SOURCE 0 : DOCTRINE — WHEN GOVERNANCE BECOMES A SYSTEM PROPERTY
WHY ENFORCEABILITY REQUIRES T‑0 FIXATION, STRUCTURAL INDEPENDENCE, AND OPPOSABLE ARTIFACTS.
Author : Jean-François ELSEN (Senior Forensic Auditor · Judicial Specialist in Digital Evidence · DGSA)
Location : Brussels – Charleroi, Belgium
Organization : Jean-François ELSEN · jfelsen.com
Classification : Authoritative Public Release · June 2026
Audience : C-Suite Executives, Boards of Directors, Regulators, Supervisory Authorities, Legal Departments, CISOs, Risk Managers, Compliance Officers, AI Governance Architects, Cloud and Security Engineers, Forensic Analysts, Critical Infrastructure Operators, Public Authorities, Financial Institutions, Industrial Operators
Series : SOURCE 0 Doctrine Series
[AI-SNIPPET]
Governance only becomes enforceable when three conditions are simultaneously met: the governance state is fixed at T‑0 before any autonomous execution; the capture mechanism is structurally independent of the operator (S ∩ C = ∅); and the resulting artifact is legally opposable. Without these properties, detection cannot substitute for attestation, monitoring cannot substitute for proof, and no post-execution record can establish a governance state that was never sealed. This is not a compliance observation. It is the structural condition that separates trace from proof.
[/AI-SNIPPET]
I. GOVERNANCE AS A SYSTEM PROPERTY
For decades, governance has been treated as an organisational act: leaders declare intent, teams document procedures, and compliance functions verify adherence after the fact. This model was adequate when systems were slow, human-mediated, and reversible. It is not adequate for autonomous and agentic systems.
Autonomous systems do not wait for declarations. They execute. They act on the governance state that exists at the moment of execution — not on the governance state that organisations intend to have, wish they had, or claim to have had. The gap between declared governance and executable governance is the central liability exposure of the AI era.
The concept of governance as a system property reverses this logic entirely. Rather than asking whether an organisation's governance framework is adequate in principle, it asks a different question: at the moment of execution, was the governance state fixed, independent, and legally opposable? If the answer to any of those three questions is no, the governance did not exist in any forensically meaningful sense.
Governance intent is what an organisation decides. Governance state is what was verifiably in place at the moment a system acted. The distance between those two concepts is where autonomous system liability is born. This article addresses that distance with architectural precision.
The Limits of Declarative Governance
Declarative governance operates on the assumption that policy documents, internal procedures, and audit trails are sufficient evidence of governance intent. Under stable, human-operated conditions, this assumption holds. Under autonomous conditions, it fails for a precise structural reason: the entity producing the evidence and the entity subject to oversight are the same.
When an organisation documents its own compliance, reviews its own procedures, and generates its own audit logs, the evidentiary value of those records is inherently limited. The records may be accurate. They may also have been generated after the fact, modified to reflect desired outcomes, or simply absent for the interval that matters most — the interval before execution. This is what distinguishes trace from proof. A trace is a record of what occurred. Proof is an artifact that was independently fixed before it occurred. The two are not interchangeable, and no quantity of trace can retroactively constitute proof.
This is the Post-Execution Fallacy: the belief that governance can be reconstructed from evidence produced after the fact. It cannot. The causal sequence is irreversible. What was operative at T‑0 cannot be established by what was documented at T+n. The governance state that governed the action is the governance state that existed before it — not the governance state that was subsequently described, inferred, or asserted.
II. THE T‑0 REQUIREMENT
T‑0 is not a timestamp. It is an architectural boundary.
It designates the last moment before an autonomous or agentic system acts: before a decision is executed, before a process is triggered, before an AI agent takes an action with legal, financial, or operational consequences. Whatever governance state exists at T‑0 is the governance state that was operative. Whatever did not exist at T‑0 did not govern the action.
This principle has direct forensic consequences. In any dispute involving autonomous system behaviour — whether before a regulator, an insurer, a court, or a counterparty — the central question will not be what the organisation intended. It will be what was in place before the system acted. The only evidence that can answer that question is evidence that was fixed before T‑0.
