Skip to main content

Cytra TRAIGA Readiness

Prepare for Civil Investigative Demands under Texas HB 149 (TRAIGA).

When the Texas AG issues a CID under TRAIGA, you must produce evidence of how your AI systems actually run — inventories, risk assessments, logs, records of what the system did. A document binder assembled after the fact is the failure mode; a governed runtime record is the answer.

TRAIGA at a glance

Texas HB 149 — the facts as enacted

TRAIGA snapshot

Effective date
Jan 1 2026
Enforcement
Texas AG
Cure window
60 days

Texas Responsible Artificial Intelligence Governance Act (HB 149)

Who it applies to

Developers and deployers of AI systems doing business in Texas — including state agencies, which face additional disclosure duties.

Prohibited uses

AI intentionally designed for behavioral manipulation inciting harm, government social scoring, unlawful discrimination intent, and certain biometric capture without consent.

Enforcement

Exclusively by the Texas Attorney General — no private right of action. The AG can issue Civil Investigative Demands (CIDs) to compel documents and evidence.

Cure window

60-day notice-and-cure period before enforcement begins — a critical window to respond with evidence of how your AI systems operate.

This is an informational summary of TRAIGA as enacted — not legal advice. Consult counsel for obligations specific to your systems.

Civil Investigative Demand

When a CID arrives, you must produce evidence

A Civil Investigative Demand (CID) is the Texas AG's pre-enforcement discovery instrument under TRAIGA. When one arrives, you must produce evidence of how your AI systems actually run — inventories, risk assessments, logs, records of what the system did. A document binder assembled after the fact is the failure mode; a governed runtime record is the answer.

Penalty exposure under TRAIGA, as enacted:

  • Curable violations: $10,000–$12,000 each
  • Uncurable violations: $80,000–$200,000 each
  • Continuing violations: $2,000–$40,000 per day

How Cytra maps to TRAIGA

Control mapping, runtime records, and measurement

Control mapping

Cytra's control mapping across EU AI Act / NIST AI RMF / ISO/IEC 42001 extends to TRAIGA obligations — one set of controls, mapped once.

Audit-ready records

Tamper-evident, hash-chained records designed for an outside party (like the AG's office) to verify — not a document binder assembled after the fact.

Scheduled measurement

Bias and fairness measurement runs on a schedule against configured eval datasets — breaches raise auditable events in the record, evidence you can hand to an examiner.

TRAIGA CID Playbook Coming soon

A practical guide to preparing for and responding to a CID.

The TRAIGA CID Playbook covers what the AG can ask for, the response timeline, the evidence to have ready, and the 60-day cure playbook. It's being finalized — add your email and we'll send it the moment it's ready.

Next step readiness as a record

Turn TRAIGA obligations into a record of how your AI runs.

Cytra maps your controls once and turns how your AI runs into continuous evidence — so you can demonstrate alignment with TRAIGA without scrambling for documents. The managed gateway that generates the evidence is in private beta; tell us about your AI and we'll scope early access.

Cytra is aligned, not certified — we map evidence to TRAIGA; we do not assert that any certification has been granted.