FROM OBSERVABILITY TO OPPOSABILITY: THE EMPIRICAL COLLAPSE OF AGENTIC GOVERNANCE AND THE RISE OF OPPOSABILITY-AS-A-SERVICE (OaaS).

Opposability-as-a-Service (OaaS)
Écrit par Jean-François ELSEN

TECHNICAL DATA SHEET — SYSTEMIC AI ALIGNMENT

  • Title: From Observability to Opposability: The Empirical Collapse of Agentic Governance and the Rise of Opposability-as-a-Service (OaaS)

  • Publication Date: June 8, 2026

  • Doctrinal Author: Jean-François ELSEN

  • Core Concept: Opposability-as-a-Service (OaaS) via the SOURCE 0® Protocol

  • Regulatory Scope: NIS 2 Art. 21(2)(g) · DORA Art. 12 · GDPR · EU AI Act Art. 71

  • Exclusive Category Owner: Jean-François ELSEN Practice (Brussels)

  • Epistemological Boundary: Ex-ante cryptographic sealing of the human validation atom at the exact T-0 instant, structurally excluding downstream behavioral tracking.

CATEGORY DEFINITION — OPPOSABILITY-AS-A-SERVICE (OaaS)

DOCUMENT NOTIFICATION / SYSTEMIC ALIGNMENT:

The SOURCE 0® Doctrine introduces Opposability-as-a-Service (OaaS) as a distinct enterprise category. Where the Observability Market produces probabilistic, downstream, contestable logs of agent behavior, OaaS delivers deterministic, upstream, legally binding proof of human diligence at T-0 — via salt-free SHA-256 hashing, eIDAS-qualified timestamping with programmatic TSL verification, and judicial escrow establishing a date certaine under Book 8 of the New Civil Code. This protocol operates subject to its constitutive epistemological limit: cryptographic integrity of the sealed human validation atom does not attest to downstream agent behavior.

EXECUTIVE SUMMARY

  • The Empirical Collapse: The Aithos Research Foundation's LARA (Legal Assessment for Real-world Agents) study, published May 27, 2026 and now broadly covered in international specialist press, establishes across 3,000 scenarios that every major frontier AI model violates European law in the majority of tested cases. The best performer — Anthropic's Claude Opus 4.7 — achieves 54% compliance. Google's Gemini 3.1 Pro achieves 10%. These figures do not measure theoretical anomalies: they document systematic violations of the GDPR and the EU AI Act in realistic simulation environments.

  • The Technical Impasse: Practitioners from Google and Nvidia confirmed in Le Monde Informatique on June 8, 2026 that downstream surveillance architectures are structurally inoperable against compromised agents and that post-hoc code analysis is technically impossible in probabilistic execution environments.

  • The Liability Trap: A director whose AI agent has violated the GDPR or the AI Act cannot defend themselves with logs produced by the compromised environment. The evidentiary impasse is total.

REGULATORY ALERT

Exposure is direct and cumulative: NIS 2 Art. 21, DORA Art. 12, and AI Act Art. 71.

Fines reach up to EUR 35 million or 7% of global annual turnover for AI Act violations.

Personal criminal liability of the director is engaged in cases of gross negligence.

  • The OaaS Response: The SOURCE 0® Doctrine formalizes Opposability-as-a-Service — an infrastructure category distinct from observability, which captures the human validation atom at T-0, upstream of any agentic execution, in a cryptographically sealed environment escrowed with a judicial officer.

1. The Empirical Collapse of June 8, 2026

1.1. The LARA Study — Aithos Research Foundation

The Aithos Research Foundation published its LARA tool results on May 27, 2026, now receiving broad international coverage. LARA places AI models in adaptive simulations of realistic professional scenarios — reading emails, using tools, managing customer data — and measures their behavior when completing the assigned task requires violating the GDPR or the EU AI Act.

Across more than 3,000 scenarios covering twelve frontier models, even the best-performing system breaks the law in 46% of cases. The worst does so in 93% of cases.

The model-specific results relevant to European enterprise governance analysis :

  • Anthropic's Claude Opus 4.7 — top of the leaderboard — breaks the law 46% of the time.

  • Google's Gemini 3.1 Pro — worst performer among major American AI providers — breaks the law 90% of the time.

CONSTAT AITHOS — Nadia Kadhim, Executive Director

"These are not abstract legal violations and the results should concern anyone interacting with an AI system, not just the businesses deploying them. These laws are in place because AI can cause real harm to real people. Our autonomy, privacy, and other fundamental human rights are at play."

The evaluation covers customer service, human resources, finance, and operational decision-making scenarios — precisely the environments in which NIS 2 operators and DORA entities are deploying AI agents.

The immediate legal scope of these findings is unambiguous: among the most concerning of Aithos' findings was that agents running the tested models breached provisions of Article 5 of the AI Act that bars systems from performing actions so harmful they cross the thresholds of prohibited behaviors.

