TECH TAKE AI: TRAIGA, FEDs, NIST & ISDs by Steve Barnwell and Kim Bowlin
T
he Texas Responsible Artificial Intelligence Governance Act (TRAIGA) took effect on Jan. 1, 2026, placing Texas among the first states to adopt a comprehensive AI policy. Texas Local Education Agencies (LEAs), including local school districts, must now meet new compliance requirements that also align with best practices in voluntary federal frameworks such as NIST’s AI Risk Management Framework (AI RMF). This article examines the firm boundaries for school districts in terms of adherence to state law and how those steps can both assist and measure risk management actions. Understanding how these pieces fit together is essential for district technology leaders as they navigate responsible AI adoption.
Defining TRAIGA Texas law applies TRAIGA to AI developers, organizations that deploy AI tools, and governmental entities. Local public school districts, acting as branches of local government, are explicitly covered by this legislation (Section 552.001). Compliance begins with disclosure. A covered organization that deploys an AI system intended to interact with consumers must disclose that the person is interacting with an AI system. This disclosure must occur before any AI interaction. For school districts, both students and parents are included in the legislative definition of consumers. In addition to disclosing a deployed AI interaction tool, TRAIGA requires explicit clarity in the language used, visually conspicuous notices, and that this information be relayed through a new webpage hyperlinked from the disclosure statement. All chatbots, virtual assistants, and automated systems that schools use to interact with students, parents, staff, or the community require this clear disclosure, even if the tool is obviously AI-driven to a reasonable person. Continuing with compliance requirements beyond disclosure, Texas has also defined some parameters for prohibited and inappropriate uses of AI. The law limits the misuse of AI for social scoring, discrimination, or invasive biometric identification. This could apply to AI-driven discipline tools, predictive analytics tools, and surveillance systems in school settings. These protections could indirectly strengthen student civil liberties and require districts to update data practices. Because the law imposes civil penalties requiring certain disclosures, school districts will likely need to revise contract language to ensure vendors comply with state AI regulations. Additionally, districts will need to develop internal policies to evaluate AI risk and privacy implications. Tracking and reporting systems for the AI tools used will also be required. The TRAIGA bill preempts local AI regulations, meaning districts cannot adopt their own separate AI regulatory frameworks that conflict with state law. Practical implications for school district leaders include auditing current and proposed AI tools. Leaders should work to identify AI systems used in curriculum delivery, scheduling, evaluation, predictive modeling, or student services. District leaders should begin to update their privacy and data governance policies. They should ensure alignment with the law’s definition and protections, especially regarding biometric data and AI disclosures. Districts should train staff and procurement teams so they understand what qualifies as AI under the law, compliance requirements, and risk management expectations. Finally, districts should review and revise vendor contracts to include certification of AI compliance, data protection commitments, and liability clauses related to AI misuse.
SPRING 2026
29