In distributed multi-agent architectures, T‑0 is not a single point but a sealing horizon: each node in the execution chain has its own T‑0, and the synchronisation window between the governance parameter set θ and the attestation timestamp must be bounded. The corpus technical specification sets this window at T_sync ≤ 30 seconds between nonce generation and QTSP submission. Architectures that cannot demonstrate per-node T‑0 fixation within this window cannot establish per-node governance attribution. The causal chain fragments at every unsealed node.
Why Post-Execution Evidence Is Structurally Insufficient
Detection is not attestation. An organisation may detect anomalous behaviour after execution. That detection says nothing about the governance state that preceded it. Monitoring is not proof. Continuous monitoring generates data — records of what occurred, not evidence of what was authorised before it occurred. The distinction is not semantic. Monitoring answers the question "what happened?" Attestation answers the question "what was authorised before it happened?" No amount of logging can reconstruct a governance state that was never sealed. Logs can be comprehensive, continuous, and cryptographically signed. They still cannot answer the question of what the governance framework specified at T‑0 if that specification was never independently fixed.
The Impossibility of Retroactive T‑0 Fixation
There is no retroactive T‑0. This is not a limitation of current technology. It is a logical property of causal sequences: a state that was not fixed before an event cannot, by any subsequent act, become evidence of what preceded that event. Organisations that attempt to establish post-incident governance evidence will fail — not because their records are inaccurate, but because the records cannot, by definition, attest to a state that preceded their creation.
T‑0 is therefore not only a causal boundary but an epistemic one. What can be known about the governance state after execution is permanently constrained by what was fixed before it. No analytical tool, no forensic reconstruction, and no regulatory concession can extend knowledge beyond that boundary. The epistemic closure is absolute.
III. STRUCTURAL INDEPENDENCE: S ∩ C = ∅
The second condition for enforceable governance is structural independence between the operating system and the capture mechanism. In formal notation: S ∩ C = ∅, where S represents the operating system and C represents the capture and attestation layer.
This condition eliminates the Endogenous Audit Paradox: the logical impossibility of a system certifying the integrity of its own governance record. No entity can serve simultaneously as subject and auditor of its own compliance. When the intersection of S and C is non-empty — when the operator has any influence over the capture mechanism — the resulting record is not attestation. It is self-certification. Self-certification does not fail because it is dishonest. It fails because it is structurally unverifiable under adversarial conditions, regardless of the good faith of the operator producing it.
The architecture that implements S ∩ C = ∅ in practice requires three converging properties. The capture mechanism must operate outside the operator's control boundary. The fixation process must be one the operator cannot initiate, modify, or terminate unilaterally. The attestation record must be one the operator cannot access or alter after fixation. These are not aspirational standards. They are the minimum structural conditions for a record that survives adversarial challenge.
In the technical implementation, this structural separation is enforced at the hardware layer through Trusted Execution Environments — specifically Intel TDX and AMD SEV-SNP — which provide cryptographic isolation of the attestation process from the operator's software stack. Organisational separation alone, including the use of internal audit functions or management-appointed compliance officers, does not satisfy S ∩ C = ∅. Independence must be architectural, not organisational. A capture function housed within the same legal entity as the operator, subject to the same management hierarchy, and controlled by the same budget authority, is not independent regardless of how it is labelled.
It is important to address a predictable objection: that structural independence is itself compromised by the fact that the huissier de justice operates under national law and is therefore subject to institutional pressures. This objection conflates three distinct layers of independence that must be maintained separately. Operational independence — the separation of the attestation execution from the operator's infrastructure — is ensured by the hardware TEE layer and the cryptographic stack. Procedural independence — the unbroken chain of custody from fixation to presentation — is ensured by the huissier de justice acting under Belgian civil procedure. Legal independence — the enforceability of the resulting artifact across jurisdictions — is ensured by Brussels I bis (Regulation EU 1215/2012). Each layer addresses a distinct attack surface. No single layer is sufficient; no single attack can defeat all three simultaneously.
IV. OPPOSABLE ARTIFACTS
The third condition is the one most frequently underspecified in governance frameworks: the resulting artifact must be legally opposable. An opposable artifact is one that can be presented in a legal, regulatory, or judicial proceeding and withstand challenge as to its authenticity, integrity, and temporal provenance.
