EVIDE
← Back to Signals
Layer Definition
Post-Bind · Closure

EVIDE - Closure Layer Definition

Independent evidentiary stabilization for responsibility-bearing closure states.
Public specification · v2.0 · May 2026 · Dott. Emanuel Celano, Informatica in Azienda
This document defines EVIDE's operational scope, timing-axis position, non-claims, and composability rules relative to adjacent governance layer types. It is layer-agnostic: EVIDE is designed to compose with any architecture implementing substrate, witness, and boundary functions - regardless of the specific system providing them. For the technical schema, see app.certifywebcontent.com/json.
Contents
EVIDE does not standardize how a decision is made.
It standardizes the minimum evidentiary object that can survive outside the source system.
Premise
Why EVIDE Exists

Modern systems increasingly preserve operational continuity even when the original legitimacy conditions behind continuation have degraded, drifted, or become partially unverifiable. A system can keep producing output, maintaining workflow stability, and appearing structurally sound - while the authority, oversight, and evidentiary basis for that continuation have silently shifted.

In this environment, the critical question is no longer only "Is the system working?" but "Does this continuation still have standing to produce consequence?" Operational persistence is not proof of legitimacy. Behavioral completion is not responsibility closure.

EVIDE exists to preserve the accountable closure state before post-event reconstruction, institutional memory, downstream interpretation, or operational continuity silently replace the contemporaneous responsibility configuration that existed when consequence became real. It does not prevent this drift from occurring. It creates an independently verifiable record -- an independent crystallization of the governance conditions that existed at the moment consequence became real -- that makes the drift visible and challengeable from outside the originating system.

"They come from anchoring something that was already drifting
at the moment it was externalized."
Section 1
Definition

EVIDE is the closure layer.

Its function is to stabilize the responsibility-bearing closure state once a finalized, attributable decision has reached closure - and to externalize that state as a portable, reconstruction-independent unit -- a crystallization of the accountable configuration at closure time -- that can be verified, challenged, and reviewed from outside the system that produced it.

EVIDE does not resolve admissibility.

It does not supervise execution.

It does not witness governed-state conditions before bind.

It stabilizes the accountable configuration at the moment responsibility closes, and carries that state forward as the canonical record.

The layer exists to prevent post-event reconstruction from silently replacing contemporaneous accountability.

Section 2
Timing-Axis Position

Within any runtime-separation governance model, each layer operates at a precise position on the bind-time axis. EVIDE's position is explicitly post-bind.

time bind-time PRE-OR-AT BIND Witness layer Governed-state evidence around the boundary AT BIND Boundary layer Admissibility resolution ALLOW / ESCALATE / REFUSE POST-BIND EVIDE Closure layer Evidentiary stabilization Substrate layer underlies all layers - behavioral history queryable at any point
Layer type Timing surface Function
Substrate layer Pre-bind Independently corroborated behavioral history - records what entities have done over time, queryable at decision time
Witness layer Before-or-at bind Independent governed-state evidence around the boundary conditions - policy posture, authority state, tool access, oversight configuration
Boundary layer At bind Admissibility resolution - produces ALLOW / ESCALATE / REFUSE before consequence commits
EVIDE (closure layer) