What Government Entities Should Be Thinking About Before Signing AI Contracts

Texas has officially entered the AI-governance arena. In June 2025, Governor Abbott signed House Bill 149, the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), creating Texas’ first broad regulatory framework governing artificial intelligence systems. The law took effect January 1, 2026.
While much of the national discussion around AI regulation has focused on private-sector developers, TRAIGA is especially important for governmental entities. School districts, municipalities, counties, higher education institutions, and other public bodies increasingly rely on vendors offering AI-enabled services for surveillance, human resources, procurement, records review, student services, customer support, cybersecurity, and analytics. TRAIGA directly affects how Texas governmental entities may deploy and interact with those systems.
For public entities, the issue is no longer whether AI will be used. It is whether contracts, policies, and procurement processes are adequately structured to manage the legal and operational risks that come with it.
What Is TRAIGA?
TRAIGA establishes statewide guardrails for the development and deployment of artificial intelligence systems in Texas. The final enacted version is narrower than earlier drafts and is viewed as more business-friendly than the EU AI Act or Colorado’s AI legislation. Even so, it imposes several significant requirements and prohibitions that governmental entities cannot ignore.
Amongother things, the law:
- Prohibits certain harmful or discriminatory uses of AI;
- Creates disclosure obligations in some governmental interactions involving AI;
- Restricts certain biometric and social-scoring practices;
- Authorizes enforcement by the Texas Attorney General; and
- Establishes civil penalties for violations.
Importantly, the statute places substantial focus on governmental deployment of AI systems. As a result, public entities are likely to face greater scrutiny than many private-sector users when implementing or procuring AI-enabled technologies.
Why This Matters in the Contextof Government Contracts
Most governmental entities are not developing AI systems internally. Instead, they are purchasing software platforms or services from vendors that incorporate AI functionality behind the scenes. In many cases, the governmental entity may not fully understand the extent to which artificial intelligence is involved in the product at all.
That creates a significant practical concern. A district, municipality, or public institution may be deploying AI tools without fully understanding how those systems operate, what data they use, whether they involve automated decision-making, whether the outputs can be audited or explained, or whether they rely on biometric information or third-party generative AI models.
TRAIGA does not excuse a governmental entity simply because a vendor supplied the technology. Consequently, contracts will become one of the most important risk-management mechanisms available to public entities using AI systems.
Governmental Entities ShouldCarefully Evaluate AI Vendor Agreements
One of the most immediate issues governmental entities face is simply identifying whether a vendor is using artificial intelligence at all. Many modern software providers now market products as “AI-enhanced” without clearly explaining what functions actually involve AI. Contracts should therefore require vendors to specifically disclose whether AI functionality is being used, whether generative AI is incorporated into the product, whether automated decision-making occurs, and whether subcontractors or third-party AI models are involved in delivering the service.
TRAIGA’s core innovation lies in its focus on prohibited intent rather than discriminatory outcomes. This approach impacts contract drafting because every agreement must now create an evidentiary record of lawful purpose. The act’s primary prohibition—developing or deploying AI systems with intent to unlawfully discriminate—requires contracts to document not just what parties will deliver, but why they’re building it and how that purpose will be proven.
Governmental entities should ensure that contracts contain robust legal-compliance provisions tailored to AI-related risks. Many older technology agreements contain only generalized representations regarding compliance with “applicable law,” which may not adequately address emerging AI governance obligations. Contracts should specifically require compliance with TRAIGA, privacy laws, FERPA, HIPAA where applicable, biometric privacy requirements, public records laws, and anti-discrimination statutes.
Data ownership and data usage provisions also deserve careful scrutiny. Many AI systems are designed to improve themselves through user interactions and uploaded information. Governmental entities should closely evaluate whether a vendor intends to retain, reuse, or train its systems using governmental data. Public entities(particularly school districts handling sensitive student information) should strongly consider prohibiting vendors from using district or governmental data to train AI systems unless expressly authorized.
Transparency provisions are equally important. One of the recurring criticisms of AI systems is the so-called “black box” problem, where users cannot meaningfully determine how the system generated a particular recommendation or output. Governmental entities should consider requiring vendors to provide meaningful explanations regarding AI-generated outputs, disclose material system changes, maintain testing and validation documentation, and cooperate with investigations or public-information requests.
