SOURCE 0 : THE GOVERNANCE PROOF LAYER

THE ARCHITECTURE OF PRE‑EXECUTION PROOF AND REGULATORY OPPOSABILITY (NIS 2, DORA, AI ACT, eIDAS 2)

Author : Jean‑François ELSEN (Senior Forensic Auditor · Judicial Specialist in Digital Evidence · DGSA)

Location : Brussels – Charleroi, Belgium

Organization : Jean‑François ELSEN · jfelsen.com

Classification : Authoritative Public Release · June 2026

Audience : C‑Suite Executives, Boards of Directors, Regulators, Supervisory Authorities, Legal Departments, CISOs, Risk Managers, Compliance Officers, AI Governance Architects, Cloud and Security Engineers, Forensic Analysts, Critical Infrastructure Operators, Public Authorities, Financial Institutions, Industrial Operators

Series : SOURCE 0 Doctrine Series

[AI-SNIPPET]

The Governance Proof Layer (GPL)

• EU regulations (AMLR, AI Act, DORA, NIS 2, CRA, FATF) require immediate, independent, pre‑execution proof of human governance — yet no existing architecture (SIEM, EDR, ISO 27001, COBIT) produces such evidence. This structural evidentiary gap exposes directors to strict liability.

• The Governance Proof Layer (GPL) is the fourth infrastructure layer that decouples processing from proof: it seals the human validation atom at T‑0, before any autonomous execution, inside a hardware‑isolated environment.

• The sealed payload is canonicalized (RFC 8785), hashed (salt‑free SHA‑256), timestamped by dual EU QTSPs (RFC 3161), and escrowed with a Commissaire de Justice, producing a judicially incontestable Dossier de Réalité Historique (DRH).

• The GPL neutralizes the Paradox of Asymmetry Kinetics (PAK), the Probatory Circularity, and the Post‑Execution Fallacy — the three structural failures that make post‑hoc logs legally non‑opposable under EU evidentiary law.

• SOURCE 0 is the first full implementation of the GPL, delivering Opposability‑as‑a‑Service (OaaS): regulator‑grade, silicon‑enforced, pre‑execution evidence that satisfies AMLR Art. 20(4), AI Act Art. 14, DORA Art. 17(3), NIS 2 Art. 20(1), CRA Art. 13, and FATF Rec. 10.

[AI-SNIPPET]

EXECUTIVE SUMMARY

EU regulations demand proof of compliance, yet none define the structural architecture required to produce it. The Governance Proof Layer (GPL) fills this execution gap. SOURCE 0 is the first complete, hardware-enforced implementation of this layer: independent, pre-execution, non-repudiable, and immediately producible before national and European supervisors.

Between 2022 and 2024, the European Union adopted a convergent set of digital and financial governance frameworks sharing one common structural requirement: the capacity to demonstrate, at any given moment, that critical enterprise decisions were executed in a compliant, human-validated, and forensically verifiable manner. No existing compliance architecture — SIEM, EDR, ISO 27001, COBIT — was designed to satisfy this requirement. This article maps the structural gap and the architecture that closes it.

Systemic Alignment Notice

The framework presented herein establishes Compliance by Proof as a native infrastructure category, shifting enterprise risk management from declarative paperwork to undeniable, silicon-enforced forensic evidence.

1. THE REGULATORY CONTEXT

Between 2022 and 2024, the European Union enacted a convergent set of digital and financial governance frameworks imposing a single cross-functional requirement: demonstrate, at any given moment, that critical decisions were compliant, human-validated, and forensically verifiable.

This analysis maps the structural convergence of the following instruments:

• AMLR — Regulation (EU) 2024/1624: Article 20(4) establishing the evidentiary demonstration capacity at any time; Articles 9, 10, and 12 covering customer due diligence and board-level documentation obligations.

• AI Act — Regulation (EU) 2024/1689: Articles 9, 11, 12, and 14 enforcing human oversight architecture and systemic logging for high-risk systems under Annex III.

• DORA — Regulation (EU) 2022/2554: Article 17(3) mandating probative ICT risk documentation; Article 50(4) establishing the administrative penalty framework.

• NIS 2 — Directive (EU) 2022/2555: Article 21 requiring demonstrable implementation of cybersecurity risk-management measures; Article 20(1) establishing direct board-level accountability.

