Overview
Texas just became the third state to ban AI systems designed for discrimination, self-harm, and illegal surveillance. On January 1, 2026, the Texas Responsible Artificial Intelligence Governance Act took effect with penalties up to $200,000 per violation—but there's a problem. Ten days earlier, President Trump signed an executive order directing the Justice Department to kill state AI laws like this one.
The collision is no accident. While Congress stalled for years, states rushed to fill the void—38 passed AI laws in 2025 alone. Now the federal government wants that power back, setting up a constitutional showdown over who gets to regulate the technology reshaping medicine, hiring, policing, and finance. At stake: whether a patchwork of state rules will govern AI development, or whether Washington can impose a single national standard.
Key Indicators
People Involved
Organizations Involved
First-in-nation state council overseeing AI innovation sandbox and regulatory compliance.
State IT agency running the nation's first regulatory sandbox for AI testing.
Federal task force created to challenge state AI regulations on constitutional grounds.
Timeline
-
DOJ AI Task Force Deadline
Federal Action30-day deadline for Attorney General to establish AI Litigation Task Force to challenge state laws on interstate commerce and preemption grounds.
-
Texas AI Law Takes Effect
ImplementationThe Responsible AI Governance Act becomes enforceable. Attorney General Ken Paxton gains exclusive enforcement authority with penalties up to $200,000 per violation. Regulatory sandbox opens for applications.
-
38 States Pass AI Legislation in 2025
LegislativeRecord year of state AI lawmaking concludes with legislation on elections, medical AI, deepfakes, and algorithmic discrimination across most of the country.
-
Trump Orders Federal Preemption of State AI Laws
ExecutivePresident Trump signs executive order directing Justice Department to challenge state AI laws, seeking "minimally burdensome national policy framework." Legal experts question constitutional authority.
-
Colorado Delays AI Act Implementation
LegislativeGov. Polis signs bill postponing Colorado AI Act enforcement five months from February 1 to June 30, 2026, amid industry compliance concerns.
-
Gov. Abbott Signs Texas AI Law
ExecutiveGovernor Greg Abbott signs HB 149, making Texas the third state with comprehensive AI regulation. Law creates Texas Artificial Intelligence Council and first-in-nation regulatory sandbox.
-
Texas Legislature Sends HB 149 to Governor
LegislativeFinal version of Responsible AI Governance Act passes, dramatically scaled back from December 2020 proposal to balance innovation with consumer protection.
-
Texas House Overwhelmingly Passes HB 149
LegislativeHB 149 passes Texas House 146-3, prohibiting AI systems designed for manipulation, discrimination, and harmful content while creating regulatory sandbox.
-
California's SB 1047 Vetoed
LegislativeGov. Gavin Newsom vetoes the Safe and Secure Innovation for Frontier AI Models Act, arguing it targets model size rather than deployment risk, missing "the forest for the trees."
-
EU AI Act Enters Force
InternationalWorld's first comprehensive AI regulation takes effect in European Union, establishing risk-based framework with penalties up to €35 million or 7% of global revenue.
-
Colorado Passes Comprehensive AI Act
LegislativeGov. Jared Polis signs the Colorado Artificial Intelligence Act regulating high-risk AI systems with penalties up to $20,000 per violation. Implementation later delayed to June 30, 2026.
-
Utah Becomes First State with AI Consumer Protection Law
LegislativeUtah enacts the Artificial Intelligence Policy Act, focusing on disclosure requirements when consumers interact with generative AI. The law is later significantly narrowed in 2025.
Scenarios
Federal Courts Strike Down Preemption Order, State Laws Survive
Discussed by: Legal scholars quoted in NPR, analysis from Gibson Dunn, Paul Hastings, and Morrison Foerster
Federal judges rule that Trump's executive order lacks constitutional authority to preempt state legislation—only Congress can do that, and no comprehensive federal AI statute exists as a preemption basis. Texas, Colorado, California and other states successfully defend their laws on Tenth Amendment grounds. The patchwork of state regulations continues, with tech companies facing 50 different compliance regimes. This scenario mirrors historical technology regulation where states led (data breach notification, net neutrality during federal gaps). Industry groups intensify lobbying for Congressional action to establish actual uniform standards, but partisan gridlock prevents passage.
