High-risk AI governance obligations mapped to SWT3 witness procedures. NIST AI RMF alignment as an affirmative defense, backed by cryptographic evidence.
Who this is for: Compliance officers, deployers of high-risk AI systems operating in Texas, legal counsel evaluating NIST AI RMF safe harbor defenses, CISOs, and engineering teams building AI for employment, healthcare, insurance, financial services, or government decision-making.
Effective now. TRAIGA took effect January 1, 2026. The Texas Attorney General has exclusive enforcement authority. Civil penalties range from $10,000 to $200,000 per violation, with $2,000 to $40,000 per day for continuing violations. There is no private right of action.
The Texas Responsible AI Governance Act (HB 149) applies to any individual or organization that conducts business in Texas, offers products or services to Texas residents, or develops or deploys AI systems within the state.
An AI system is classified as high-risk if it makes, or is a substantial factor in, consequential decisions affecting:
TRAIGA imposes five core obligations on deployers of high-risk AI:
| Obligation | Requirement | Enforcement |
|---|---|---|
| Impact Assessment | Conduct and document comprehensive impact assessments before deploying high-risk AI systems | Required before deployment; must be maintained |
| Consumer Notice | Provide clear notice to consumers when high-risk AI is used to make consequential decisions | At or before the time of the decision |
| Governance Program | Implement AI governance programs with ongoing oversight, documentation, and accountability | Continuous; must demonstrate active governance |
| Discrimination Prohibition | Prohibit use of AI systems that discriminate with intent based on protected characteristics | Intent-based liability (disparate impact alone is insufficient) |
| NIST AI RMF Safe Harbor | Organizations demonstrating NIST AI RMF alignment may assert an affirmative defense | Deployer must prove alignment with evidence |
Each TRAIGA obligation maps to one or more SWT3 witness procedures. When a procedure is invoked during AI inference, it produces a cryptographically anchored record that serves as evidence of compliance.
| TRAIGA Obligation | SWT3 Procedure | What It Witnesses | Evidence Produced |
|---|---|---|---|
| Impact Assessment | AI-IMPACT.1 | Societal impact assessment execution | Factor A: assessment scope, Factor B: risk rating, Factor C: review authority |
AI-RISK.1 | Risk identification and categorization | Factor A: risk category, Factor B: severity, Factor C: mitigation status | |
AI-DPIA.1 | Data protection impact assessment | Factor A: processing basis, Factor B: data categories, Factor C: safeguards | |
| Consumer Notice | AI-TRANS.1 | Transparency disclosure at point of inference | Factor A: disclosure method, Factor B: content hash, Factor C: recipient |
AI-EXPL.1 | Explanation generation for decisions | Factor A: explanation method, Factor B: confidence score, Factor C: factors cited | |
AI-AUTO.1 | Automated decision notification | Factor A: decision type, Factor B: automation level, Factor C: appeal mechanism | |
| Governance Program | AI-GOV.1 | Acceptable use policy attestation | Factor A: policy version, Factor B: compliance status, Factor C: review date |
AI-GOV.2 | Employee AI training completion | Factor A: training module, Factor B: completion status, Factor C: certification | |
AI-GOV.3 | Approved model registry validation | Factor A: model identifier, Factor B: approval status, Factor C: registry version | |
AI-GOV.6 | Risk management scope definition | Factor A: scope boundary, Factor B: risk tiers, Factor C: responsible party | |
AI-AUDIT.1 | Audit log integrity verification | Factor A: log source, Factor B: integrity hash, Factor C: retention period | |
| Discrimination Prohibition | AI-FAIR.1 | Bias disparity measurement | Factor A: protected attribute, Factor B: disparity ratio, Factor C: threshold |
AI-FAIR.2 | Fairness calibration validation | Factor A: calibration method, Factor B: equalized odds, Factor C: group parity | |
AI-FAIR.3 | Bias audit witnessing | Factor A: audit scope, Factor B: findings count, Factor C: remediation status | |
| NIST AI RMF Safe Harbor | All 80 SWT3 AI procedures map to 26 NIST AI RMF requirements across GOVERN, MAP, MEASURE, and MANAGE phases. See Section 4. | ||
TRAIGA requires: Deployers must conduct and document comprehensive impact assessments before deploying high-risk AI systems. The assessment must evaluate the system's potential effects on affected individuals and communities.
