An Austin CEO Warned That AI Adoption Is Outpacing Governance.

John Cronin, CEO of Austin-based digital agency Proven ROI, said something this week that every enterprise AI governance professional already knows but rarely hears from a business CEO: companies are deploying AI faster than they are governing it. He's right. The more interesting question — the one the press release didn't address — is why that gap is getting structurally harder to close in one of the most important AI deployment cities in the country.

Austin is not a secondary market in the AI story. Tesla has its headquarters there. Meta, Google, Amazon, and Microsoft all have significant operations in the city. The 2026 State of AI in Austin event, held in January, drew executives from Dell, Samsung, and a range of enterprise AI vendors. Vivek Mohindra, special adviser to Dell's vice chair and COO, told the crowd that global data center power usage is expected to quadruple from 400 terawatt-hours in 2024 to 1,600 by 2030 — and Texas is building much of the infrastructure that will carry that load. As of early 2026, the state hosts almost 400 AI data centers.

So when a CEO in Austin warns that adoption is outpacing governance, he is describing a problem that is very large, very local, and — as of January 1, 2026 — made considerably worse by state law.

Texas Passed an AI Law Then Blocked Anyone Else From Passing One

TRAIGA is genuinely worth understanding before dismissing it as either a victory for AI governance or a failure of it. It prohibits AI systems from being used for behavioral manipulation. It bars biometric surveillance. It forbids AI outputs that violate civil rights law. It says explicitly that AI cannot be used "in a manner that intentionally results in political viewpoint discrimination."

But the law's architecture has two features that matter enormously for the governance gap Cronin is describing. The first is the intent-based liability standard. Under TRAIGA, proving a violation requires proving malicious intent — the same standard as proving fraud, not the standard used for product safety or environmental regulation. You cannot hold a company accountable under TRAIGA for an AI system that produces discriminatory outcomes unless you can show the company meant to discriminate.

Colorado and Utah, which passed AI legislation around the same period, chose risk-based frameworks where demonstrated harm is sufficient. Texas chose intent. The practical consequence is that companies deploying AI in Texas carry significantly less regulatory exposure than companies deploying in Colorado — which is part of why Tesla, OpenAI, and Samsung have chosen Texas for major infrastructure investments.

"Violations require proof of malicious intent, regardless of whether the AI system has caused demonstrable harm. By prioritizing intent, TRAIGA reduces regulatory exposure for companies developing AI in the Lone Star State."

Austin Chronicle,

analysis of HB 149,

February 5, 2026

The second feature is preemption. HB 149 explicitly prohibits Texas cities and counties from adopting their own AI regulations. Austin, which hosts more AI infrastructure and more consequential AI deployments than most American cities, has no legal authority to set its own governance standards for the AI systems operating inside its limits. It can build internal city government standards for how city agencies use AI — which it did, issuing a memorandum on December 23, a week before TRAIGA went into effect, requiring human oversight guidelines and mandatory union consultation before AI tools are deployed in city operations. But that authority stops at the city's own systems. The tech giants in Austin answer to the state, not the city.

What’s The Factual Evidence Supporting John’s Warning?

The warning Cronin issued — AI adoption outpacing governance — is documented in survey data from multiple independent sources released this week alone. The American Arbitration Association surveyed 500 senior legal and executive leaders and found that 87% report having some form of AI governance in place. Only 22% say those systems are actually operating effectively. RSM surveyed 501 middle market executives and found that only 35% have formal AI governance frameworks at all. The AAA also found that only 33% of organizations have defined escalation pathways when AI systems misbehave, and just 22% say they are very confident they could produce governance evidence for regulators or auditors on demand.

87% SAY THEY HAVE AI GOVERNANCE IN PLACE — AAA, MAY 2026

22% SAY THEIR GOVERNANCE SYSTEMS ARE ACTUALLY EFFECTIVE — AAA, MAY 2026

63% OF AUSTIN RESIDENTS CITED DEEPFAKES AND MISINFORMATION AS THEIR TOP AI CONCERN — AAIA SURVEY, 2026

That 65-point gap between having governance and having governance that works is what Cronin is describing, even if he did not put numbers on it. And it exists across every market segment — large enterprise and middle market, financial services and technology, Austin and everywhere else. GAIG covered this in detail in the four-source synthesis published this week.

"The winners of the AI race may be those who adapt to change the best."