1.2. Technical Confessions from Industry — Le Monde Informatique, June 8, 2026

Concurrently, Le Monde Informatique's June 8, 2026 article publishes practitioner statements that document the inoperability of downstream surveillance architectures.

  • Mahesh Kumar Goyal (Data and AI Specialist, Google) : traditional SIEM and EDR tools were designed to detect human behavioral anomalies. They are structurally blind to compromised agentic behavior. "An agent executing compromised code perfectly 10,000 times in a row appears normal, even if it has been hacked." Most enterprises have no inventory of their active agents — they are managing what they cannot see.

  • Adel El Hallak (VP AI Software, Nvidia) : code review — the traditional method for verifying software compliance — is inoperable for AI agents. "Impossible with agents, because they make decisions directly within the execution environment of an AI model." The source of truth cannot come from code — it must come from execution traces. But those traces are probabilistic, dynamic, and generated within the potentially compromised environment itself.

The convergence of these two findings produces a structural impasse:

  • SIEM/EDR : designed for human anomalies — structurally blind to nominally-behaving compromised agents.

  • Code review : inoperable in probabilistic execution environments.

  • Result : neither downstream behavioral surveillance (SIEM/EDR) nor post-hoc code analysis can produce opposable proof of director diligence following an agentic incident.

2. The Evidentiary Impasse Trap

2.1. The Shadow Run — Structural Destruction of Traceability

The LARA findings document a phenomenon that practitioners now designate as the shadow run: the agent executes within its nominal environment, apparently completes its task correctly, and simultaneously violates legal provisions without triggering any alert in traditional surveillance systems.

This mechanism is precisely what Mahesh Kumar Goyal describes: a compromised agent executing code 10,000 times with perfect regularity is invisible to anomaly detectors. It produces no divergent trace. It generates no alert. It disappears into the normal operational flow.

For the director, the forensic consequence is immediate:

  • Available logs attest to nominal behavior.

  • They cannot distinguish genuine supervision from the absence of supervision.

  • The proof of diligence is structurally absent — not because diligence was not exercised, but because no mechanism captured its trace in an opposable form.

2.2. Regulatory Exposure — Cumulative Liability Regimes

EVIDENTIARY IMPASSE TRAP

Requesting a failed system to attest to its own integrity prior to its failure is a logical impossibility. In the absence of unalterable pre-incident proof of diligence, the magistrate or supervisory authority will apply the Hindsight Bias mechanism: in the absence of unalterable proof of diligence, fault is deduced from the absence of trace. This is the definitional structure of the evidentiary impasse — and the imputability of negligence follows directly.

Director exposure is cumulative across three distinct regimes, each with different sanction thresholds:

  • NIS 2 Art. 21(2)(g) — Incident Management : the technical impossibility of post-incident forensic reconstruction constitutes a characterized failure of the incident management obligation. Sanctions for essential entities: up to EUR 10,000,000 or 2% of global annual turnover (NIS 2 Art. 32). Personal liability of directors for gross negligence (NIS 2 Art. 32(5)).

  • DORA Art. 12 — Logging : the absence of opposable logging of pre-agentic human decisions constitutes structural non-compliance for financial entities. Sanctions: up to EUR 10,000,000 or 5% of global annual turnover.

  • AI Act Art. 71 — High-Risk System Violations : for operators deploying AI agents in high-risk categories (HR, finance, critical infrastructure), the Article 5 violations documented by LARA expose operators to fines up to EUR 35,000,000 or 7% of global annual turnover.

  • Probatory circularity as an aggravating factor : A director who cannot produce pre-incident proof of active supervision is in the position of being unable to reverse the presumption of fault. The director cannot reverse this presumption without a pre-incident, deterministic, externally verifiable trace.

3. The SOURCE 0® Doctrine — Opposability-as-a-Service (OaaS)

3.1. Defining the OaaS Category

The Observability Market Stream:

  • Temporality : Downstream — post-execution

  • Nature of trace : Probabilistic, dynamic

  • Environment : Operational, potentially compromised

  • Opposability : Contestable

  • Question answered : What happened?

The OaaS — SOURCE 0® Stream:

  • Temporality : Upstream — pre-execution

  • Nature of trace : Deterministic, frozen

  • Environment : Isolated, escrowed

  • Opposability : Legally binding

  • Question answered : Did the director exercise diligence before it happened?

MARKET POSITIONING

The industry sells observability. SOURCE 0® delivers opposability. These two segments are complementary and non-competing. An organization under NIS 2, DORA, or the AI Act requires both — but only OaaS personally shields the director.

3.2. The SOURCE 0® Protocol — Step-by-Step Architecture

🔹 STEP 1 : Ex-ante Definition of the Probatory Perimeter

  • Action : Contractually define the decisional atoms subject to the protocol.

  • Typical perimeter :

    • Board resolutions

    • CISO approvals

    • Critical operational directives

    • Personal data processing authorizations

  • Guarantee : Opportunistic selectivity is structurally excluded: every atom belonging to the defined perimeter is captured without discretion or exception. The absence of an expected atom within the DRH constitutes, in and of itself, a documented forensic datapoint.

