Know where you stand — before September 1.
The Texas AG complaint portal opens September 1, 2026. EU AI Act Annex III obligations activate August 2, 2026. Five working days, written output, honest recommendation about what to build first.
Three questions you'll have answers to.
By the end of week one, you have a written report mapping these three answers to your specific environment.
Where is AI in our workflows?
Most organizations cannot produce a complete inventory. Shadow LLM usage is more universal than leaders think. We turn structured discovery into a first-pass inventory that reflects reality, not hope.
What documentation would actually pass?
TRAIGA Sec. 552.105 substantial-compliance defense. EU AI Act Annex IV technical files. NIST AI RMF profiles. ISO 42001 Annex A controls. We assess each against your current state and quantify what's missing.
What is your exposure if disclosure happened tomorrow?
Exposure is not uniform. We map your specific regulatory surface — TRAIGA, EU AI Act, Title VII, ECOA, ADA, Section 1557, NIST AI RMF, ISO 42001 — and translate to concrete penalty ranges and evidence requirements.
Three written artifacts.
Not a slide deck. Not a Notion dashboard. Documents you can hand to your board, your regulator, or your defense counsel.
One-page executive gap report.
Current state mapped against the four frameworks that apply to you, with a color-coded readiness score per pillar and per regime.
Recommended engagement tier.
Tier 1 (Texas Ready), Tier 2 (Cross-Border Binder), or Tier 3 (Governance-as-a-Service) — with rationale specific to your environment.
Prioritized fix list.
Ordered by risk exposure and time-to-remediate. Broken into "must have before September 1" and "next quarter" categories so the punch list is operational, not aspirational.
Five days. Day-by-day structure.
Fixed scope, fixed schedule, written output. From kickoff Monday morning to defensibility statement on Friday.
Kickoff call (60 min).
We meet with your executive sponsor and functional owners — IT, legal, HR, operations, compliance — walk you through the framework, and collect initial inputs. Standard NDA signed before any data moves.
- Executive sponsor + functional owner interviews
- Standard mutual NDA before any data moves
- Initial scope + timeline confirmed in writing
Structured analysis.
Structured 30-minute interviews with 3–5 functional leads. Review of your current AI policies, DPIAs, vendor questionnaires, and system-of-record entries. Mapping gap results against the four frameworks that apply to you.
- Structured functional-lead interviews (30 min each)
- Policy, DPIA, and vendor questionnaire audit
- Four-framework artifact-state mapping
Delivery + debrief.
30-minute executive debrief with Matthew Bertram — Q&A on findings, tier recommendation, next-step sequencing. You walk away with a one-page Gap Report, a prioritized fix list, and a defensibility statement suitable for general counsel or board.
- Color-coded readiness score for all nine DIG® artifacts
- Must-have-by-September vs. 90-day prioritization
- Written defensibility statement for counsel / board
Operators who need it in writing.
Operators in regulated industries with AI-influenced decision workflows who need to know — in writing — whether their current governance holds up. Priced against the value of a single avoided regulatory exposure.
- Texas operators facing TRAIGA enforcement on September 1, 2026 — with the AG complaint portal opening that day.
- Organizations with EU customer base or AI-generated output consumed in the EU, where Article 2(1)(c) applies whether or not you have a European office.
- Regulated-industry executives in healthcare, financial services, energy, and professional services where simultaneous TRAIGA + federal civil rights exposure compounds.
- Boards and counsel who need a defensibility statement they can put in front of a regulator, an underwriter, or a plaintiff — not a slide deck.
Matthew Bertram
President, ModalPoint · CEO, EWR Digital
Twenty-five years in energy commercialization. Author of the DIG® framework. NIST AI Cyber Profile + Zero Trust CoI member. Goldman Sachs 10KSB graduate.
Meet MattRequest your 5-day assessment.
We respond to every request within one business day. If we're not the right fit, we'll say so. If we are, we'll send a project brief with start dates and a fixed-fee letter.
/05 Operational questions
Running the 5-day Assessment.
Practical questions from operators preparing for the 5-day Governance Readiness Assessment.
Q01 What information do we need to provide before the 5 days start?
Q02 Does the Assessment require IT access to our systems?
Q03 How do you handle confidentiality during the assessment?
Q04 Can we run the Assessment without telling our AI vendors?
Q05 What changes after September 1, 2026 that makes this urgent?
Question we didn't cover? Bring it to a 30-min discovery call →
/ Regulatory calendar
Five dates that shape your binder.
The 5-Day Assessment maps your current AI exposure against this calendar. Each date triggers a specific obligation; each row tells you what has to be in writing before it lands.
/ Who you're engaging with
A Houston-based AI decision governance practice.
ModalPoint · Houston, TX · Operating in US + EU · Response within one business day · A division of EWR Digital
/ Credentials & affiliations

