Contact Us
Countdown / TRAIGA AG complaint portal opens / Sept 1, 2026 / — days remain / Get TRAIGA-ready

Decision Intelligence for Energy

Clarity at the point of decision, for the high-stakes commercial decisions of selling into oil & gas.

We help technology, equipment, and software companies align their product, positioning, and go-to-market strategy with how the oil & gas industry actually operates, from where your solution fits in the value chain to an executable plan that generates traction.

Selling into oil & gas? Talk to us about your go-to-market See our work

Six proof cases across energy go-to-market and AI governance. Read the case studies →

Request a Governance Readiness Assessment
95% of EHS+ teams use unapproved AI CORITY INSIGHTS '25 →

Specialist service: AI decision governance. When an AI decision is challenged, can you prove who authorized it?

We surface unsanctioned AI already running inside your organization, and produce the defensible record regulators are about to ask for.

Find Your Shadow AI — $2,500 Read the framework
Production Proof Case

Tamboran Resources — 60 days from invisible to #1 across 4 brand-basin queries on 6 LLMs. The first measured proof case for Digital Information Governance®.

Read the case study

/ Stakes by the numbers

Why now. In four numbers.

Sourced figures from regulators, vendor primary research, and a published energy-sector case study. The exposure is concrete; the calendar is real.

/01 Texas penalty

$200K/violation

Plus $40K/day continuing under TRAIGA. AG complaint portal opens Sept 1.

Source: Texas HB 149 (TRAIGA) final bill text — capitol.texas.gov

/02 EHS+ shadow AI

95%

Of EHS+ teams use AI tools that have not been formally approved by their organizations.

Source: Cority — State of EHS+ Insights, 2025

/03 Connected ops · AI exposure

$1M/day

What a single decision miss costs in connected oil & gas — the loss surface AI is now making calls inside.

Source: Ericsson — private 5G in oil and gas, April 2025 (ericsson.com/en/blog)

/04 Tamboran case

+100% / 60d

Tamboran AI brand visibility doubled in 60 days; 6 LLMs corrected from misrepresenting the operator.

Source: ModalPoint case study, Tamboran Resources (NYSE/ASX: TBN), Feb–Apr 2026

/ Where we sit in your stack

AI is the unowned intersection.

Energy and infrastructure operators have separately owned IT (information) and OT (operations) for thirty years. AI is the decision substrate that now lives in the overlap — and that overlap is the lane no one inside most operators formally owns yet.

IT Information Technology Owner: CISO / IT Director OT Operational Technology Owner: COO / Ops VP AI Decision Layer Owner: nobody (yet) MODALPOINT OWNS THIS LANE
/ IT Information Technology. Cybersecurity, data residency, network audit. Vocabulary: SOC 2, endpoints, compliance. Reports to CIO → CFO → audit/risk committee.
/ OT Operational Technology. Reliability, safety, uptime — the floor. Vocabulary: MOC, SCADA, P&ID, turnaround. Reports to COO → ops/safety committee.
/ AI The intersection. Decision authority, decision traceability, audit-readiness. Owner today: nobody. The default fallback is “IT will figure it out,” which is failing. We supply the vocabulary.

Operators don’t have a governance problem yet. They have a who-owns-what problem — and AI is the unowned overlap.

Map your phase →

Where AI governance vendors actually compete — and where they don't.

Detection-after-the-fact inside one hyperscaler stack is crowded. Authorization-before-the-call across vendors is the lane no one else has reached.

Cross-vendor ↑ / Hyperscaler-locked ↓
Cross-vendor · Authorization
ModalPoint
Decision Registry · pre-authorization · cross-substrate evidence chain
Cross-vendor · Detection
Lakera, Robust Intelligence, Hidden Layer
Forensic. After-the-fact. Tells you what already broke.
Hyperscaler-locked · Authorization
— gap —
No vendor authorizes pre-call across vendors AND owns one substrate.
Hyperscaler-locked · Detection
Microsoft Agent 365, Zenity, Credo AI
Detection inside one stack. Strong if you live there. Blind across.
Detection ← / Authorization →

The four layers of agent governance.

