to trigger the prohibition on governmental entities using AI systems that classify persons or groups of persons:

ochanges one of the consequences from the detrimental or unfavorable treatment of certain persons or groups of persons in social contexts that are unrelated to the contexts in which the data was originally generated or collected, as in the introduced, to such detrimental or unfavorable treatment in a social context unrelated to the context in which the behavior or characteristics were observed or noted; and

ochanges one of the consequences from the detrimental or unfavorable treatment of certain persons or groups of persons that is unjustified or disproportionate to their social behavior or its gravity, as in the introduced, to such detrimental or unfavorable treatment that is unjustified or disproportionate to the nature or gravity of the observed or noted behavior or characteristics; and

·omits a provision present in the introduced that made provisions relating to social scoring applicable to government entities using AI systems to constrain civil liberties, not any AI system developed or deployed for commercial purposes.

The substitute makes the following changes to provisions of the introduced relating to the capture of biometric data:

·includes a definition absent from the introduced for the term "biometric data";

·whereas the introduced prohibited a governmental entity from developing or deploying an AI system developed with biometric identifiers of individuals and the targeted or untargeted gathering of images or other media from the internet or any other publicly available source for specified purposes, the substitute prohibits a governmental entity from developing or deploying an AI system for those purposes using biometric data or the targeted or untargeted gathering of images or other media from the Internet or any other publicly available source without the individual's consent;

·omits the provision present in the introduced establishing that an individual is not considered to be informed nor to have provided consent for those purposes pursuant to statutory provisions relating to the capture or use of biometric identifiers based solely upon the existence on the internet, or other publicly available source, of an image or other media containing one or more biometric identifiers;

·includes instead a provision absent from the introduced establishing that a violation of those statutory provisions is a violation of the bill's provisions relating to the capture of biometric data; and

·omits a provision present in the introduced establishing that the introduced version's provisions relating to the capture of biometric data applied to systems designed for government entities to constrain civil liberties, not any AI system developed or deployed for commercial purposes or any other government entity purpose.

The substitute makes the following changes to provisions of the introduced relating to political viewpoint discrimination:

·whereas the introduced prohibited an AI system from being developed or deployed in a manner that intentionally results in political viewpoint discrimination or otherwise intentionally infringes upon a person's freedom of association or ability to freely express the person's beliefs or opinions, the substitute prohibits a person from developing or deploying an AI system with the intent for the AI system to limit an individual's ability to express beliefs or opinions or receive the expression of another individual's beliefs or opinions based solely on the individual's political beliefs, opinions, or affiliations or with the intent for the AI system to otherwise infringe on an individual's freedom of association or ability to freely express the individual's beliefs or opinions;

·whereas the introduced prohibited an interactive computer service, through the use of an AI system, from taking certain actions, the substitute prohibits a person from using an AI system on an interactive computer service to intentionally take those actions;

·replaces one such action of otherwise discriminating against political speech, as in the introduced, to otherwise limiting an individual or engaging in certain prohibited behavior regarding the development or deployment of an AI system with intent specified by the bill; and

·includes a provision absent from the introduced establishing that the substitute's provisions relating to political viewpoint discrimination do not apply to speech that violates a developer's or deployer's publicly available terms of service.

The substitute makes the following changes to provisions of the introduced relating to unlawful discrimination:

·includes provisions absent from the introduced defining "insurance entity" and "protected class"; and

·includes a provision absent from the introduced establishing that those provisions do not apply to such an entity for purposes of providing insurance services under certain conditions.

Both the substitute and the introduced establish that the attorney general has the authority to enforce the bill's provisions relating to AI protections, but differ in the following ways:

·the substitute specifies that such authority is exclusive, whereas the introduced does not;

·the substitute omits a provision present in the introduced establishing that excluding, researching, training, testing, or the conducting of other pre-deployment or post-deployment activities by active participants of the sandbox program does not subject a developer or deployer to penalties or actions; and

·the substitute includes a provision absent from the introduced establishing that the bill's provisions relating to AI protections do not provide a basis for, and are not subject to, a private right of action.

Whereas the introduced required the attorney general to post an online complaint mechanism on the attorney general's website, the substitute requires the attorney general to create and maintain the mechanism on the attorney general's website.