Congress Passes Federal AI Law, Preempts State Action
Discussed by: White House policy framework, industry coalition analysis from SHRM and Skadden
Facing mounting pressure from tech companies navigating conflicting state rules and emboldened by the executive order's political signal, Congress passes comprehensive federal AI legislation establishing national standards. The law includes explicit preemption language nullifying state laws like Texas HB 149, Colorado's AI Act, and California regulations. This resolves the compliance patchwork but likely weakens consumer protections compared to the strongest state laws. Congress exempts certain areas—possibly child safety and state government procurement—allowing limited state authority. Enforcement shifts to federal agencies like the FTC or a new AI regulator.
Negotiated Federalism: Exemptions and Coordination
Discussed by: State attorneys general discussions, federalism experts analyzing hybrid regulatory models
Rather than all-or-nothing court battles, the federal government and states negotiate a middle path. The Commerce Department's identification of "onerous" laws becomes a negotiation starting point. States agree to harmonize certain provisions—like sandbox requirements and enforcement timelines—while maintaining authority over areas with local impact. Texas keeps its prohibition on discriminatory AI and biometric surveillance; the federal government establishes baseline standards for interstate AI commerce. A coordinating body emerges similar to state-federal cooperation on environmental or consumer protection law. This scenario requires political compromise currently absent from the landscape.
Regulatory Race to the Bottom
Discussed by: Consumer advocacy groups, analysis of competitive state dynamics
Facing threats of federal preemption and industry pressure, states begin weakening their AI laws to remain "business-friendly." Texas's already industry-favorable framework—intent-based liability, no private right of action, extensive safe harbors—becomes the ceiling rather than the floor. Colorado delays implementation again. California abandons CPPA's automated decision-making regulations. The regulatory sandbox becomes the dominant model, offering companies liability shields without meaningful enforcement. Tech companies exploit the weakest state standards while the federal government declines to fill the gap, resulting in minimal AI accountability nationwide. This mirrors what happened with state privacy laws before GDPR and CCPA created pressure for stronger standards.
Historical Context
State Data Breach Notification Laws (2003-2018)
2003-2018What Happened
California passed the first data breach notification law in 2003 after a massive security failure exposed personal information. By 2018, all 50 states had enacted versions, but with wildly different requirements for timing, scope, and penalties. Companies faced a compliance nightmare navigating conflicting state standards. Congress repeatedly failed to pass a federal data breach law despite bipartisan support.
Outcome
Short term: State laws created baseline consumer protections absent from federal law, forcing companies to improve security practices.
Long term: The patchwork persists today. No federal preemption occurred, but the chaos contributed to momentum for comprehensive privacy laws like GDPR and CCPA.
Why It's Relevant
Shows states can sustain regulatory authority even without federal coordination—and that Congressional action isn't inevitable despite industry complaints about compliance costs.
Net Neutrality and FCC Preemption (2017-2021)
2017-2021What Happened
After the FCC repealed federal net neutrality rules in 2017, states including California, Washington, and Oregon passed their own. The FCC claimed its deregulation order preempted state action. California sued, arguing the FCC can't prohibit state regulation in an area where it declined to regulate. Courts sided with California, ruling the FCC lacked authority to bar state laws when it abandoned its own regulatory role.
Outcome
Short term: States successfully defended their authority to regulate internet service providers despite FCC opposition.
Long term: The Biden FCC restored net neutrality in 2024, but the precedent established that federal deregulation doesn't automatically preempt state action.
Why It's Relevant
Directly parallels Trump's AI order—claiming federal preemption while pursuing deregulation. The net neutrality precedent suggests courts may reject this approach for AI as well.
EU GDPR Forcing Global Standards (2018)
2016-2018What Happened
The European Union passed the General Data Protection Regulation, the world's first comprehensive data privacy law, in 2016 with enforcement beginning in 2018. Despite being a regional law, GDPR's extraterritorial provisions and severe penalties (up to 4% of global revenue) forced global companies to implement GDPR-level protections worldwide. U.S. states followed with their own laws (CCPA in California), creating momentum that federal inaction couldn't stop.
Outcome
Short term: U.S. tech companies initially resisted, then largely complied globally to simplify operations rather than maintain separate systems.
Long term: GDPR became the de facto global standard. U.S. federal privacy law still doesn't exist, but state laws now cover most Americans.
Why It's Relevant
The EU AI Act may play the same role for AI regulation that GDPR did for privacy—setting a global standard regardless of U.S. federal policy. Texas and other states may be following this template.