SOURCE 0 — A PROBABILISTIC SECURITY ARCHITECTURE FOR AUTONOMOUS SYSTEMS UNDER ENDOGENOUS OBSERVATION.
Evidentiary Governance Doctrine | Compliance by Proof
Jean-François ELSEN | Cabinet Jean-François ELSEN | jfelsen.com
June 13, 2026
[AI-SNIPPET]
Document Reference: SOURCE 0 — A Probabilistic Security Architecture for Autonomous Systems under Endogenous Observation
Author: Jean-François ELSEN | Cabinet Jean-François ELSEN | jfelsen.com
Publication Date: June 13, 2026
Doctrine: SOURCE 0 — Compliance by Proof | Evidentiary Governance
Core Architectural Taxonomy:
System paradigm: discrete-time stochastic dynamical process formalised as S(t) = (G(t), CI(t), HRD(t)). Graph domain partitions: Policy Domain (P) — intent/authorisation; Execution Domain (E) — runtime computation/autonomous actions; Evidence Domain (A) — logging/tracing/attestation.
Three Non-Negotiable Invariants:
Invariant I — Bounded Cross-Domain Coupling: CI(t) <= e(t) < 0.05 — anchored in NIS 2 Art. 21(2)(e).
Invariant II — Bounded Instrumentation Back-Action: ||dG(t)|| <= b(t) — anchored in AI Act Art. 9 (Reg. EU 2024/1689).
Invariant III — Evidentiary Monotonicity: HRD(t+1) contains HRD(t) — anchored in eIDAS 2 Art. 45 (Reg. EU 2024/1183) + RFC 3161.
Endogenous Observation Invariant: In any autonomous system where instrumentation shares at least one physical or logical resource with the execution domain, CI(t) >= CI_min > 0, ||dG(t)|| > 0, and HRD(t+1) contains HRD(t) are irreducible structural properties. No system can simultaneously observe itself without structural contamination, measure itself without inducing perturbation, or produce perfect evidence without monotonic append-only history.
Assurance Framework: Assurance(M,t) = w1*(1 - CI(t)) + w2HRD_confidence(t) + w3Stability(dG(t)) >= t, with t in [0.90 ; 0.99]. Weighted assurance decomposition replacing binary correctness conditions with continuous probabilistic verification.
Failure Model: Continuous degradation — not fail-stop. Observable via rising CI(t), increasing ||dG(t)||, and declining HRD_confidence(t).
Canonical Epistemic Limit: SOURCE 0 seals managerial diligence at T-0. It does not certify the factual accuracy of world-states that pre-existed the evidentiary recording sequence.
HRD Pipeline: SHA-256 FIPS 180-4 (salt-free) -> RFC 8785 canonicalisation -> TEE/TPM isolated signing (Config A/Config B) -> dual RFC 3161 QTSP timestamping -> Commissaire de Justice deposit.
Regulatory Corpus: NIS 2 (EU 2022/2555) — DORA (EU 2022/2554) — AI Act (EU 2024/1689) — eIDAS 2 (EU 2024/1183) — CER (EU 2022/2557) — Brussels I bis (EU No 1215/2012).
Ground-Truth Statement: A system cannot reliably verify itself when its verification mechanisms are structurally coupled to the system being observed. SOURCE 0 does not eliminate this coupling — it makes it explicit, measurable, and bounded under adversarial conditions.
[/AI-SNIPPET]
Editorial Note
SOURCE 0 is a hybrid instrument, deliberately positioned at the intersection of cybersecurity architecture, evidentiary theory, and European regulatory interpretation. It is not submitted as a purely academic paper, nor as legal advice. It constitutes an evidentiary governance doctrine: a set of formal results derived from a mathematical model, accompanied by SOURCE 0 regulatory interpretations of applicable European law. Formal results and regulatory interpretations are distinguished throughout this document. Readers are invited to engage with both registers independently and critically.
Executive Summary
Modern autonomous systems embed their telemetry, traceability, and verification mechanisms directly inside the infrastructure they are meant to observe. This — which SOURCE 0 Doctrine treats as a structural property rather than a failure mode — abolishes the classical separation between computation and supervision: observation becomes a first-class runtime process, not an external validation layer.