The substitute makes the following changes to provisions of the introduced relating to the attorney general's investigative authority:

·specifies that the purpose for which the attorney general may issue a civil investigative demand in response to a complaint is to determine if a violation has occurred, whereas the introduced did not;

·replaces the person from whom the attorney general may request certain information pursuant to the civil investigative demand from the associated party, as in the introduced, to the person reported through the online mechanism;

·replaces the authorization for the attorney general to request any metrics used to evaluate the known limitations of the AI system, as in the introduced, with an authorization for the attorney general to request any known limitations of the AI system;

·removes the specifications present in the introduced that the applicable statements, descriptions, and summaries the attorney general may request be high level statements, descriptions, or summaries;

·omits the authorization present in the introduced for the attorney general to request any relevant documentation reasonably necessary for the attorney general to determine liability or fault of the offender; and

·omits a provision present in the introduced prohibiting the attorney general from instituting an action for a civil penalty against a developer or deployer for AI systems that remain isolated from customer interaction in a pre-deployment environment.

The substitute makes the following changes to provisions of the introduced relating to a notice of a violation and an opportunity to cure the violation:

·whereas the introduced required the attorney general to notify a developer, distributor, or deployer in writing, not later than the 60th day before bringing an action under the bill's provisions relating to civil penalties and injunctions, the substitute requires the attorney general to notify a person of the attorney general's determination that the person has violated or is violating the bill's provisions relating to AI protections and prohibits the attorney general from bringing an action against the person before the 60th day after the date the attorney general provides such notice;

·with respect to the actions a person must take within that 60 day period to remove the attorney general authority to bring an action against the person, changes who the person must notify of the person curing the violation from the consumer, if technically feasible, and the council, if the consumer's contact information has been made available to the developer or deployer and the attorney general, as in the introduced, to the council and, if technically feasible, the consumer who submitted the complaint through the online mechanism; and

·omits provisions present in the introduced providing for an affirmative defense to an action brought by the attorney general.

The substitute makes the following changes to provisions of the introduced relating to civil penalties and injunction:

·whereas the introduced authorized the attorney general to assess and collect an administrative fine in specified amounts against a developer or deployer for certain actions and inactions, the substitute makes a person who violates the bill's provisions relating to AI protections and does not cure the violation liable to the state for a civil penalty and authorizes the attorney general to bring an action to collect the applicable penalty based on the court's findings;

·whereas the introduced established the rebuttable presumption that a developer, distributor, or deployer used reasonable care as required if the developer, distributor, or deployer complied with their duties in preventing certain violations, the substitute establishes the rebuttable presumption that a person used reasonable care as required under the bill's provisions relating to AI protections;

·includes a provision absent from the introduced prohibiting a defendant in an action from being found liable if another person uses the AI system affiliated with the defendant in a prohibited manner or the defendant discovers a violation through certain scenarios that are substantially similar to those in provisions of the introduced omitted by the substitute relating to an affirmative defense; and

·includes a provision absent from the introduced prohibiting the attorney general from bringing an action to collect a civil penalty against a person for an AI system that has not been deployed.

The substitute changes one of the conditions that must be fulfilled to qualify a person for the imposition of sanctions by a state agency from the individuals or entities being sentenced for violations of the bill's provisions relating to AI protections, as in the introduced, to the person being found in violation of such provisions.

The substitute omits a provision present in the introduced that authorized a consumer to appeal a decision made by an AI system which had an adverse impact on their health, welfare, safety, or fundamental rights and that granted the person the right to obtain from the deployer clear and meaningful explanations of the role of the AI system in the decision-making procedure and the main elements of the decision taken.

Artificial Intelligence Regulatory Sandbox Program

The substitute revises provisions of the introduced providing definitions for terms applicable to the bill's provisions relating to the sandbox program as follows:

·whereas the introduced defined "applicable agency" as a state agency responsible for regulating a specific sector impacted by an AI system, the substitute defines that term as a department of the state established by law to regulate certain types of business activity in Texas and the people engaging in that business, including the issuance of licenses and registrations, that the department determines would regulate a program participant if the person were not operating under the bill's provisions relating to the program;

·whereas the introduced defined "sandbox program" as the regulatory framework established under the bill's provisions relating to the program that allows temporary testing of AI systems in a controlled, limited manner without full regulatory compliance, the substitute defines "program" as the regulatory sandbox program established under those provisions that allows a person, without being licensed or registered under state law, to test an AI system for a limited time and on a limited basis; and

·whereas the introduced defined "program participant" as a person or business entity approved to participate in the program, the substitute defines that term as a person whose application to participate in the program is approved and who may test an AI system.