Sean Bauld, Executive Director,

Austin AI Alliance — State of AI in Austin,

January 27, 2026

the Gap Stays Open When the Regulator and the Attorney General Are the Same Person

TRAIGA concentrates enforcement authority in a single office: the Texas Attorney General. There is no state AI agency, no regulatory body with technical expertise, no municipal enforcement mechanism. Ken Paxton's office — the same office that aired an AI-generated political attack ad featuring fabricated images of a US senator and a US congressperson dancing in a Texas dance hall — is the sole enforcement authority for Texas AI law. The political ad, which ran January 16, used AI-generated video that TRAIGA would arguably prohibit under its deepfake provisions. The Attorney General's campaign office is an end user under the law's narrow definitions, so it falls outside the scope of what Paxton's AG office can penalize.

This is the governance gap made concrete. The law exists. The violation arguably occurred. The enforcement mechanism cannot reach it because the definitions were drawn narrowly enough to exclude the political actors who wrote them. Miranda Williamson, reporting for the Austin Chronicle, documented this specifically in February 2026, noting that TRAIGA's narrow definition of "deployers" means only platforms, vendors, and government agencies face penalties — not campaign offices, not end users, not the vast majority of organizations actually deploying AI in practice.

"The findings highlight a central contradiction of TRAIGA: While the law regulates intent, public anxiety is driven by impact. In a state where political reality can be generated with a few keystrokes, the question is no longer whether AI causes harm, but whether a legal framework focused on intent can address downstream consequences."

Miranda Williamson, Austin Chronicle, February 5, 2026

Austin Is Building Internal Standards Instead

Austin's response to preemption is worth documenting because it represents what cities are left with when state law removes their regulatory authority. On December 23, 2025 — one week before TRAIGA went into effect — Austin's city council issued a memorandum tasking the city manager with creating internal AI governance standards covering human oversight guidelines, workforce protections, and environmental impact analysis. Critically, it requires formal consultation with AFSCME Local 1624, the union representing all city of Austin employees, before AI tools are deployed in ways that could alter job duties or working conditions.

"The AI systems used at the city so far are used to assist workers and public safety: real-time wildfire detection, AI precheck to speed up development plans, and past use to provide COVID-19 information to the public. The AI resolution allows AFSCME to bring up concerns and work with city management as AI is integrated into the city's workforce."

Todd Kiluk, Manager for Union Representatives and Data Analytics,

AFSCME Local 1624 — Austin, TX

These are reasonable governance steps for a city government. They are also governance steps that apply only to the city's own systems and employees. They say nothing about the AI systems running inside the Tesla facility, the Meta data center, or the dozens of enterprise AI deployments operating within Austin's geographic boundary under the umbrella of TRAIGA's intent-based liability standard. The city has governance authority over itself. It has no governance authority over the industry that chose Austin precisely because the state governance framework is permissive.

Margaret Cook, VP of water and community resilience at the Houston Advanced Research Center, described the downstream consequences of this asymmetry to the Austin Chronicle specifically in the context of water — Texas data centers consumed an estimated 25 billion gallons of water in 2025, projected to reach 161 billion gallons by 2030. The infrastructure burden lands on cities. The regulatory authority sits at the state level. The accountability structure for what happens between those two facts is what TRAIGA was supposed to provide and what its preemption clause and intent-based liability standard make structurally inadequate.

"They've been under strict water restrictions, but they give industry a variance for a small fee. The community recently rejected a desalination plant for a variety of reasons, one of which was that residents didn't want to pay higher rates to socialize the cost of water. This is a warning sign for other communities that want to welcome large water users with low water rates and their current supply, knowing they are trading their community's long-term water supply for a short-term win."

Margaret Cook, Ph.D., VP of Water and Community Resilience,

Houston Advanced Research Center

When State Law Is the Floor Enterprise Governance Has to Be the Ceiling

The Texas story has a specific implication for enterprise AI governance that goes beyond the regulatory debate. TRAIGA's intent-based liability standard means that companies in Texas face less regulatory exposure than companies in Colorado or Utah — and significantly less than companies operating under the EU AI Act. That asymmetry creates a specific governance risk for enterprises that operate across jurisdictions: a governance program calibrated to Texas's permissive standard will fail examination the moment a regulatory question arises under EU AI Act Article 72, SR 11-7, or a future federal standard that adopts risk-based rather than intent-based liability.

Calibrating AI governance to the most permissive jurisdiction an organization operates in is the governance equivalent of building a firewall to the lowest local code requirement and then being surprised when it fails in a building designed to a national standard. Organizations deploying AI in Texas should treat TRAIGA as the legal floor — the minimum required to operate without state enforcement action — and build their governance programs to the standards that the most demanding jurisdiction they operate in, or plan to operate in, will require. The EU AI Act's August 2026 deadline is three months away. The gap between what TRAIGA requires and what the EU AI Act requires is significant.