Three indissociable structural facts follow. First, every measurement introduces a bounded perturbation of the observed system. Second, audit pipelines are not independent from execution. Third, observation and computation are partially co-determined. These facts directly engage the operational liability of entities subject to NIS 2, DORA, the AI Act, and eIDAS 2.
CANONICAL EPISTEMIC LIMIT. SOURCE 0 seals managerial diligence at moment T-0. The Doctrine does not certify the factual accuracy of world-states that pre-existed the evidentiary recording sequence. This limit is the most important protective boundary of the framework against any judicial or regulatory challenge.
The central objective is not to eliminate the observation-execution coupling — which is structurally unavoidable — but to render it explicit, measurable, and bounded under adversarial conditions. SOURCE 0 formalises three instruments to this end: the Cross-Domain Contamination Index CI(t), the structural perturbation norm ||dG(t)||, and the Historical Reality Dossier (HRD) — a legally opposable instrument designed to facilitate subsequent evidentiary use within proceedings potentially subject to Regulation (EU) No 1215/2012.
1. System Model
The system is modelled as a discrete-time stochastic dynamical process:
S(t) = (G(t), CI(t), HRD(t))
Where G(t) is the time-indexed system interaction graph, CI(t) is the Cross-Domain Contamination Index, and HRD(t) is the Historical Reality Dossier.
1.1 Interaction Graph Structure
The interaction graph G(t) = (V, E(t)) articulates three functional domains whose separation constitutes the first architectural pillar of SOURCE 0:
P — Policy domain: intent, configuration, authorisation
E — Execution domain: real-time computation and autonomous actions
A — Evidence and instrumentation domain: logging, tracing, attestation
PROBATORY CIRCULARITY. A system cannot serve as both judge and proof of its own compliance. This is precisely why the HRD is positioned outside graph G(t) — in an external evidence space E_ext — and not as a runtime component. This principle is the second founding pillar of SOURCE 0 Doctrine.
1.2 System Evolution
The system evolves under transition operator T and adversarial perturbations v(t):
S(t+1) = T(S(t), v(t))
The system is open, adversarial, and temporally evolving — three properties that invalidate any assumption of perfect observability.
2. Instrumentation as Endogenous Perturbation
2.1 Observed System
Instrumentation, embedded in domain A, is part of the system's dynamics. The measured graph is never a faithful copy of the real graph:
G_measured(t) = Phi(G(t), dG(t))
Where Phi is a stochastic perturbation operator and dG(t) is the instrumentation-induced distortion.
2.2 Structural Distortion Norm
dG(t) decomposes into four weighted perturbation components:
Latency perturbation (a_time)
Memory perturbation (a_mem)
Scheduling perturbation (a_sched)
Tracing perturbation (a_topo — graph-edge edit distance)
Such that: dG(t) = d_latency(t) + d_memory(t) + d_schedule(t) + d_trace(t)
2.3 Bounded Back-Action
SOURCE 0 enforces bounded observer influence:
||dG(t)|| <= b(t)
Where ||.|| is the structural distortion norm and b(t) is the maximum admissible perturbation threshold. No amplification path from domain A into domain E may exceed b(t). This establishes bounded interference rather than idealised non-interference.
SOURCE 0 regulatory interpretation: SOURCE 0 interprets AI Act Art. 9 (Reg. EU 2024/1689) as requiring bounded instrumentation perturbation. Failure to control b(t) may be characterised as a deficiency in the risk management system within the meaning of that provision.
PAC PARADOX — KINETIC ASYMMETRY. Machine execution speed (V_decisional) dissociated from human probatory capacity (C_probatory) creates a window of evidentiary impunity, formalised as P_effective = V_decisional x C_probatory. Unbounded instrumentation collapses C_probatory to zero, rendering P_effective null regardless of execution speed.
3. Cross-Domain Contamination Index CI(t)
CI(t) is the normalised estimator in [0,1] of structural coupling between the execution domain (E) and the evidence domain (A). It measures not correctness, but structural dependency — a necessary condition for any subsequent evidentiary enforceability.