The substitute makes the following changes to provisions of the introduced relating to the establishment of the sandbox program:

·whereas the introduced required DIR, in coordination with the Texas Artificial Intelligence Council, to administer the AI regulatory sandbox program to facilitate the development, testing, and deployment of innovative AI systems in Texas, the substitute requires DIR, in consultation with the council, to create a regulatory sandbox program that enables a person to obtain legal protection and limited access to the market in Texas to test innovative AI systems without obtaining a license, registration, or other regulatory authorization;

·whereas the introduced included as a program purpose providing clear guidelines for AI developers to test systems while temporarily exempt from certain regulatory requirements, the substitute instead includes as a program purpose providing clear guidelines for a person who develops an AI system to test systems while certain laws and regulations are waived or suspended;

·includes provisions absent from the introduced establishing additional program purposes of allowing a person to engage in research, training, testing, or other pre-deployment activities to develop an AI system;

·includes a provision absent from the introduced prohibiting the attorney general from filing or pursuing charges against a program participant for violation of a law or regulation waived under the bill's provisions that occurs during the testing period;

·includes a provision absent from the introduced prohibiting a state agency from filing or pursuing punitive action against a program participant; and

·includes a provision absent from the introduced prohibiting the requirements of the bill's provisions relating to duties and prohibitions on the use of AI from being waived and authorizing the attorney general or a state agency to file or pursue charges or action against a program participant who violates those bill provisions relating to duties and prohibitions on the use of AI.

The substitute makes the following changes to provisions of the introduced relating to the application for sandbox program participation:

·whereas the introduced required a person or business entity seeking to participate in the program to submit an application to the council, the substitute requires a person to obtain approval from DIR before testing an AI system under the program;

·includes a provision absent from the introduced requiring DIR by rule to prescribe the application form;

·whereas the introduced required the application to include certain information, the substitute instead requires the form prescribed by DIR to require the applicant to take certain actions;

·the substitute includes a specification absent from the introduced that the AI system for which the applicant must provide a detailed description is the AI system the applicant desires to test in the program;

·whereas the introduced required the application to include a benefit assessment that addresses potential impacts on consumers, privacy, or public safety, the substitute requires the form to require the applicant to include such an assessment of all such potential impacts; and

·whereas the introduced required the application to include a plan for mitigating any adverse consequences during the testing phase, the substitute requires the form to require the applicant to include a plan for mitigating any such consequences during the test.

The substitute makes the following changes to provisions of the introduced relating to agency coordination:

·whereas the introduced required DIR to coordinate with all relevant state regulatory agencies to oversee the operation of program participants, the substitute requires DIR to coordinate with all applicable agencies, as defined by the substitute, for that purpose; and

·whereas the introduced authorized the council or a relevant agency to recommend to DIR that a participant's sandbox privileges be revoked if the AI system violated any federal or state laws that the program could not override, the substitute authorizes the council or an applicable agency to recommend to DIR that a program participant be removed from the program if the applicable agency finds that the program participant's AI system violates any state law or regulation not waived under the program or any federal law or regulation.

The substitute makes the following changes to provisions of the introduced relating to certain reporting requirements:

·whereas the introduced required feedback from consumers and affected stakeholders using a product deployed under the introduced version's provision relating to reporting requirements to be included in a quarterly report to DIR, the substitute requires feedback from consumers and affected stakeholders that are using an AI system tested under the bill's provisions governing the program to be included in such a report; and

·whereas the introduced required the council to maintain the confidentiality of the intellectual property, trade secrets, and other sensitive information of the sandbox, the substitute requires DIR to maintain confidentiality regarding the intellectual property, trade secrets, and other sensitive information it obtains through the program.

Texas Artificial Intelligence Council

Both the substitute and the introduced establish that the Texas Artificial Intelligence Council is administratively attached to DIR. However, with respect to the entity that must provide administrative support to the council and with which the council must enter into a memorandum of understanding, the substitute replaces references to the office, as in the introduced, with references to DIR.

With respect to that memorandum of understanding, the substitute replaces specification in the introduced that the memorandum detail the administrative support the council requires to fulfill the purposes of the bill's provisions relating to the council with a specification that the memorandum detail the administrative support the council requires to fulfill the council's purposes.

Both the introduced and the substitute require council members to have knowledge or expertise in one or more specified areas. However, the substitute replaces AI technologies as an area of expertise, as included in the introduced, with AI systems.

The substitute omits the provisions from the introduced that prohibited the council, its administration, and its staff from accounting for more than four percent of DIR's budget.

Both the introduced and the substitute authorize the council to issue certain reports. However, the introduced authorized the council to issue reports on state uses of AI systems regarding certain information, whereas the substitute authorizes the council to issue reports regarding that same information but specifies that the information applies to AI systems in Texas.

The substitute replaces a provision of the introduced prohibiting the council from promulgating rules, regulations, binding guidance, or anything construed as regulations or guidance on any entity or agency with a provision prohibiting the council from adopting rules or promulgating guidance that is binding for any entity.

The substitute includes a provision absent from the introduced prohibiting the council from performing a duty or exercising a power not granted by the bill's provisions relating to the council.

The substitute omits a provision present in the introduced that limited the council's duties to providing evaluations.