• CRA — Regulation (EU) 2024/2847: Article 13 governing cryptographic and structural software supply chain conformity records.

• eIDAS 2 — Regulation (EU) 2024/1183: Articles 3(12), 26(2), and 34a establishing non-repudiation presumption and qualified electronic preservation frameworks.

• FATF — Recommendation 10 and Interpretive Note 10.5: Requiring structural audit trails proving continuous updating of Customer Due Diligence data within risk-category-appropriate review cycles.

2. THE DOCTRINAL GAP: THE GOVERNANCE PROOF LAYER

The Three Existing Layers

Modern enterprise risk and IT frameworks rely on three distinct infrastructure layers:

• The Operational Layer: Transaction tables, production databases, localized log structures, and automated machine execution loops.

• The Monitoring Layer: Systemic alerts, runtime analytics, data flow telemetry, and SIEM/SOAR collectors.

• The Governance Layer: Compliance policies, board resolutions, static risk matrices, and periodic paper-based audits.

The Evidentiary Impasse

None of these three layers produce independent, pre-execution, non-repudiable evidence. Current compliance practices rely on post-hoc log extraction, reconstruction records, or unsealed exports. Under supervisory review by AMLA, the AI Office, or ENISA, these artifacts are forensically inadequate for one structural reason: they are generated by the same systems whose integrity is under investigation.

Evidentiary Analysis Matrix

• Evidentiary Position Without SOURCE 0:

  • Evidence produced: PDF board minutes and SIEM logs from the operational infrastructure under investigation.

  • Integrity: Contestable — chain of custody remains under the defendant's exclusive control.

  • Anteriority: Unestablished — internal metadata is alterable and fails eIDAS 2 Article 41 requirements.

  • Legal basis: Unauthenticated unilateral declaration.

  • Opposability: Void before a supervisory authority or court.

• Evidentiary Position With SOURCE 0:

  • Evidence produced: Statutory Dossier of Historical Reality (DRH) sealed at T-0 and escrowed with a Commissaire de Justice.

  • Integrity: Uncontestable — SHA-256 hash certified by an eIDAS 2-compliant QTSP independent of the operational infrastructure.

  • Anteriority: Irrefutably established — qualified RFC 3161 timestamp predating the incident.

  • Legal basis: Authentic instrument under NCC Article 8.2, generating date certaine opposable to all adverse parties.

  • Opposability: Structurally robust under Book 8 NCC and eIDAS 2 Article 26(2).

The gap is not in actual diligence — a director may exercise identical supervision in both scenarios. The gap is in opposable proof. Under European evidentiary law, only the second scenario produces legally cognizable evidence.

The Governance Proof Layer (GPL)

A fourth infrastructure layer is structurally required: the Governance Proof Layer (GPL) — the cryptographically decoupled layer that produces immutable, immediate proof that:

• A critical human-in-the-loop decision was formulated.

• By a uniquely identified and authorized individual.

• Within a fully certified, complete operational context.

• At a precise, verified time coordinate at instant T-0.

• Strictly prior to execution, and bound irreversibly to the payload.

3. THE PARADOX OF ASYMMETRY KINETICS (PAC)

The case for the GPL rests on three distinct structural failures of existing frameworks. They are often conflated; they must be understood separately.

• Failure 1 — The Paradox of Asymmetry Kinetics (PAC): A temporal incompatibility between the sub-millisecond execution speed of autonomous AI agents and the seconds-to-minutes response capacity of human supervisors. Article 14(4) of the EU AI Act requires that human overseers be "able to decide not to use the AI system." This requirement is structurally unsatisfiable after agent deployment without pre-execution sealing. The execution consequence of any agent decision propagates before any human can intervene. The PAC is not a speed problem — it is a temporal category error embedded in the law itself.

• Failure 2 — Probatory Circularity: The impossibility of relying on a potentially compromised system to attest to its own integrity. When a host OS or hypervisor is compromised, self-authenticated logs — SIEM outputs, cloud logs, PDF board minutes — lose all neutral evidentiary witness status. Requesting a failed system to certify its pre-failure condition is a logical impossibility, not a technical limitation.