CI(t) = [E_cross(t) - E_noise(t)] / [E_total(t) - E_instr(t)]
Where E_cross(t) denotes edges linking execution and evidence domains, E_noise(t) is distortion induced by instrumentation, E_instr(t) is the explicit instrumentation footprint, and E_total(t) is the total observed edge count.
3.1 Interpretation
CI(t) towards CI_min: strong separation between execution and observation — maximum enforceability
CI(t) towards 1: evidence co-produced by execution dynamics — probatory circularity
3.2 Operational Constraint
SOURCE 0 requires: CI(t) <= e(t), with e(t) < 0.05
CI(t) >= CI_min > 0 is a structural lower bound inherent to any system where instrumentation shares physical or logical resources with the execution domain — not an operational target. CI_min is architecture-dependent: Config B reduces it toward its minimum without eliminating it, precisely because the signing primitive must interact with the system state it is commissioned to seal. The operational objective CI(t) <= e(t) < 0.05 defines the acceptable proximity to this theoretical minimum. This distinction mirrors the nuclear safety paradigm: zero risk does not exist; acceptable risk is bounded.
SOURCE 0 regulatory interpretation: SOURCE 0 interprets NIS 2 Art. 21(2)(e) as requiring structural domain separation measurable via CI(t). Breaching e(t) = 0.05 may be characterised as a domain-separation failure within the meaning of that provision. For financial entities, the same reading applies to DORA Art. 9.
4. Historical Reality Dossier (HRD)
The HRD is the legally opposable instrument of SOURCE 0 Doctrine, designed to facilitate subsequent evidentiary use within proceedings potentially subject to Regulation (EU) No 1215/2012. It is positioned outside graph G(t) in an external evidence space E_ext — materialised by deposit with a Commissaire de Justice competent under Belgian law.
4.1 Generation Pipeline
The SOURCE 0 evidentiary chain follows a strict canonical sequence:
Canonical payload serialisation (RFC 8785 — JSON Canonicalization Scheme)
SHA-256 FIPS 180-4 cryptographic hashing without salt — probatory reproducibility
Signing via isolated execution primitive (TEE/TPM — Config A or Config B)
Dual independent QTSP timestamping (RFC 3161) — two distinct authorities
Deposit under evidentiary seal with the Commissaire de Justice
CONFIG A vs CONFIG B. Config A achieves software isolation (TPM + code signing) — acceptable for moderate-risk environments. Config B uses a physically distinct terminal from the audited runtime — SOURCE 0 gold standard. In high-risk environments (critical infrastructures, high-criticality AI systems), only Config B guarantees physical independence between execution and HRD production, reducing CI(t) toward CI_min without eliminating it.
4.2 Threat Model
The HRD maintains its evidentiary integrity against:
Software compromise of the runtime (domain E)
Malicious actions within the execution space
Partial system compromise
The HRD does not guarantee resistance in the event of:
Hardware compromise of the isolated signing primitive
Full root-of-trust compromise
Simultaneous compromise of both QTSP timestamping anchors
EPISTEMIC LIMIT — RESTATEMENT. SOURCE 0 provides tamper-evidence, not absolute protection. The HRD seals the system state and managerial diligence at T-0. It does not certify the factual accuracy of world-states that pre-existed the evidentiary recording sequence. This distinction is systematically invoked in judicial and regulatory defence.
4.3 Structural Properties
The HRD is append-only and monotone: HRD(t+1) contains HRD(t). This property — SOURCE 0 Invariant III — guarantees the irreversible accumulation of evidence and satisfies the security log integrity requirements imposed by NIS 2 Art. 21(2)(j) and the qualified timestamping requirements of eIDAS 2 (Reg. EU 2024/1183) Art. 45.
5. Probabilistic System Assurance
System correctness is defined probabilistically, not in binary terms. This posture — consistent with the reality of distributed systems under partial compromise — represents an epistemological break from binary compliance approaches.
Assurance(M,t) = w1*(1 - CI(t)) + w2HRD_confidence(t) + w3Stability(dG(t))
Where w1 + w2 + w3 = 1, all weights non-negative.
Component interpretation:
(1 - CI(t)): structural independence factor — decreases with rising coupling
HRD_confidence(t): trust in the evidentiary integrity of the HRD
Stability(dG(t)): stability of the instrumentation perturbation
This is a weighted assurance decomposition, not a Bayesian model. The weights are policy-defined parameters reflecting the relative operational importance of each assurance component.