Miscellaneous Provisions

The substitute revises the following provisions of the introduced by defining "artificial intelligence systems" by reference to the definition provided by the bill's AI protections provisions, whereas the introduced did not include a definition for that term in the following:

·the provision regarding the duties of a consumer data processor assisting a data controller;

·the provision relating to the inclusion of an assessment of an agency's use of AI systems among the criteria the Sunset Advisory Commission must consider in reviewing agencies;

·the provision including an evaluation of the use or considered use of AI systems among the information DIR must collect from each state agency regarding the status and condition of the agency's information technology infrastructure; and

·the provision including an inventory of an agency's AI systems among the required components of each agency's information resources biennial review.

House Authors

Rep. Giovanni CapriglioneRepublican · Primary Author

Joint Authors

Coauthors (5)

Senate Sponsors

Sen. Charles SchwertnerRepublican · Primary Sponsor

Cosponsors (1)

Royce West (D)

Bill Text(with markup)

H.B. No. 149

AN ACT

relating to regulation of the use of artificial intelligence

systems in this state; providing civil penalties.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:

SECTION 1. This Act may be cited as the Texas Responsible

Artificial Intelligence Governance Act.

SECTION 2. Section 503.001, Business & Commerce Code, is

amended by amending Subsections (a) and (e) and adding Subsections

(b-1) and (f) to read as follows:

(a) In this section:

(1) "Artificial intelligence system" has the meaning

assigned by Section 551.001.

(2) "Biometric [~~, "biometric~~] identifier" means a

retina or iris scan, fingerprint, voiceprint, or record of hand or

face geometry.

(b-1) For purposes of Subsection (b), an individual has not

been informed of and has not provided consent for the capture or

storage of a biometric identifier of an individual for a commercial

purpose based solely on the existence of an image or other media

containing one or more biometric identifiers of the individual on

the Internet or other publicly available source unless the image or

other media was made publicly available by the individual to whom

the biometric identifiers relate.

(e) This section does not apply to:

(1) voiceprint data retained by a financial

institution or an affiliate of a financial institution, as those

terms are defined by 15 U.S.C. Section 6809;

(2) the training, processing, or storage of biometric

identifiers involved in developing, training, evaluating,

disseminating, or otherwise offering artificial intelligence

models or systems, unless a system is used or deployed for the

purpose of uniquely identifying a specific individual; or

(3) the development or deployment of an artificial

intelligence model or system for the purposes of:

(A) preventing, detecting, protecting against,

or responding to security incidents, identity theft, fraud,

harassment, malicious or deceptive activities, or any other illegal

activity;

(B) preserving the integrity or security of a

system; or

person responsible for a security incident, identity theft, fraud,

harassment, a malicious or deceptive activity, or any other illegal

activity.

(f) If a biometric identifier captured for the purpose of

training an artificial intelligence system is subsequently used for

a commercial purpose not described by Subsection (e), the person

possessing the biometric identifier is subject to:

(1) this section's provisions for the possession and

destruction of a biometric identifier; and

(2) the penalties associated with a violation of this

section.

SECTION 3. Section 541.104(a), Business & Commerce Code, is

amended to read as follows:

(a) A processor shall adhere to the instructions of a

controller and shall assist the controller in meeting or complying

with the controller's duties or requirements under this chapter,

including:

(1) assisting the controller in responding to consumer

rights requests submitted under Section 541.051 by using

appropriate technical and organizational measures, as reasonably

practicable, taking into account the nature of processing and the

information available to the processor;

(2) assisting the controller with regard to complying

with requirements [~~the requirement~~] relating to the security of

processing personal data, and if applicable, the personal data

collected, stored, and processed by an artificial intelligence

system, as that term is defined by Section 551.001, and to the

notification of a breach of security of the processor's system

under Chapter 521, taking into account the nature of processing and

the information available to the processor; and

(3) providing necessary information to enable the

controller to conduct and document data protection assessments

under Section 541.105.

SECTION 4. Title 11, Business & Commerce Code, is amended by

adding Subtitle D to read as follows:

SUBTITLE D. ARTIFICIAL INTELLIGENCE PROTECTION

CHAPTER 551. GENERAL PROVISIONS

Sec. 551.001. DEFINITIONS. In this subtitle:

(1) "Artificial intelligence system" means any

machine-based system that, for any explicit or implicit objective,

infers from the inputs the system receives how to generate outputs,

including content, decisions, predictions, or recommendations,

that can influence physical or virtual environments.

(2) "Consumer" means an individual who is a resident

of this state acting only in an individual or household context.

The term does not include an individual acting in a commercial or

employment context.