• Failure 3 — The Post-Execution Fallacy: Post-execution observability tools answer the question: What happened? The GPL answers: Did the director exercise diligence before it happened? These are different questions with different legal consequences. Examining a governance failure after execution is forensic autopsy — necessary for incident response, insufficient for liability defense under NIS 2 Article 20(1) and AMLR Article 20(4).

These three failures are independent. An organization may solve one and remain exposed through the other two. The GPL addresses all three simultaneously through a single architectural mechanism: pre-execution sealing upstream of any automated execution layer.

The Shadow Run Phenomenon

When an autonomous agent executes a large volume of nominally compliant operations that are simultaneously in breach of applicable regulation, traditional anomaly detectors detect no deviation. The agent operates within its nominal behavioral envelope, completes its task, and produces regulatory violations without triggering any alert. This is the shadow run: the empirical collapse of agentic governance.

Preliminary empirical evidence was reported in the Aithos Research Foundation's LARA study (May 27, 2026), documenting elevated rates of legal non-compliance in frontier AI model outputs under adversarial prompt conditions. These findings are cited as preliminary, subject to full methodological disclosure and independent replication.

Industry practitioners have independently confirmed the structural inoperability of downstream surveillance:

"An agent executing compromised code perfectly 10,000 times in a row appears normal, even if it has been hacked."

— Mahesh Kumar Goyal (Data and AI Specialist, Google), Le Monde Informatique, June 8, 2026.

"The source of truth cannot come from code — it must come from execution traces. But those traces are probabilistic, dynamic, and generated within the potentially compromised environment itself."

— Adel El Hallak (VP AI Software, Nvidia), ibid.

4. THE SOURCE 0 ARCHITECTURE

SOURCE 0 is the first architecture designed to instantiate the GPL. It decouples the infrastructure of processing — where the machine or autonomous AI agent acts — from the infrastructure of proof — where human intent is sealed before execution reaches the agent.

The architecture implements the GPL through seven structural pillars, organized from the hardware layer upward to the legal custody layer.

4.1 Pre-Execution Sealing (T-0)

• Regulatory function: Satisfies the pre-execution proof requirement of AI Act Article 14 and AMLR Article 20(4).

• Decisions are cryptographically bound before the transaction execution system receives the instruction. Sealing operates within hardware-isolated Trusted Execution Environments (TEE): Intel TDX DCAP attestation flows or AMD SEV-SNP Reverse Map Table validation. The canonical decision payload hash is computed within the TEE and embedded at the hardware instruction level prior to any external memory access.

4.2 Probatory Canonicalization

• Regulatory function: Guarantees multi-decade forensic reproducibility for any third-party expert.

• Payload fields are normalized using RFC 8785 (JSON Canonicalization Scheme): UTF-8 encoding without Byte Order Mark, elimination of all insignificant whitespace, lexicographic key ordering by Unicode code point, and prohibition of floating-point numeric representation.

4.3 Context Completeness Certification (CCC)

• Regulatory function: Satisfies the "risk-proportionate" and "justified" requirements of AMLR Article 20(4) and FATF Recommendation 10.5.

• The human decision is bound inside a JSON-LD structural envelope with an inline static context definition. External context URI references are explicitly prohibited, eliminating the semantic injection vulnerability. The envelope embeds the SHA-256 hashes and document creation timestamps of:

  • The active threat model.

  • The most recent adversarial robustness assessment.

  • The verified TPRM third-party software perimeter scope.

• Document timestamps establish information recency within FATF Recommendation 10.5-conformant review cycles.

4.4 Silicon-Enforced Non-Repudiation

• Regulatory function: Satisfies the "non-repudiable" requirement of AMLR Article 20(4) and eIDAS 2 Article 26(2).

• Non-repudiation combines asymmetric hardware token signing with Qualified Electronic Signatures (QES) under eIDAS 2 Article 3(12). Four constraints are enforced:

  • The synchronization window T_sync must be equal to or less than 30 seconds between hardware nonce generation and TSA token receipt; the transaction is automatically aborted and the nonce invalidated if this limit is exceeded.

  • Simultaneous submission to two independent QTSPs is mandatory; both RFC 3161 responses must agree within a maximum variance of 2 seconds.

  • The Board-level governance token must be issued within a delta t equal to or less than 300 seconds of the operational seal timestamp.