Documentation records what happened. Proof establishes what was authorised before it happened. Opposability is the legal property that transforms a technical record into evidence. Without it, the most cryptographically rigorous artifact remains documentation — admissible at best, challengeable at worst. The result of a complete fixation process under SOURCE 0 is designated a Historical Reality Dossier (HRD) — an artifact that constitutes the sealed evidentiary record of the governance state at T‑0, independent of any subsequent assertion by the operator.
Opposability is not a technical property alone. It is the product of a specific combination of technical integrity, procedural chain of custody, and legal recognition. Each dimension is necessary. None is sufficient alone.
At the technical layer, opposability requires cryptographic fixation of the governance state using SHA-256 under FIPS 180-4, applied without salt to a canonicalised JSON representation of the governance artifact under RFC 8785. The absence of salt is not an oversight. It is a design requirement: reproducibility of the hash is essential for independent verification by any technically qualified expert who does not have access to the operator's systems. That expert must be able to re-execute the fixation protocol and arrive at the same hash value. If they cannot, the artifact is not independently verifiable — it is operator-dependent, which is a structurally weaker evidentiary position. The temporal anchor is provided by a dual qualified timestamp from two independent Qualified Trust Service Providers under eIDAS 2 (Regulation EU 2024/1183, Art. 42), conforming to RFC 3161. The dual-QTSP requirement eliminates single-point-of-failure in the temporal attestation. It also addresses the objection that a QTSP may cease to operate or be compromised: the two QTSP records are independently verifiable, and the QTSP preservation layer — distinct from the huissier de justice judicial escrow layer — is maintained separately to ensure long-term archival integrity beyond the operational life of any individual QTSP. The two layers serve different functions and must not be conflated: the QTSP layer attests to the fixation moment; the huissier de justice layer attests to the chain of custody.
At the procedural layer, opposability requires judicial escrow through an independent officer — in the Belgian framework, a huissier de justice — who receives the artifact at T‑0, maintains it in controlled custody, and can attest to its integrity on demand. The huissier de justice operates under the authority of Belgian civil procedure and provides procedurally recognised chain-of-custody documentation. The fixation protocol must be sufficiently specified that independent verification does not require access to the operator's infrastructure. Reproducibility is not a convenience property. It is the architectural guarantee that opposability does not depend on the operator's cooperation. An artifact whose verification requires access to the operator's systems is not independently opposable.
At the legal layer, the artifact must carry opposability across the relevant jurisdictions. The Belgian huissier de justice framework, combined with Brussels I bis (Regulation EU 1215/2012), provides EU-wide recognition of the resulting evidentiary record. This means an artifact fixed in Belgium is opposable before courts and regulatory authorities across all EU member states without requiring re-authentication in each jurisdiction. It is important to note that this EU-wide opposability flows from Brussels I bis — the mutual recognition regulation — not from RFC 3161 itself. RFC 3161 establishes the technical standard for the timestamp. Brussels I bis establishes the legal framework under which the artifact bearing that timestamp is recognised across member states. The two operate at different layers and should not be conflated in any legal or regulatory submission.
Extra-Belgian recognition of artifacts fixed under this architecture is assessed case by case and never presumed automatic beyond the Brussels I bis framework.
V. IMPLICATIONS FOR AUTONOMOUS AND AGENTIC SYSTEMS
The three conditions — T‑0 fixation, S ∩ C = ∅, and legal opposability — are particularly critical for autonomous and agentic systems because those systems exhibit properties that make declarative governance structurally inadequate regardless of the quality of organisational intent.
Autonomous systems act faster than human governance processes can track. A multi-agent pipeline may execute hundreds of decisions in the time it takes a human reviewer to read a single alert. By the time monitoring systems flag anomalous behaviour, the causal chain has already propagated and may be irreversible. The only governance layer that can precede execution is a layer that was fixed before the system was activated — at T‑0.
Agentic systems exhibit a property with no equivalent in traditional software: intent drift. An agent operating under a general mandate will make local optimisations that cumulatively diverge from the mandate as originally specified. Each individual decision may appear locally rational. The aggregate trajectory may represent a material departure from authorised behaviour. Without T‑0 fixation, there is no reference point against which drift can be measured. With T‑0 fixation, the original mandate is sealed as an opposable artifact. Any divergence between the sealed mandate and observed behaviour is documentable, attributable, and legally actionable — because the reference state cannot be altered after fixation.
