TRAIGA · HB 3773 · FEHA Every applicable statute, on every file — verified, not assumed

The most rigorous AI-governance audit-readiness file a mid-market company can hold.

GovernRail assembles a documentation-complete AI-governance audit-readiness file — every required impact assessment, every notice template, every NIST AI RMF mapping, the system inventory, and the affirmative-defense evidentiary record — checked against the letter of Texas TRAIGA, Illinois HB 3773, and California FEHA/CCPA automated-decision rules before a credentialed attorney certifies it.

Every applicable subsection of TRAIGA, HB 3773, FEHANIST AI RMF & Generative AI Profile mappedSystem inventory · impact assessments · noticesAttorney-certified on every file5-business-day SLA
Why files fail

A single missing assessment can void your affirmative defense.

A company's AI-governance audit-readiness file is only as strong as the documentation behind it. Miss a required impact assessment, skip a system from your inventory, mis-map a NIST AI RMF function, or fail to produce a required notice — and the affirmative defense under TRAIGA evaporates, the evidentiary record under FEHA is incomplete, and a plaintiff's counsel will exploit the gap in discovery.

Most mid-market companies run this by hand, from memory, once or twice a year. The statutes have not been read end-to-end since the last time they mattered. That is exactly where completeness gaps hide.

GovernRail exists to close that gap with a single, exhaustive standard applied identically to every file.

$200,000
maximum penalty per uncurable TRAIGA violation; $40,000/day for continuing violations
The benchmark

Measured against the letter of the statutes — subsection by subsection.

We do not summarize the law and hope. Every file is scored against a versioned rule pack tied to the exact text of Texas TRAIGA, Illinois HB 3773, California FEHA/CCPA ADS rules, and the NIST AI RMF (including its Generative AI Profile). These are the provisions each file is held to.

TRAIGA §3(a)(1)

System inventory & risk classification

Every AI system used in a consequential decision is inventoried and classified as high-risk or not, per TRAIGA's definitions — no system omitted.

TRAIGA §3(b)(2)

NIST AI RMF substantial conformance

The file documents substantial conformance with the NIST AI RMF's Govern, Map, Measure, and Manage functions, including the Generative AI Profile where applicable.

Illinois HB 3773 §10

Discrimination impact assessment

A bias impact assessment for each AI system used in employment decisions, with documented testing and mitigation measures.

California FEHA ADS §11073

Input/output retention & notice

Four-year retention of AI inputs and outputs, plus required notices to employees and applicants, with evidence of compliance.

CCPA ADMT §999.341

Automated decisionmaking technology notice

Consumer-facing notice of ADMT use, right to opt out, and access to information about the logic and outcome.

NIST AI RMF §4.1

Risk management framework mapping

Each system is mapped to the AI RMF categories, with documented risk tolerances, impact assessments, and continuous monitoring.

How a file is built

Intake to attorney certification, with deterministic gates the AI cannot overrule.

AI extracts and drafts. Deterministic rules — running as code, outside the model — decide what is complete. A credentialed attorney certifies every release. That order is never reversed.

01

Gap Scan

Upload your AI system inventory and existing governance artifacts. We return a free completeness read: which statutory elements and NIST RMF mappings you already have, and which are missing.

02

System inventory & documentation

As your authorized clerical agent, we collect vendor model cards, system descriptions, and existing assessments, and build a corroborated system inventory.

03

Grounded drafting

Impact assessments, notices, and NIST RMF mappings are drafted from your validated data and the multi-state rule pack into field-locked templates — no legal opinions, no invented facts.

04

Deterministic completeness gates

Every required element is checked: system inventory completeness, impact assessment presence, notice templates, retention evidence, NIST RMF mapping. Any failure blocks release.

05

Attorney certification

An AI-governance-credentialed technology or employment attorney reviews the exception queue and certifies the file. High-exposure or novel systems route to additional review.

06

Delivery

You receive the file: system inventory, impact assessments, notice templates, NIST RMF mapping, evidence log, and a certification letter — ready for your affirmative defense or regulatory submission.

The bar we hold

Rigor you can measure.

100%
Attorney-certified
No file ships without a credentialed attorney's signature.
5 days
Standard SLA
From complete intake to certified file.
<1%
Critical-defect target
Tracked against a gold-standard file library.
3+
State statutes mapped
Texas TRAIGA · Illinois HB 3773 · California FEHA/CCPA, every applicable file.
Why GovernRail

Built to be the most thorough option a mid-market company has.

Documentation-complete, by design

The deliverable is completeness itself — every statutory element and NIST RMF mapping accounted for or explicitly exception-coded. Nothing is left implicit.

Deterministic, not vibes

The gates that decide completeness are code, not a model's opinion. A drafting error cannot slip past a statutory requirement.

In its lane, on purpose

We prepare documentation and run searches as your clerical agent. We never give legal advice, represent you in any enforcement action, or make system-risk determinations.

Engagement

Flat fee, per AI system per year, plus monthly monitoring. No contingency, ever.

Simple, predictable, and aligned with a documentation standard — not a cut of any litigation or enforcement outcome.

  • A free Gap Scan before you commit — see exactly what is missing.
  • One flat fee per AI system per year for the audit-readiness file; disclosed pass-through search fees.
  • Optional fixed-fee attorney review for novel or high-exposure systems.
  • Optional monthly monitoring subscription for regulatory updates and system inventory changes.
FAQ

Questions, answered precisely.

Is GovernRail a law firm?
No. GovernRail, a service of Your Deputy, Obuke LLC, provides documentation-completeness services. It is not a law firm, does not provide legal advice, and does not represent you in any legal matter. Attorney certification is available and recommended for high-exposure or novel systems.
Do you make risk determinations or legal conclusions?
Never. GovernRail does not determine whether a system is 'high-risk' or whether a mitigation is legally sufficient. Those are legal judgments for your counsel. We document the facts and map them to the statutory framework.
What makes a file 'complete'?
Completeness is defined by the statutes: a full system inventory, impact assessments for each covered system, required notices, NIST AI RMF mapping, and retention evidence. Deterministic gates enforce each one before certification.
How fast is it?
The standard SLA is five business days from complete intake to a certified file. The free Gap Scan is returned much sooner and tells you exactly what is still needed.
How are you priced?
A flat fee per AI system per year, plus a monthly monitoring subscription. No contingency and no percentage of any litigation or enforcement outcome.

See what's missing before it costs you an affirmative defense.

Start with a free Gap Scan. Send your AI system inventory and existing governance artifacts and we'll return a completeness read against every applicable statute and the NIST AI RMF.

Documentation-completeness service · not legal advice · your counsel retains all legal judgments.