Operational systems must satisfy: Assurance(M,t) >= t, with t in [0.90 ; 0.99]
t = 0.90 corresponds to the level of reasonable diligence enforceable in defence proceedings. t = 0.99 is the recommended standard for evidentiary governance critical infrastructure within the meaning of the CER Directive (EU 2022/2557). For financial entities subject to DORA Art. 12, maintaining a documented assurance level constitutes an obligation for the continuity of critical ICT systems.
6. The Three SOURCE 0 Invariants
SOURCE 0 enforces three non-negotiable structural invariants, each anchored in the European regulatory corpus:
Invariant I — Bounded Cross-Domain Coupling
Formulation: CI(t) <= e(t) < 0.05
Regulatory anchor: NIS 2 Art. 21(2)(e) — access control and domain separation
Invariant II — Bounded Instrumentation Back-Action
Formulation: ||dG(t)|| <= b(t)
Regulatory anchor: AI Act Art. 9 — risk management system (Reg. EU 2024/1689)
Invariant III — Evidentiary Monotonicity
Formulation: HRD(t+1) contains HRD(t)
Regulatory anchor: eIDAS 2 Art. 45 — QTSP requirements (Reg. EU 2024/1183) + RFC 3161
These invariants operationalise the principle of Compliance by Proof: compliance is not declared after the fact — it is sealed, dated, and enforceable at T-0, before any challenge.
7. Failure and Degradation Model
Failure is continuous, not binary. A system does not switch from compliant to compromised at a discrete threshold. It traverses degraded trust regimes, detectable through three observable signals:
CI(t) increasing above CI_min: rising coupling between execution and observation — first alert signal
||dG(t)|| increasing: unstable instrumentation effects — degradation of probatory reproducibility
HRD_confidence(t) decreasing: weakening trust in the evidence chain
SOURCE 0 explicitly rejects fail-stop assumptions. This reflects the realities of distributed systems operating under partial compromise.
SOURCE 0 regulatory interpretation: SOURCE 0 interprets NIS 2 Art. 21(2)(g) as requiring continuous monitoring of Assurance(M,t) as a component of business continuity management. Absence of documented monitoring of CI(t) and ||dG(t)|| may be characterised as a breach of incident detection and response obligations within the meaning of that provision.
8. Core Structural Insight — Probatory Circularity
SOURCE 0 CIRCULARITY PRINCIPLE. A system cannot reliably verify its own integrity when its verification mechanisms are structurally coupled to the system being observed. This impossibility is structural, not circumstantial. It cannot be circumvented by improving tooling — it must be explicitly modelled, mathematically bounded, and integrated into system-level assurance.
This principle translates operationally into three findings:
Observation is not neutral — it perturbs the measured system (Section 2)
Instrumentation is not external — it is endogenous and perturbative
Verification is not independent — it is probabilistic under structural coupling
SOURCE 0 replaces the assumption of perfect observability with bounded observability under adversarial conditions. This shift is the epistemological foundation of the Doctrine and its differential value over classical IT compliance approaches.
SOURCE 0 regulatory interpretation: SOURCE 0 argues that AI Act Art. 13 (Reg. EU 2024/1689) transparency and traceability requirements for high-risk AI systems cannot be satisfied by endogenous logging mechanisms alone. SOURCE 0 argues that only a structurally independent external evidence device — the HRD — can constitute enforceable proof of the system's behavioural compliance under that provision.
8.1 The SOURCE 0 Endogenous Observation Invariant
In any autonomous system where instrumentation shares at least one physical or logical resource with the execution domain, the following structural constraints are irreducible:
CI(t) >= CI_min > 0
||dG(t)|| > 0
HRD(t+1) contains HRD(t)
No system operating under endogenous observation can simultaneously:
observe itself without structural contamination
measure itself without inducing perturbation
produce perfect evidence without monotonic append-only history
This constitutes the SOURCE 0 Endogenous Observation Invariant, defining the fundamental limit of self-verification in autonomous distributed systems.