How SWT3 addresses it: The witness_impact_assessment() call records the scope of the assessment, the risk rating assigned, and the reviewing authority. Each assessment produces an immutable SWT3 Witness Anchor with a SHA-256 fingerprint. The anchor proves the assessment occurred at a specific time, was reviewed by a named authority, and produced a documented risk rating.
Query the witness ledger for AI-IMPACT.1 anchors. Factor A contains the assessment scope (which system, which deployment context). Factor B contains the risk rating. Factor C identifies the reviewing authority. The anchor fingerprint is independently verifiable at /verify.
TRAIGA requires: Clear notice to consumers when high-risk AI is used to make consequential decisions. The notice must be provided at or before the time of the decision.
How SWT3 addresses it: The witness_transparency() call captures the disclosure method, a content hash of the notice text, and the recipient context. This creates a timestamped, verifiable record that notice was provided before the AI-driven decision was rendered.
AI-TRANS.1 anchors with timestamps preceding the corresponding AI-INF.1 (inference) anchors prove that transparency disclosure occurred before the consequential decision. The content hash in Factor B allows the examiner to verify the notice text has not been altered.
TRAIGA requires: AI systems must not discriminate with intent based on protected characteristics. While TRAIGA uses an intent-based framework, documenting ongoing bias measurement demonstrates good faith and supports the NIST AI RMF safe harbor defense.
How SWT3 addresses it: The witness_fairness() call records the protected attribute tested, the measured disparity ratio, and the acceptable threshold. Regular AI-FAIR.1 anchors create a longitudinal record of bias monitoring that demonstrates proactive governance.
A series of AI-FAIR.1 anchors over time demonstrates continuous monitoring. Factor B (disparity ratio) below the threshold in Factor C proves the system operates within acceptable bounds. If a ratio exceeds the threshold, the corresponding AI-FAIR.3 (bias audit) anchor should show remediation was initiated.
TRAIGA requires: Organizations must implement AI governance programs with ongoing oversight and documentation.
How SWT3 addresses it: The witness_governance() call attests that an acceptable use policy exists, identifies its version, and records its compliance status. Policy version binding (introduced in SDK v0.3.6) ensures the witnessed policy version matches the version in effect at the time of inference.
AI-GOV.1 anchors prove a governance policy was active during the period in question. Factor A contains the policy version hash. Cross-reference with AI-GOV.2 (training) and AI-GOV.3 (model registry) anchors to demonstrate a complete governance program.
TRAIGA requires: Consumer notice must be meaningful. When an AI system makes a consequential decision, the affected individual should understand why.
How SWT3 addresses it: The witness_explanation() call records the explanation method used, the confidence score of the decision, and the factors cited in the explanation. This provides verifiable evidence that explanations were generated and delivered for each consequential decision.
AI-EXPL.1 anchors paired with AI-AUTO.1 (decision notification) anchors demonstrate that explanations accompanied automated decisions. Factor B (confidence score) shows the system's certainty level. Factor C (factors cited) shows which inputs drove the decision.
TRAIGA requires: Impact assessments must identify and categorize risks posed by high-risk AI systems.
How SWT3 addresses it: The witness_risk() call captures the risk category, severity level, and mitigation status for each identified risk. When combined with AI-IMPACT.1 anchors, this creates a complete risk assessment evidence chain that maps directly to NIST AI RMF MAP 2.1.
AI-RISK.1 anchors enumerate the risks identified during assessment. Each anchor's Factor A (category) and Factor B (severity) should align with the categories in the impact assessment. Factor C (mitigation status) shows whether risks are accepted, mitigated, or transferred.
TRAIGA requires: Governance programs must maintain documentation and accountability records.
How SWT3 addresses it: The witness_audit() call verifies that audit logs are intact and have not been tampered with. Factor B contains a SHA-256 hash of the audit log, creating a chain of integrity attestations. The SWT3 daily Merkle rollup provides an additional layer of tamper evidence.
AI-AUDIT.1 anchors prove that audit logs were verified at specific timestamps. The integrity hash in Factor B can be compared against the current log to confirm no post-hoc modifications. Merkle proofs at /api/v1/merkle/proof provide cryptographic inclusion proof for any individual anchor.
TRAIGA requires: Governance programs should include human oversight mechanisms for consequential AI decisions.
How SWT3 addresses it: The witness_human_review() call records that a human reviewed the AI output before the consequential decision was finalized. Factor A identifies the review type, Factor B captures the reviewer's determination, and Factor C records the reviewer identity. AI-HITL.2 separately tracks override events when humans reverse AI recommendations.
