System inventory & risk classification
Every AI system used in a consequential decision is inventoried and classified as high-risk or not, per TRAIGA's definitions — no system omitted.
GovernRail assembles a documentation-complete AI-governance audit-readiness file — every required impact assessment, every notice template, every NIST AI RMF mapping, the system inventory, and the affirmative-defense evidentiary record — checked against the letter of Texas TRAIGA, Illinois HB 3773, and California FEHA/CCPA automated-decision rules before a credentialed attorney certifies it.
A company's AI-governance audit-readiness file is only as strong as the documentation behind it. Miss a required impact assessment, skip a system from your inventory, mis-map a NIST AI RMF function, or fail to produce a required notice — and the affirmative defense under TRAIGA evaporates, the evidentiary record under FEHA is incomplete, and a plaintiff's counsel will exploit the gap in discovery.
Most mid-market companies run this by hand, from memory, once or twice a year. The statutes have not been read end-to-end since the last time they mattered. That is exactly where completeness gaps hide.
GovernRail exists to close that gap with a single, exhaustive standard applied identically to every file.
We do not summarize the law and hope. Every file is scored against a versioned rule pack tied to the exact text of Texas TRAIGA, Illinois HB 3773, California FEHA/CCPA ADS rules, and the NIST AI RMF (including its Generative AI Profile). These are the provisions each file is held to.
Every AI system used in a consequential decision is inventoried and classified as high-risk or not, per TRAIGA's definitions — no system omitted.
The file documents substantial conformance with the NIST AI RMF's Govern, Map, Measure, and Manage functions, including the Generative AI Profile where applicable.
A bias impact assessment for each AI system used in employment decisions, with documented testing and mitigation measures.
Four-year retention of AI inputs and outputs, plus required notices to employees and applicants, with evidence of compliance.
Consumer-facing notice of ADMT use, right to opt out, and access to information about the logic and outcome.
Each system is mapped to the AI RMF categories, with documented risk tolerances, impact assessments, and continuous monitoring.
AI extracts and drafts. Deterministic rules — running as code, outside the model — decide what is complete. A credentialed attorney certifies every release. That order is never reversed.
Upload your AI system inventory and existing governance artifacts. We return a free completeness read: which statutory elements and NIST RMF mappings you already have, and which are missing.
As your authorized clerical agent, we collect vendor model cards, system descriptions, and existing assessments, and build a corroborated system inventory.
Impact assessments, notices, and NIST RMF mappings are drafted from your validated data and the multi-state rule pack into field-locked templates — no legal opinions, no invented facts.
Every required element is checked: system inventory completeness, impact assessment presence, notice templates, retention evidence, NIST RMF mapping. Any failure blocks release.
An AI-governance-credentialed technology or employment attorney reviews the exception queue and certifies the file. High-exposure or novel systems route to additional review.
You receive the file: system inventory, impact assessments, notice templates, NIST RMF mapping, evidence log, and a certification letter — ready for your affirmative defense or regulatory submission.
The deliverable is completeness itself — every statutory element and NIST RMF mapping accounted for or explicitly exception-coded. Nothing is left implicit.
The gates that decide completeness are code, not a model's opinion. A drafting error cannot slip past a statutory requirement.
We prepare documentation and run searches as your clerical agent. We never give legal advice, represent you in any enforcement action, or make system-risk determinations.
Simple, predictable, and aligned with a documentation standard — not a cut of any litigation or enforcement outcome.
Start with a free Gap Scan. Send your AI system inventory and existing governance artifacts and we'll return a completeness read against every applicable statute and the NIST AI RMF.
Documentation-completeness service · not legal advice · your counsel retains all legal judgments.