(3) "Council" means the Texas Artificial Intelligence

Council established under Chapter 554.

Sec. 551.002. APPLICABILITY OF SUBTITLE. This subtitle

applies only to a person who:

(1) promotes, advertises, or conducts business in this

state;

(2) produces a product or service used by residents of

this state; or

(3) develops or deploys an artificial intelligence

system in this state.

Sec. 551.003. CONSTRUCTION AND APPLICATION OF SUBTITLE.

This subtitle shall be broadly construed and applied to promote its

underlying purposes, which are to:

(1) facilitate and advance the responsible

development and use of artificial intelligence systems;

(2) protect individuals and groups of individuals from

known and reasonably foreseeable risks associated with artificial

intelligence systems;

(3) provide transparency regarding risks in the

development, deployment, and use of artificial intelligence

systems; and

(4) provide reasonable notice regarding the use or

contemplated use of artificial intelligence systems by state

agencies.

CHAPTER 552. ARTIFICIAL INTELLIGENCE PROTECTION

SUBCHAPTER A. GENERAL PROVISIONS

Sec. 552.001. DEFINITIONS. In this chapter:

(1) "Deployer" means a person who deploys an

artificial intelligence system for use in this state.

(2) "Developer" means a person who develops an

artificial intelligence system that is offered, sold, leased,

given, or otherwise provided in this state.

(3) "Governmental entity" means any department,

commission, board, office, authority, or other administrative unit

of this state or of any political subdivision of this state, that

exercises governmental functions under the authority of the laws of

this state. The term does not include:

(A) a hospital district created under the Health

and Safety Code or Article IX, Texas Constitution; or

(B) an institution of higher education, as

defined by Section 61.003, Education Code, including any university

system or any component institution of the system.

Sec. 552.002. CONSTRUCTION OF CHAPTER. This chapter may

not be construed to:

(1) impose a requirement on a person that adversely

affects the rights or freedoms of any person, including the right of

free speech; or

(2) authorize any department or agency other than the

Department of Insurance to regulate or oversee the business of

insurance.

Sec. 552.003. LOCAL PREEMPTION. This chapter supersedes

and preempts any ordinance, resolution, rule, or other regulation

adopted by a political subdivision regarding the use of artificial

intelligence systems.

SUBCHAPTER B. DUTIES AND PROHIBITIONS ON USE OF ARTIFICIAL

INTELLIGENCE

Sec. 552.051. DISCLOSURE TO CONSUMERS. (a) In this

section, "health care services" means services related to human

health or to the diagnosis, prevention, or treatment of a human

disease or impairment provided by an individual licensed,

registered, or certified under applicable state or federal law to

provide those services.

(b) A governmental agency that makes available an

artificial intelligence system intended to interact with consumers

shall disclose to each consumer, before or at the time of

interaction, that the consumer is interacting with an artificial

intelligence system.

Subsection (b) regardless of whether it would be obvious to a

reasonable consumer that the consumer is interacting with an

artificial intelligence system.

(d) A disclosure under Subsection (b):

(1) must be clear and conspicuous;

(2) must be written in plain language; and

(3) may not use a dark pattern, as that term is defined

by Section 541.001.

(e) A disclosure under Subsection (b) may be provided by

using a hyperlink to direct a consumer to a separate Internet web

page.

(f) If an artificial intelligence system is used in relation

to health care service or treatment, the provider of the service or

treatment shall provide the disclosure under Subsection (b) to the

recipient of the service or treatment or the recipient's personal

representative not later than the date the service or treatment is

first provided, except in the case of emergency, in which case the

provider shall provide the required disclosure as soon as

reasonably possible.

Sec. 552.052. MANIPULATION OF HUMAN BEHAVIOR. A person may

not develop or deploy an artificial intelligence system in a manner

that intentionally aims to incite or encourage a person to:

(1) commit physical self-harm, including suicide;

(2) harm another person; or

(3) engage in criminal activity.

Sec. 552.053. SOCIAL SCORING. A governmental entity may

not use or deploy an artificial intelligence system that evaluates

or classifies a natural person or group of natural persons based on

social behavior or personal characteristics, whether known,

inferred, or predicted, with the intent to calculate or assign a

social score or similar categorical estimation or valuation of the

person or group of persons that results or may result in:

(1) detrimental or unfavorable treatment of a person

or group of persons in a social context unrelated to the context in

which the behavior or characteristics were observed or noted;

(2) detrimental or unfavorable treatment of a person

or group of persons that is unjustified or disproportionate to the

nature or gravity of the observed or noted behavior or

characteristics; or

(3) the infringement of any right guaranteed under the

United States Constitution, the Texas Constitution, or state or

federal law.