Most vendors stop at Detect. ModalPoint adds the Authorize and Attest layers — the ones that survive a regulator, board, or counsel inquiry.

/01

Detect

Which agents are running. Where. Owned by whom. Surface unsanctioned use.

All vendors
/02

Authorize

Pre-bind every regulated decision to a policy basis and a named human. Before the model runs.

ModalPoint
/03

Attest

Capture the evidence chain — prompt, retrieval, reasoning, sign-off — in defensible schema.

ModalPoint
/04

Audit

Export the binder. Single artifact maps to TRAIGA, EU AI Act, NIST AI RMF, ISO 42001.

Audit firms

Authorize before. Not detect after.

Most AI governance vendors are forensic. They tell you what already broke. ModalPoint registers the decision, the policy, and the human accountable — before the model runs.

Every regulated decision, accountable.

Our Decision Registry captures the authorization layer that audit-defensible AI requires: who approved this decision, against what policy, on what model, and with what classification. Vendor-neutral. Substrate-neutral.

When a regulator, board, or legal team asks “why did your AI do this” — the answer is one query away.

See the full framework See a sample audit report
/03 What sets us apart

Three things every other AI governance vendor gets wrong.

We've sat across the table from the people who eventually have to defend the decision. The wedge is operational, not academic.

/01 Binders, not memos

Shippable artifacts.

We build the deliverables that satisfy documentation requirements and hold up under audit — not just legal interpretations.

/02 One binder, four frameworks

~70% obligation overlap.

TRAIGA, EU AI Act, NIST AI RMF, ISO 42001 obligations overlap. Built correctly, a single governance binder satisfies all four.

/03 Built by operators

For operators.

A decade helping energy companies make high-stakes decisions in complex, regulated markets. The discipline carries over directly to AI governance.

Binders, Not Memos.
We build the shippable artifacts that invoke safe harbors, satisfy documentation requirements, and hold up under audit — not just legal interpretations.

One Binder, Four Frameworks.
Approximately 70% of TRAIGA, EU AI Act, NIST AI RMF, and ISO 42001 obligations overlap. Built correctly, a single governance binder satisfies all four.

Built by Operators.
A decade helping energy companies make high-stakes commercial decisions in complex, regulated markets. The discipline carries over directly to AI governance.

See What We Do

Four pillars of Digital Information Governance®.

DIG® is our registered operating framework for AI accountability. Every audit-defensible AI decision maps to one of these pillars — or it can't survive a regulatory inquiry.

/01

Information Provenance

Where the data came from, who is allowed to use it, and what its license terms permit. The first thing a regulator asks.

/02

Decision Traceability

Which inputs, models, and policies produced a given decision — reproducible from the registry record, not reconstructed after the fact.

/03

Representation Integrity

How AI-generated outputs are labeled, attributed, and disclosed when they enter regulated workflows or external communications.

/04

Audit Readiness

Governing systems, policies, and decision registries that satisfy TRAIGA, EU AI Act, NIST AI RMF, and ISO 42001 in a single binder.

Learn more about the DIG framework

Start where the friction is lowest.

Most operators begin with the diagnostic. The tier you need depends on what the assessment surfaces and what regulatory pressure you're already facing.

Tier 0
Shadow AI Exposure Assessment
$2,500 / 3 weeks
Surface unsanctioned AI usage. Classify across 4 lenses (TRAIGA / EU AI Act / NIST AI RMF / ISO 42001). Output: PDF roadmap, decision registry seed, 60-day execution sequence.
Begin
Tier 1
Texas Ready by September
$35,000 / 4–6 wks
TRAIGA-ready governance framework. Audit-defensible policy + decision registry — meeting the substantial-compliance defense under TRAIGA §552.105 before the Sept 1 AG complaint portal opens.
Inquire
Tier 2
Cross-Border Governance Binder
$75,000 / 8–12 wks
EU AI Act + TRAIGA + NIST AI RMF mapping. Multi-jurisdiction defensible binder. Structured for portfolio-level deployment across operating entities.
Inquire
Tier 3
Governance-as-a-Service
From $5,000 / month
Ongoing governance partnership. Decision registry maintenance, regulatory monitoring, audit prep. Scales across portfolio entities under one operating standard.
Inquire

Six things energy operators ask first.