These issues become particularly important where AI systems may affect employment decisions, student discipline, law enforcement activities, eligibility determinations, or other governmental functions carrying significant legal or constitutional implications.
Liability Allocation andRisk-Shifting Provisions Require Closer Review
Governmental entities should carefully review how AI-related risk is allocated in vendor agreements. Many technology contracts contain broad warranty disclaimers stating that AI-generated outputs may be inaccurate, incomplete, or unreliable, while simultaneously limiting the vendor’s liability to a small portion of the contract value. In practice, that can leave the governmental entity assuming most of the operational and legal risk associated with the system.
When reviewing AI-related contracts, public entities should evaluate whether the agreement adequately addresses responsibility for claims involving discriminatory outputs, improper disclosure of sensitive information, cybersecurity incidents, or regulatory violations arising from the vendor’s technology. Indemnity provisions should be reviewed carefully to determine whether the vendor is actually standing behind the functionality of its AI system or merely disclaiming responsibility for its outputs.
Governmental entities should also consider whether the contract requires the vendor to maintain sufficient cyber liability and professional liability insurance covering AI-related claims and data incidents. If a vendor’s AI tool is used in areas such as student services, employment decisions, law enforcement, or records management, the entity should evaluate whether additional contractual protections are necessary given the heightened legal exposure associated with those functions.
In some circumstances, governmental entities may also wish to require contractual representations that the vendor has tested the system for bias, implemented safeguards against unauthorized disclosure of confidential information, and maintains procedures for responding to system failures or erroneous outputs. These provisions can help create a clearer framework for accountability if problems arise after deployment.
Finally, public entities should avoid contracts that allow vendors to materially change AI functionality during the contract term without notice or consent. A platform that begins as a limited automation tool may evolve into a significantly more autonomous system over time. Contracts should therefore require notice of material AI-related changes and preserve the governmental entity’s ability to review, reject, or terminate materially altered functionality.
Human Oversight Still Matters
TRAIGA reflects a growing concern among lawmakers regarding fully automated governmental decision-making. Even when AI tools are used to assist governmental operations, public entities should avoid overreliance on automated outputs without meaningful human review.
Policies and contracts should clearly identify who reviews AI-generated recommendations, whether human override authority exists, and when human review is mandatory before action is taken. This is especially important in areas involving employment, education, procurement, policing, student services, or benefits administration.
Governmental entities should also recognize that informal employee use of generative AI platforms may create risks independent of officially approved software systems. Many organizations likely already have employees using AI tools in daily operations without formal governance procedures or safeguards in place.
Practical Considerations Going Forward
Governmental entities should be evaluating their current practices to ensure compliance with TRAIGA. Existing vendor agreements should be reviewed to determine whether AI functionality is already embedded within currently deployed systems. Procurement templates and technology contracts may need updating to address AI-specific compliance obligations, data usage restrictions, audit rights, and indemnity concerns.
Governmental entities should likewise consider adopting internal AI-use policies, implementing approval procedures for new AI deployments, and training leadership and IT personnel regarding emerging compliance obligations under Texas law.
Final Thoughts
TRAIGA represents an important shift in Texas’s approach to artificial intelligence governance. Although the law is less restrictive than some early proposals, it sends a clear message that governmental entities deploying AI systems are expected to do so responsibly, transparently, and with appropriate oversight.
For Texas governmental bodies, the greatest immediate exposure point will likely not involve internally developed AI systems, but rather contracts with outside vendors whose products incorporate AI functionality in ways that may not always be obvious at the procurement stage.
As AI adoption accelerates, governmental entities should begin treating AI governance the same way they treat cybersecurity, FERPA compliance, procurement risk, and records management: as a legal and operational governance issue requiring deliberate oversight. It is not simply an IT issue.
For assistance reviewing AI-related vendor agreements, procurement language, internal governance policies, or compliance obligations under TRAIGA, our office would be happy to assist.
A Texas Law Firm with News You Can Use
No news is bad news. Stay current and remain informed on all legal news.