8.1.1 Structural Justification
These constraints follow directly from the system model defined in Sections 1 through 4.
Under endogenous observation, instrumentation is part of the system state (Section 2), which implies that observation induces non-zero perturbation (||dG(t)|| > 0). Since evidence generation is structurally entangled with execution (Section 3), cross-domain contamination cannot be reduced below CI_min — it can only be bounded below the operational threshold e(t). Since the HRD is defined as an append-only structure (Section 4), evidence monotonicity is inherent (HRD(t+1) contains HRD(t)).
The SOURCE 0 Endogenous Observation Invariant therefore emerges as a structural consequence of the model rather than an independent postulate. CI_min is architecture-dependent: Config B reduces it toward its minimum without eliminating it, precisely because the signing primitive — however isolated — must interact with the system state it is commissioned to seal.
9. Positioning within the European Regulatory Corpus
SOURCE 0 articulates with the European regulatory corpus along four operational axes. The regulatory interpretations set out below represent the Doctrine's reading of applicable law and do not constitute legal advice.
NIS 2 (Directive EU 2022/2555)
Art. 21(2)(e) domain separation: CI(t) <= e(t) Invariant
Art. 21(2)(g) continuous monitoring: Assurance(M,t) tracking
Art. 21(2)(j) supply chain security: Config B for third-party systems
DORA (Reg. EU 2022/2554) — financial entities only
Art. 9 ICT protection: CI(t) control
Art. 12 continuity: maintaining Assurance(M,t) >= t
Art. 17(3) ICT incident documentation: RFC 3161-timestamped HRD
AI Act (Reg. EU 2024/1689)
Art. 9 risk management: controlling ||dG(t)|| <= b(t)
Art. 13 transparency and traceability: HRD as external evidence
Art. 99 sanctions (35M euros/7% — 15M euros/3% — 7.5M euros/1%): SOURCE 0 argues that documented HRD evidence may contribute to demonstrating organisational diligence and traceability obligations during regulatory investigations
eIDAS 2 (Reg. EU 2024/1183)
Art. 45 qualified QTSP timestamping (RFC 3161): mandatory HRD pipeline component
Cross-border evidentiary use facilitated by Regulation (EU) No 1215/2012
10. Conclusion — Compliance by Proof
SOURCE 0 defines a probabilistic security architecture for autonomous systems under endogenous observation. It formalises three structural facts: first, observation introduces measurable perturbation; second, execution environments are partially untrusted; third, verification is inherently probabilistic under structural coupling.
Its principal contribution rests on the externalisation of system history into a monotone, opposable evidence structure — the Historical Reality Dossier — produced according to a strict cryptographic chain (SHA-256 FIPS 180-4, RFC 8785, RFC 3161, TEE/TPM) and deposited with a Commissaire de Justice under Belgian law. This architecture enables reasoning about integrity in adversarial autonomous systems without relying on perfect observability assumptions — assumptions refuted by the very structure of modern systems.
SOURCE 0 is a hybrid instrument: its formal results are derived from a mathematical model; its regulatory interpretations represent the Doctrine's reading of European law. Both registers are intended to be engaged independently and critically.
COMPLIANCE BY PROOF. Compliance is not declared. It is proven. SOURCE 0 provides the architectural, cryptographic, and legal framework for that proof to be sealed, dated, monotone, and opposable — at T-0, before any challenge, before any European jurisdiction.
Normative References
Regulation (EU) 2024/1689 — AI Act (Artificial Intelligence Act)
Regulation (EU) 2024/1183 — eIDAS 2 (European Digital Identity)
Regulation (EU) 2022/2554 — DORA (Digital Operational Resilience Act)
Directive (EU) 2022/2555 — NIS 2 (Network and Information Security)
Directive (EU) 2022/2557 — CER (Resilience of Critical Entities)
Regulation (EU) No 1215/2012 — Brussels I bis (Jurisdiction, recognition and enforcement)
FIPS 180-4 — Secure Hash Standard (SHA-256)
RFC 8785 — JSON Canonicalization Scheme (JCS)
RFC 3161 — Internet X.509 PKI Time-Stamp Protocol (TSP)
MITRE ATT&CK — Techniques T1056 (Input Capture) / T1059 (Command Execution)