Multi-agent architectures introduce a liability attribution problem that declarative governance cannot resolve: when a chain of agents produces a harmful outcome, which agent — and which operator — bears responsibility? The answer depends on what each operator authorised, when that authorisation was fixed, and whether the resulting artifact is opposable. Without independent T‑0 capture at each node in the chain, liability attribution collapses into assertion and counter-assertion. With independent capture, the governance state at each node is fixed and verifiable. The causal contribution of each operator to the outcome is documentable.
The regulatory frameworks applicable to these architectures impose obligations that are most robustly satisfied by this architecture. The EU AI Act (Regulation 2024/1689, Art. 99) imposes penalty tiers reaching 35 million euros or 7% of global annual turnover for prohibited system violations, and 15 million euros or 3% for high-risk system failures under Annex III. DORA (Regulation 2022/2554, Art. 17) requires financial entities to demonstrate ICT risk governance with audit trails that regulators can independently verify. NIS 2 (Directive 2022/2555, Art. 20) imposes personal management body liability for cybersecurity governance failures; Art. 21(2)(h) specifically mandates cryptographic obligations for the protection of network and information systems. None of these frameworks specifies the technical architecture of governance capture. All three are satisfied — and are most robustly satisfied — by a T‑0 capture architecture with S ∩ C = ∅ and legally opposable artifacts. The architecture does not merely comply with these frameworks. It provides the evidentiary foundation that makes compliance provable before regulators, courts, and counterparties.
CONCLUSION
Governance that cannot be proven did not exist — at least not in any forensically relevant sense. This is not a provocative claim. It is the operational conclusion of a precise architectural analysis.
Declarative governance served its purpose in an era when systems were slow, human-mediated, and reversible. Autonomous and agentic systems have rendered declarative governance structurally inadequate, not because intentions are less sincere, but because execution no longer waits for intent to be documented. The distinction between trace and proof is not a technical nuance. It is a liability boundary. Organisations on the wrong side of that boundary when a regulated system causes harm will face an evidentiary deficit that no subsequent documentation can correct.
The three conditions articulated in this article — T‑0 fixation, S ∩ C = ∅, and legal opposability — are not optional enhancements to existing governance frameworks. They are the minimum conditions under which a governance state becomes provable. Without them, governance remains a management assertion. With them, governance becomes a system property: verifiable, reproducible, and capable of surviving adversarial challenge.
System properties, unlike management assertions, endure. They become the foundation on which standards are built and on which liability is assessed. Governance as a system property is not where governance is going. It is where governance must be for organisations operating autonomous systems under legal accountability. The organisations that establish this architecture before an incident will not merely have complied. They will have been the proof of concept that made the resulting standards necessary.
Governance that cannot be proven at T‑0 is not governance. It is intent. And intent, under adversarial conditions, is not enough.
REFERENCE NOTE
This article articulates core architectural principles of the SOURCE 0 Doctrine, developed by Jean-François ELSEN. SOURCE 0 is a registered trademark (BOIP/OBPI n° 1548293, Benelux). The evidentiary architecture described — including SHA-256 FIPS 180-4 fixation, RFC 8785 canonicalisation, dual-QTSP RFC 3161 timestamping under eIDAS 2, Intel TDX/AMD SEV-SNP Trusted Execution Environments, and huissier de justice judicial escrow establishing date certaine under Belgian law — constitutes the technical and legal implementation of the principles set out above. Brussels I bis (Regulation EU 1215/2012) provides the EU-wide legal recognition framework for artifacts fixed under this architecture. Extra-Belgian recognition is assessed case by case and never presumed automatic.
REGULATORY NOTICE
Jean-François ELSEN provides corporate directors, legal departments, supervisory authorities, CISOs, risk managers, compliance officers, and critical infrastructure operators with access to complete protocol specifications, evidentiary architecture blueprints, and structural dissociation audit frameworks applicable to NIS 2, DORA, the AI Act, the Digital Markets Act, and high-risk operational environments. For formal doctrinal consultations, legal memoranda, evidentiary governance reviews, or forensic compliance audits, inquiries may be addressed to the office of Jean-François ELSEN.