Sec. 552.054. CAPTURE OF BIOMETRIC DATA. (a) In this

section, "biometric data" means data generated by automatic

measurements of an individual's biological characteristics. The

term includes a fingerprint, voiceprint, eye retina or iris, or

other unique biological pattern or characteristic that is used to

identify a specific individual. The term does not include a

physical or digital photograph or data generated from a physical or

digital photograph, a video or audio recording or data generated

from a video or audio recording, or information collected, used, or

stored for health care treatment, payment, or operations under the

Health Insurance Portability and Accountability Act of 1996 (42

U.S.C. Section 1320d et seq.).

(b) A governmental entity may not develop or deploy an

artificial intelligence system for the purpose of uniquely

identifying a specific individual using biometric data or the

targeted or untargeted gathering of images or other media from the

Internet or any other publicly available source without the

individual's consent, if the gathering would infringe on any right

of the individual under the United States Constitution, the Texas

Constitution, or state or federal law.

section.

Sec. 552.055. CONSTITUTIONAL PROTECTION. (a) A person may

not develop or deploy an artificial intelligence system with the

sole intent for the artificial intelligence system to infringe,

restrict, or otherwise impair an individual's rights guaranteed

under the United States Constitution.

(b) This section is remedial in purpose and may not be

construed to create or expand any right guaranteed by the United

States Constitution.

Sec. 552.056. UNLAWFUL DISCRIMINATION. (a) In this

section:

(1) "Financial institution" has the meaning assigned

by Section 201.101, Finance Code.

(2) "Insurance entity" means:

(A) an entity described by Section 82.002(a),

Insurance Code;

(B) a fraternal benefit society regulated under

Chapter 885, Insurance Code; or

system used by an entity described by Paragraph (A) or (B).

(3) "Protected class" means a group or class of

persons with a characteristic, quality, belief, or status protected

from discrimination by state or federal civil rights laws, and

includes race, color, national origin, sex, age, religion, or

disability.

(b) A person may not develop or deploy an artificial

intelligence system with the intent to unlawfully discriminate

against a protected class in violation of state or federal law.

sufficient by itself to demonstrate an intent to discriminate.

(d) This section does not apply to an insurance entity for

purposes of providing insurance services if the entity is subject

to applicable statutes regulating unfair discrimination, unfair

methods of competition, or unfair or deceptive acts or practices

related to the business of insurance.

(e) A federally insured financial institution is considered

to be in compliance with this section if the institution complies

with all federal and state banking laws and regulations.

Sec. 552.057. CERTAIN SEXUALLY EXPLICIT CONTENT AND CHILD

PORNOGRAPHY. A person may not:

(1) develop or distribute an artificial intelligence

system with the sole intent of producing, assisting or aiding in

producing, or distributing:

(A) visual material in violation of Section

43.26, Penal Code; or

(B) deep fake videos or images in violation of

Section 21.165, Penal Code; or

(2) intentionally develop or distribute an artificial

intelligence system that engages in text-based conversations that

simulate or describe sexual conduct, as that term is defined by

Section 43.25, Penal Code, while impersonating or imitating a child

younger than 18 years of age.

SUBCHAPTER C. ENFORCEMENT

Sec. 552.101. ENFORCEMENT AUTHORITY. (a) The attorney

general has exclusive authority to enforce this chapter, except to

the extent provided by Section 552.106.

(b) This chapter does not provide a basis for, and is not

subject to, a private right of action for a violation of this

chapter or any other law.

Sec. 552.102. INFORMATION AND COMPLAINTS. The attorney

general shall create and maintain an online mechanism on the

attorney general's Internet website through which a consumer may

submit a complaint under this chapter to the attorney general.

Sec. 552.103. INVESTIGATIVE AUTHORITY. (a) If the

attorney general receives a complaint through the online mechanism

under Section 552.102 alleging a violation of this chapter, the

attorney general may issue a civil investigative demand to

determine if a violation has occurred. The attorney general shall

issue demands in accordance with and under the procedures

established under Section 15.10.

(b) The attorney general may request from the person

reported through the online mechanism, pursuant to a civil

investigative demand issued under Subsection (a):

(1) a high-level description of the purpose, intended

use, deployment context, and associated benefits of the artificial

intelligence system with which the person is affiliated;

(2) a description of the type of data used to program

or train the artificial intelligence system;

(3) a high-level description of the categories of data

processed as inputs for the artificial intelligence system;

(4) a high-level description of the outputs produced

by the artificial intelligence system;

(5) any metrics the person uses to evaluate the

performance of the artificial intelligence system;

(6) any known limitations of the artificial

intelligence system;

(7) a high-level description of the post-deployment

monitoring and user safeguards the person uses for the artificial

intell

Showing first 50k characters.