AI-HITL.1 anchors with timestamps between AI-INF.1 (inference) and AI-AUTO.1 (decision notification) prove that human review occurred in the decision pipeline. AI-HITL.2 anchors document cases where humans overrode the AI recommendation, demonstrating meaningful oversight.
TRAIGA provides an affirmative defense for organizations that demonstrate alignment with the NIST AI Risk Management Framework (AI 100-1). This means that if the Texas Attorney General brings an enforcement action, an organization can assert compliance with NIST AI RMF as a legal defense.
The defense requires evidence of alignment, not merely a policy statement. SWT3 provides that evidence.
SWT3 maps 80 AI witness procedures to 26 NIST AI RMF requirements across all four framework phases:
| NIST AI RMF Phase | Requirements Covered | SWT3 Procedures | What It Proves |
|---|---|---|---|
| GOVERN | 1.1, 1.2, 1.3, 1.4, 1.5, 1.7, 2.1, 2.2, 4.1, 6.1 | 33 procedures | Policies, roles, oversight, third-party assessment, human-in-the-loop |
| MAP | 1.1, 2.1, 2.3, 3.5, 4.1, 5.2 | 16 procedures | Risk identification, fairness, data governance, impact assessment |
| MEASURE | 2.5, 2.6, 3.1 | 16 procedures | Performance, drift, bias, robustness, red teaming |
| MANAGE | 1.3, 2.2, 2.3, 2.4, 3.1, 3.2, 4.1 | 15 procedures | Model integrity, security, incident response, revocation |
Each procedure produces a SWT3 Witness Anchor: a SHA-256 fingerprinted, timestamped, tenant-scoped attestation record. The anchor format is:
These anchors are independently verifiable at sovereign.tenova.io/verify and can be audited by any third party without requiring access to the producing system. The bidirectional crosswalk mapping between TRAIGA obligations, NIST AI RMF requirements, and SWT3 procedures is published as machine-readable JSON at sovereign.tenova.io/registry/crosswalks.json.
SWT3 profiles pre-configure the witness procedures relevant to a specific regulatory context. For TRAIGA compliance, the following profiles are most applicable:
| Profile | Industry | TRAIGA Coverage | Command |
|---|---|---|---|
nist-ai-rmf | General (any deployer) | 80 procedures covering all 26 NIST AI RMF requirements. Full safe harbor evidence. | swt3 init --profile nist-ai-rmf |
fintech | Financial services, lending, insurance | NIST AI RMF + SR 11-7 model risk. Covers lending, credit, and insurance AI under TRAIGA. | swt3 init --profile fintech |
healthcare | Healthcare, clinical AI | NIST AI RMF + HIPAA overlay. Covers healthcare AI decisions under TRAIGA. | swt3 init --profile healthcare |
govcon | Government services, defense | NIST AI RMF + NIST 800-53 + CMMC. Covers government service AI under TRAIGA. | swt3 init --profile govcon |
| Examiner Question | Where to Look |
|---|---|
| Did you conduct an impact assessment before deploying this AI system? | AI-IMPACT.1 + AI-RISK.1 anchors with timestamps predating the first AI-INF.1 (inference) anchor for that model |
| Do you notify consumers when AI makes consequential decisions? | AI-TRANS.1 + AI-AUTO.1 anchors. AI-TRANS.1 timestamp must precede the corresponding inference. |
| What governance program do you have in place? | AI-GOV.1 (policy), AI-GOV.2 (training), AI-GOV.3 (model registry), AI-GOV.6 (risk scope), AI-AUDIT.1 (audit integrity) |
| How do you test for discriminatory outcomes? | AI-FAIR.1 (disparity measurement), AI-FAIR.2 (calibration), AI-FAIR.3 (bias audits). Longitudinal anchor series shows continuous monitoring. |
| Can you demonstrate NIST AI RMF alignment for the safe harbor defense? | 80 SWT3 procedures map to 26 NIST AI RMF requirements. Crosswalk at /registry/crosswalks.json. Anchor verification at /verify. |
| How long do you retain compliance evidence? | SWT3 anchors are retained per tier: OPEN 30 days, Pro 1 year, Enclave 7 years, Sovereign unlimited. Daily Merkle rollups provide tamper-evident archival. |
| Can a third party independently verify your compliance claims? | Any SWT3 Witness Anchor can be verified at sovereign.tenova.io/verify without requiring access to the producing system. SHA-256 fingerprint, tenant, and timestamp are embedded in the anchor. |
Full SDK documentation: sovereign.tenova.io/docs
Create a free account: sovereign.tenova.io/signup