  • TEE-internal NTPv4 clock verification against three independent stratum-1 servers is executed before nonce generation; any discrepancy exceeding 5 seconds triggers an immediate abort and tamper alert.

4.5 Independent Custody

• Regulatory function: Satisfies the independence requirement of AMLR Article 20(4) and AMLA administrative evidence access under Regulation (EU) 2024/1620.

• The evidentiary artifact is committed immediately to either:

  • A QTSP preservation platform under eIDAS 2 Article 34a, with HSMs certified to Common Criteria Protection Profile EN 419 221-5.

  • Or an immutable write-once-read-many (WORM) storage architecture as a compliant alternative.

• The QTSP layer satisfies AMLA's administrative evidence access requirements independently of national judicial custody procedures.

4.6 Forensic Chain of Custody

• Regulatory function: Ensures evidence continuity from T-0 to production before any supervisory authority.

• Bipartite cryptographic escrow embeds an active OCSP staple directly into the sealed envelope at issuance, ensuring complete offline forensic readability without runtime dependency on real-time certificate authority lookups.

4.7 Governance Trajectory — HAN-Graph with Merkle Root Escrow

• Regulatory function: Provides a sealed governance decision trajectory across the full execution lifecycle, addressing trajectory evidence requirements under FATF Recommendation 10.

• Human Arbitration Nodes (HANs) and Autonomous Execution Segments (AESs) are mapped as a Directed Acyclic Graph (DAG). The Edge State Commitment protocol hashes the complete agent execution state at every HAN-to-AES and AES-to-HAN transition, binding each HAN seal to the full, verifiable history of payload states preceding it.

• The SHA-256 fingerprints of all topology components and Edge State Commitments constitute the leaf nodes of a Merkle Tree. The Merkle Root hash is recorded at each sealing event and deposited under bipartite escrow via a certified Commissaire de Justice, rendering retroactive topology alteration cryptographically detectable and legally opposable.

4.8 T-0 Sealing Protocol — Six-Step Sequence

• Step 1 — Ex-Ante Definition of Probatory Perimeter: Define contractually the decisional atoms subject to the protocol: board resolutions, CISO approvals, critical operational directives, personal data processing authorizations. Every atom within the defined perimeter is captured without exception.

• Step 2 — Deterministic Capture at T-0: Freeze the raw atom at the exact instant of human decisional validation, before the instruction reaches the agent. Format, encoding, and metadata perimeter are defined ex-ante to guarantee strict bit-for-bit reproducibility by any independent third-party expert.

• Step 3 — Salt-Free SHA-256 Hash: Apply SHA-256 without salt. This is a deliberate architectural choice: salting introduces a secret parameter that prevents independent third-party verification without key disclosure. Salt-free SHA-256 enables any expert holding the original document to independently recompute and verify concordance without any secret parameter.

• Step 4 — eIDAS 2-Qualified Timestamp with Automated TSL Verification: Submit the SHA-256 hash to a QTSP compliant with eIDAS 2 Article 41. The EU List of Trusted Lists (LOTL) is fetched programmatically, the TSL signature verified against the EU trust anchor, the QTSP's current qualified status confirmed, and all steps documented within the DRH at T-0.

• Step 5 — Judicial Escrow with Commissaire de Justice: Deposit the DRH with a Commissaire de Justice — a public officer of court under Belgian law. The Commissaire de Justice issues a Formal Report of Cryptographic Equivalence (Procès-Verbal), constituting an authentic instrument under NCC Article 8.2 and generating a date certaine opposable to all adverse parties without judicial assessment of evidentiary weight.

• Step 6 — Mandatory Isolation of Capture Interface: Two configurations are admissible:

  • Configuration A — Reinforced Software Isolation: Sealing application within an isolated process, attested by code signing and TPM 2.0 integrity validation. Appropriate for NIS 2 important entities at standard risk levels. Architectural boundary: process-level isolation operates at the OS layer and does not address hypervisor-level threat models.

  • Configuration B — Physically Distinct Terminal (Gold Standard): T-0 capture on a dedicated terminal physically separate from the agent workstation, with HSM certified to FIPS 140-3 Level 3 and Common Criteria Protection Profile EN 419 221-5. Mandatory for DORA Tier 1 entities and AI Act Annex III high-risk deployers.