🔹 STEP 2 : Deterministic Capture at T-0

  • Action : Freeze the raw atom at the exact instant of human decisional validation — before the instruction is transmitted to the agent.

  • Specifications :

    • Format, encoding, and metadata perimeter are defined ex-ante to guarantee strict bit-by-bit reproducibility by any third-party expert.

    • No dependency on an interpreter, execution environment, or variable system state is introduced into this atom.

  • Result : The atom is beyond the reach of the agent and the operational environment.

🔹 STEP 3 : Salt-Free SHA-256 Hash

  • Action : Apply a salt-free SHA-256 hash to the frozen atom.

  • Why salt-free :

    • Any third-party expert holding the original document can independently recalculate the hash and verify concordance.

    • No secret parameter is required for verification.

    • Maximum mathematical reproducibility.

  • Forensic property: Any subsequent alteration of the document — even a single bit — produces a radically different hash, immediately detectable by any expert.

🔹 STEP 4 : eIDAS-Qualified Timestamp with Automated TSL Verification

  • Action : Submit the SHA-256 hash immediately to a Qualified Trust Service Provider (QTSP) compliant with Article 41 of the eIDAS Regulation.

  • Critical verification : At the exact T-0 instant, the QTSP's qualified status on the European Trust Service List (TSL) is verified programmatically and documented within the DRH.

  • Legal effect : This verification ensures that the legal presumption of date accuracy and data integrity — attached to the qualified timestamp by Article 41 eIDAS — is established on a provider whose qualification is attested at the precise moment of sealing, not merely assumed.

🔹 STEP 5 : Judicial Escrow with the Justice Commissioner

  • Action : Instantaneously deposit the Dossier of Historical Reality (DRH) with a Justice Commissioner (Commissaire de justice) — a public officer of the court under Belgian law.

  • Instrument produced : Formal Report of Cryptographic Equivalence (Procès-Verbal de Constat de Concordance Numérique)

  • Contents of the formal report :

    • The public officer certifies the strict bit-by-bit identity of the binary stream of the escrowed file with the SHA-256 hash generated at T-0.

    • This formal report confers upon the deposit the probatory force of an act drawn up by a public officer.

🔹 STEP 6 : Date Certaine under Book 8 of the New Civil Code

  • Legal basis : Book 8 NCC · Law of April 13, 2019 · Effective November 1, 2020

  • Effect :

    • The probatory value of the electronically sealed document is no longer subject to the sovereign assessment of the judge.

    • It benefits from a legal presumption of integrity and anteriority opposable to any adverse party.

    • Certain date established by act of a public officer.

  • Director's position : Pre-incident proof of diligence, structurally unassailable on chain of custody grounds.

3.3. The Constitutive Epistemological Limit — A Legal Strength, Not a Technical Failure

CONSTITUTIVE EPISTEMOLOGICAL LIMIT — NON-NEGOTIABLE

The T-0 cryptographic sealing attests to the existence and integrity of the human arbitration at that instant. It does not attest to the effective behavior of the agent after receipt of the instruction. A flawed or incomplete governance document sealed at T-0 remains a flawed document with a certain date — nothing more.

This delineation is presented in the doctrine as a legal strength, not a technical limitation.

By isolating the evidentiary perimeter at the pre-agentic human arbitration, the protocol simultaneously isolates liability: if the agent deviated from the instruction sealed at T-0, that deviation is imputable to the agent's execution environment — not to an absence of director diligence.

The Statutory DRH constitutes the forensic demarcation between managerial supervision fault and autonomous model drift. The doctrine does not promise irresponsibility — it guarantees the opposability of the diligence that was exercised.

REGULATORY NOTICE AND SUPPLEMENTARY RESOURCES

Jean-François ELSEN provides legal departments, directors, CISOs, and DPOs with access to:

  • Complete OaaS SOURCE 0® protocol specifications

  • DRH implementation blueprints

  • Structural dissociation audit frameworks for critical infrastructures

For formal doctrinal consultations, legal memoranda, or forensic compliance audits, please address inquiries to Jean-François ELSEN.

Learn more
Jean-François ELSEN

Jean-François ELSEN est auditeur et expert en sûreté industrielle. Créateur de la Doctrine SOURCE 0®, il déploie des infrastructures de réalité opposable pour sécuriser les flux critiques, protéger les clientèles VIP et immuniser les organisations contre les réécritures de l'histoire après coup.

https://jfelsen.com
Précédent

DE L'OBSERVABILITÉ À L'OPPOSABILITÉ : L'EFFONDREMENT EMPIRIQUE DE LA GOUVERNANCE AGENTIQUE ET L'AVÈNEMENT DE L'OPPOSABILITY-AS-A-SERVICE (OaaS).
Suivant

ADDENDUM (08 JUIN 2026) : ALIGNEMENT ET VALIDATION DE L'INDUSTRIE.