View bill text in multiple formats on Texas Legislature website

Fiscal NoteView Original

LEGISLATIVE BUDGET BOARD
Austin, Texas

FISCAL NOTE, 89TH LEGISLATIVE REGULAR SESSION


March 25, 2025

TO:	Honorable Giovanni Capriglione, Chair, House Committee on Delivery of Government Efficiency

FROM:	Jerry McGinty, Director, Legislative Budget Board

IN RE:	HB149 by Capriglione (Relating to the regulation of the use of artificial intelligence systems in this state; providing civil penalties.), As Introduced

Estimated Two-year Net Impact to General Revenue Related Funds for HB149, As Introduced: a negative impact of ($27,934,862) through the biennium ending August 31, 2027.

The bill would make no appropriation but could provide the legal basis for an appropriation of funds to implement the provisions of the bill.

General Revenue-Related Funds, Five- Year Impact:

Fiscal Year	Probable Net Positive/(Negative) Impact to General Revenue Related Funds
2026	($17,037,903)
2027	($10,896,959)
2028	($10,646,959)
2029	($10,646,959)
2030	($10,646,959)

All Funds, Five-Year Impact:

Fiscal Year	Probable Savings/(Cost) from General Revenue Fund 1	Change in Number of State Employees from FY 2025
2026	($17,037,903)	23.0
2027	($10,896,959)	23.0
2028	($10,646,959)	23.0
2029	($10,646,959)	23.0
2030	($10,646,959)	23.0

Fiscal Analysis

The bill requires disclosure of an artificial intelligence system to consumers; lists the prohibited uses of artificial intelligence; and lists the prohibitions on the capture of biometric identifiers, political viewpoint and other types of discrimination, and certain sexually explicit videos, images and child pornography.

The bill empowers the attorney general with the authority to enforce the chapter and requires the development of an online mechanism on the attorney general's website through which consumers may submit a complaint under the chapter.

The bill empowers the attorney general to bring legal action in the name of the state to restrain a person from violating the chapter and allows the attorney general to recover attorney's fees and collect fines for violations.

The bill authorizes a state agency to sanction an individual licensed, registered, or certified by that agency for violations of the chapter, including the suspension, probation, or revocation of a license, registration, certificate, or other form of permission to engage in an activity, and monetary penalties up to $100,000.

The bill requires the Department of Information Resources (DIR), in coordination with the Texas Artificial Intelligence Council, to administer the Artificial Intelligence Regulatory Sandbox Program, which is intended to facilitate the development, testing, and deployment of innovative artificial intelligence systems in Texas.

The bill requires DIR to coordinate with all relevant state regulatory agencies to oversee the operations of the sandbox participants, and authorizes the council or a relevant agency to recommend that a participant's sandbox privileges be revoked in certain instances.

The bill establishes the “Texas Artificial Intelligence Council” which is administratively attached to DIR and requires administrative support to be provided to the council through a memorandum of understanding.

The bill details the powers and duties of the council and requires it to conduct training programs for state agencies & local governments.

Methodology

The Department of Information Resources indicates an additional eight full-time equivalent (8.0 FTEs) positions are required to implement the legislation, totaling $1,072,996 in each fiscal year. Additional FTEs include: 2.0 Systems Analysts VII to act as technical subject matter experts that are high level AI intelligence technologists ($344,544 per fiscal year); 2.0 Programmers VI to be technology implementors that can coordinate the testing and evaluation of systems in the sandbox ($344,544 per fiscal year); 1.0 Compliance Analyst IV to act as subject matter expert on AI policy and risk and privacy ($114,099 per fiscal year); 1.0 Contract Specialist V as subject matter expert on procurement and contracting ($85,869 per fiscal year); 1.0 Program Management Specialist III as a program coordinator ($113,278 per fiscal year); and 1.0 Technical Writer II to craft the annual report to the Legislature and assist in the creation of requirements and procedures ($70,662 per fiscal year).

The Office of the Attorney General (OAG) indicates an additional fifteen full-time equivalent (15.0 FTEs) positions are required to implement the legislation, totaling $1,566,508 in each fiscal year. Additional FTEs include: 1.0 Assistant Attorney General VI ($165,850 per fiscal year), 2.0 Assistant Attorneys General V ($301,546 per fiscal year), 2.0 Assistant Attorneys General III ($205,960 per fiscal year), 1.0 Compliance Analyst II ($70,662 per fiscal year), 1.0 Data Analyst V ($102,980 per fiscal year), 1.0 Data Analyst III ($75,376 per fiscal year), 1.0 Investigator V ($75,376 per fiscal year), 2.0 Legal Assistants V ($171,738 per fiscal year), 1.0 Legal Assistant III ($66,254 per fiscal year), 1.0 Programmer VI ($137,066 per fiscal year), 1.0 Systems Administrator VI ($113,278 per fiscal year), and 1.0 Systems Analyst IV ($80,421 per fiscal year).