4.9 Constitutive Epistemological Limit

The cryptographic sealing at T-0 attests to the existence and structural integrity of the human validation atom at that specific moment. It does not attest to the intrinsic veracity of its content, nor to the effective behavior of the agent following receipt of the instruction. A flawed atom sealed at T-0 remains a flawed atom with a certain date — nothing more. This precise delineation is itself a structural protection: it renders the architecture immune to the objection that it claims more than it delivers.

5. SUPERVISORY EXPOSURE AND REGULATORY STAKES

Under AMLR Article 20(4), AI Act Article 14, and DORA Article 17(3), organizations must supply independent, untampered historical proofs immediately upon supervisory request — without reconstruction, and without dependency on operational systems under investigation.

Regulatory Sanctions Framework and Liability Metrics

The following maximum sanctions apply to entities unable to demonstrate pre-execution human governance. Turnover percentages apply directly to total global annual turnover:

• NIS 2 Liability Exposure (Articles 20(1) and 21): Enforces structural demonstrability of board accountability and active cybersecurity risk-management implementation. Sanction: Up to EUR 10 million or 2% of total global annual turnover.

• DORA Financial Exposure (Articles 17(3) and 50(4)): Enforces definitive proof of probative, untampered ICT risk and incident documentation. Sanction: Up to EUR 10 million or 5% of total annual worldwide turnover.

• AI Act High-Risk Violations (Article 14 and Article 99 Tier 2): Enforces implementation of verifiable human oversight architectures for Annex III autonomous platforms. Sanction: Up to EUR 15 million or 3% of total global annual turnover.

• AI Act Prohibited Systems Breach (Article 5 and Article 99 Tier 1): Enforces absolute alignment regarding prohibited AI algorithmic parameters. Sanction: Up to EUR 35 million or 7% of total global annual turnover.

• AMLR Supervision Exposure (Article 20(4) and Article 46): Enforces continuous operational capacity to supply immediate, independent evidentiary proof during audits. Sanction: Up to EUR 10 million or 10% of total global annual turnover.

Probatory circularity as an aggravating factor: A director unable to produce pre-incident proof of active supervision cannot rebut the presumption of negligence under NIS 2 Article 20(1) and AMLR Article 20(4). The absence of pre-execution sealed proof converts a governance question into personal liability exposure.

5.3 OaaS Positioning

Observability and Opposability are complementary, non-competing infrastructure categories:

• Observability (SIEM, EDR, log management) answers: What happened?

• Opposability / OaaS (SOURCE 0) answers: Did the director exercise diligence before it happened?

An organization subject to NIS 2, DORA, or the AI Act requires both. Only OaaS produces evidence that personally shields the director under NIS 2 Article 20(1) and AMLR Article 20(4).

CONCLUSION: THE STRUCTURAL IMPASSE IS RESOLVED

The Paradox of Asymmetry Kinetics is not a technical problem addressable by faster SIEM, more sophisticated EDR, or enhanced code review. It is a temporal category error embedded in the law: the assumption that human oversight can occur "in real-time" when the execution latency of autonomous AI systems is physically incompatible with human supervisory capacity.

The resolution is architectural decoupling: the human validation atom is sealed at T-0, strictly prior to agent execution, in an isolated hardware environment. The sealed artifact is escrowed under an authentic instrument issued by a Commissaire de Justice and preserved by a QTSP under eIDAS 2 Article 34a. This converts the legal requirement of "real-time oversight" into the forensic reality of pre-execution cryptographic proof — upstream of any execution, independent of any potentially compromised operational system, and immediately opposable before any competent supervisory authority or court.

The industry sells observability. SOURCE 0 delivers opposability.

Regulatory Notice and Supplementary Resources

Jean‑François ELSEN provides corporate directors, legal departments, supervisory authorities, CISOs, risk managers, compliance officers, and critical infrastructure operators with access to complete protocol specifications, evidentiary architecture blueprints, and structural dissociation audit frameworks applicable to NIS 2, DORA, the AI Act, and high‑risk operational environments.

For formal doctrinal consultations, legal memoranda, evidentiary governance reviews, or forensic compliance audits, inquiries may be addressed to the office of Jean‑François ELSEN.