Short answers. The full reasoning lives in the framework pillars and the 5-day Assessment scoping call.

Q01Does TRAIGA actually apply to upstream / midstream operations?

Yes — if your AI-influenced decisions touch any of the protected categories (employment, credit, housing, healthcare, public benefits, education, criminal justice). For energy operators that mostly shows up in workforce decisions (hiring, scheduling, performance), credit/insurance scoring on contractors and JV partners, and any safety-critical AI in production environments. (Subchapter E doesn’t explicitly enumerate OT/SCADA process-control AI; we treat safety-critical AI as in-scope under the prudent-operator interpretation, pending AG guidance.) The Texas AG complaint portal opens September 1, 2026.

The cure window is short and the substantial-compliance defense (Sec. 552.105) is the only off-ramp. Read the federal-floor pillar →

Q02We have JV partners or assets in Europe. Does the EU AI Act actually reach us?

Article 2 territorial scope is broad. If you have EU customers, EU offices, EU data flows, or EU joint-venture partners whose decisions you touch with your AI, you're in scope whether or not your headcount is in Europe. High-risk obligations activate August 2, 2026. That includes Annex IV technical documentation and Article 14 human oversight.

The Cross-Border Governance Binder (Tier 2) is the engagement built specifically for this. See the binder structure →

Q03How does this work alongside our existing Cority / EHS management system?

Cority and similar EHS·Q platforms are excellent at structured incident, audit, and compliance workflows. They were not built for the AI-decision authorization layer that TRAIGA, the EU AI Act, and NIST AI RMF now require. ModalPoint sits next to your EHS/QMS, not on top of it. The Decision Registry feeds into existing audit trails. We don't ask you to rip and replace.

Cority's own 2025 research found 95% of EHS+ teams already use unapproved AI tools. The governance gap is real even where the EHS layer is mature.

Q04What does the 5-day Readiness Assessment actually deliver?

One-page executive gap report (DIG® pillars vs. four regulatory regimes), AI System Inventory template scoped to your environment, prioritized fix list ranked by exposure and time-to-remediate, one-hour readout with your executive team, and an honest written recommendation about whether Tier 1, Tier 2, Tier 3, or just the Tier 0 Shadow AI Assessment is the right next step.

Fixed scope. Fixed fee ($5,000). Five working days from kickoff. See the day-by-day breakdown →

Q05What's the IT/OT/AI seam and why does it matter for our control rooms?

Most energy operators have clean separation between IT (corporate systems) and OT (process control, SCADA, ESD). AI is now arriving in both lanes — predictive maintenance models reading from OT historians, copilots writing in IT systems — and most governance frameworks were drafted before that crossover existed. The "seam" is where an AI recommendation in IT influences an OT decision (or vice versa) without a clear authorization handoff.

This is the highest-risk surface for regulated operators because failure modes can be safety-impacting. We treat it as a distinct governance domain inside DIG®.

Q06Do we actually have to name individuals as "decision authorizers"?

For decisions classified as REGULATED in your Decision Registry — yes. The TRAIGA substantial-compliance defense, EU AI Act Article 14 human oversight, and NIST AI RMF all assume a named accountable human in the loop. "The model decided" is not a defense in any of those regimes.

For non-regulated decisions, role-level authorization is sufficient. The Decision Registry separates the two so you're not over-papering low-stakes work.

Have a question we didn't cover? Bring it to a 5-day Assessment scoping call →

THREE WAYS TO WORK WITH US

Texas Ready by September

For Texas operators. A 4-6 week program delivering NIST AI RMF mapping, AI system inventory, and a TRAIGA cure playbook.

Cross-Border Binder

For EU + Texas operators or PE multi-portfolio governance. An 8-12 week program delivering all nine DIG® artifacts across TRAIGA, EU AI Act, NIST, and ISO 42001.

Governance-as-a-Service

For ongoing portfolio-level governance. A monthly retainer maintaining your binder as AI, regulation, and workflows evolve.

TEXAS READY BY SEPTEMBER

Substantial-compliance posture before the Texas AG complaint portal goes live September 1, 2026.