Associated retirement, social security, group insurance, and agency payroll contributions for 23.0 FTEs would be $789,739 per fiscal year. Associated equipment, supplies, travel and operating costs for 23.0 FTEs are assumed to be $191,108 in fiscal year 2026, and $121,014 each year thereafter.

Additionally, OAG would require $4,000,000 annually to retain consulting and testifying experts with specialized knowledge in artificial intelligence systems such as machine learning engineers for the investigation and litigation of cases involving complex evidence and issues, as well as $250,000 in each year of the 2026-27 biennium for IT Staff Augmentation Contracts through DIR for project management.

The bill authorizes OAG to bring action in the name of the state to restrain a person from violating the chapter and allows the attorney general to recover attorney's fees and collect fines for violations. However, the amounts and timing of any administrative penalty revenue and the recovery of reasonable fee and expense revenue by OAG are unknown. As such, the fiscal impact cannot be determined.

The bill administratively attaches the AI Council to DIR, and requires DIR to provide administrative support to the Council. This analysis assumes any administrative costs incurred by the Council could be absorbed using existing resources.

Technology

According to DIR, technology costs are expected to be $3,000,000 per fiscal year. This includes $1,000,000 in each fiscal year for estimated professional service costs for security and compliance audits, as well as vendor and agency support for the AI Sandbox. This cost will depend on the number and type of AI system participants invited in the sandbox program. Costs per instance of AI in the sandbox could range from $400,000 to $500,000. Also included is $2,000,000 per fiscal year for cloud service costs for hosting and computing for the regulatory sandbox program.

According to the Office of the Attorney General, technology costs include one-time costs of $6,070,850 in fiscal year 2026 and a recurring cost in each FY 2026-2030 of $96,702. One-time costs include the development of a consumer complaint mechanism, automated notice generation, case management and enforcement tools, and various IT equipment. Annual recurring charges cover data center services, voice lines, and additional licensing through Salesforce and Box.

Local Government Impact

No significant fiscal implication to units of local government is anticipated.

Source Agencies:

212 Office of Court Administration, Texas Judicial Council, 302 Office of the Attorney General, 304 Comptroller of Public Accounts, 313 Department of Information Resources, 320 Texas Workforce Commission, 352 Bond Review Board, 452 Department of Licensing and Regulation, 503 Texas Medical Board, 529 Health and Human Services Commission, 582 Commission on Environmental Quality, 601 Department of Transportation, 710 Texas A&M University System Administrative and General Offices, 720 The University of Texas System Administration

LBB Staff:

JMc, RStu, LCO, CSmi, CMA, NV, SD, KTw

Related Legislation

Explore more bills from this author and on related topics

Frequently Asked Questions

Common questions about HB149

What does Texas HB149 do?

HB149 fundamentally shifts liability from software vendors to Texas businesses ("Deployers") using AI for hiring, healthcare, finance, and customer service. Effective January 1, 2026, the law mandates strict disclosure protocols, bans non-consensual biometric scraping, and empowers the Attorney General to levy civil penalties of up to $200,000 per violation against companies that fail to maintain specific documentation and oversight. Implementation Timeline Effective Date: January 1, 2026 Compliance Deadline: January 1, 2026.

Who authored HB149?

HB149 was authored by Texas Representative Giovanni Capriglione during the Regular Session.

When was HB149 signed into law?

HB149 was signed into law by Governor Greg Abbott on June 22, 2025.

Which agencies enforce HB149?

HB149 is enforced by Office of the Attorney General (Exclusive authority for Chapter 552), Department of Information Resources (Sandbox Program & AI Council oversight), Texas Artificial Intelligence Council (Advisory & Sandbox consultation) and State Licensing Agencies (e.g., Medical Board, Dept of Licensing and Regulation) for professional sanctions.

How urgent is compliance with HB149?

The compliance urgency for HB149 is rated as "critical". Businesses and organizations should review the requirements and timeline to ensure timely compliance.

What is the cost impact of HB149?

The cost impact of HB149 is estimated as "high". This may vary based on industry and implementation requirements.

What topics does HB149 address?

HB149 addresses topics including artificial intelligence, business & commerce, business & commerce--trade practices, consumer protection and electronic information systems.

Legislative data provided by LegiScanLast updated: November 25, 2025

Need Strategic Guidance on This Bill?

Need help with Government Relations, Lobbying, or compliance? JD Key Consulting has the expertise you're looking for.