  • NIST AI RMF substantial-compliance mapping + complete AI system inventory
  • Intent documentation packets + red-team testing protocols
  • TRAIGA cure playbook and safe-harbor artifacts
Texas Ready Details
Infographic showing the four pillars of Digital Information Governance: Information Provenance, Decision Traceability, Representation Integrity, and Audit Readiness.
Containment diagram showing the TRAIGA state-law standard sitting inside the broader federal civil rights framework, with the gap of federal obligations that TRAIGA does not cover.
CROSS-BORDER GOVERNANCE BINDER

For operators with any EU customer, joint venture, or AI output consumed in the Union. One binder, four frameworks.

  • EU AI Act Annex IV technical file + NIST-structured core
  • FRIA + DPIA package + post-market monitoring plan
  • Vendor due diligence kit + serious incident reporting SOP
Cross-Border Details
GOVERNANCE-AS-A-SERVICE

A monthly retainer that maintains your binder as AI, regulation, and your workflows evolve. Drift monitoring, regulatory watch, annual re-certification support, and incident response standby — for operators with continuous exposure.

  • Drift monitoring + regulatory watch
  • Annual re-certification support
  • Incident response standby
Start a Conversation
Three layered dark glass panels stacked on a walnut conference table, representing the layered structure of the Digital Information Governance framework.
PROOF

Certified AI Auditor (CAIA). Independently certified to audit AI decision systems, with active participation in the Texas HB 149 / TRAIGA governance process. Digital Information Governance® — U.S. trademark (USPTO Reg. 99559923). Three provisional patents filed in the AI decision governance space. Certified AI Auditor (CAIA). 25+ years of energy commercialization advisory through EWR Digital. Tamboran Resources — named energy-sector engagement under the DIG® framework (read the case study). Goldman Sachs 10,000 Small Businesses graduate (April 2026). OTC 2026 panelist on AI governance for energy operators.

Meet Matt
Matt Bertram, CEO of ModalPoint

Find what's already running inside your organization.

3 weeks · $2,500 · 60-day roadmap Begin a Shadow AI Exposure Assessment

Pillar reading.

Three published deep-dives covering the framework, the federal preemption question, and the 5-day diagnostic. Each is the load-bearing artifact behind a different conversation.

P01 / The framework

What is Digital Information Governance®?

The four pillars and how DIG® maps to TRAIGA, the EU AI Act, NIST AI RMF, and ISO 42001 — with one underlying management system that satisfies ~70% of all four.

Read the pillar
P02 / Federal floor

TRAIGA doesn't preempt federal civil rights law.

Why Sec. 552.056(c)'s intent standard doesn't cover Title VII, ECOA, FHA, ADA, or Section 1557 — and what to build instead so the binder holds in either court.

Read the pillar
P03 / The diagnostic

5-Day Governance Readiness Assessment.

Five working days. One-page exec gap report, prioritized fix list, recommended engagement tier. The honest answer about what to build before September 1.

Start the assessment
Reviewed by Matthew Bertram, President, ModalPoint · Certified AI Auditor (CAIA). Last reviewed June 2026.

/ Who you're engaging with

A Houston-based AI decision governance practice.

ModalPoint · Houston, TX · Operating in US + EU · Response within one business day · A division of EWR Digital

Start a conversation → Matthew on LinkedIn →

/ Credentials & affiliations

DIG® USPTO Reg. 99559923 — registered framework
USPTO 3 Provisional Patents Filed — framework method & system
NIST Cyber AI Profile + Zero Trust Communities of Interest
Texas HB 149 / TRAIGA process participant
Goldman 10KSB graduate, April 2026 cohort
TAMU Corps of Cadets alumnus · Eagle Scout
IAPP AIGP candidate, Q3 2026 sit
OTC 26 Moderator, Ericsson AI panel · May 4, NRG Center
Case Tamboran Resources (NYSE/ASX: TBN) · energy proof case
AMA 2026 Crystal Awards Finalist — AI category

Compliance or legal team with specific questions? Send them in writing →

© 2026 ModalPoint · A division of EWR Digital · All rights reserved. Contact · EWR Digital · Houston, TX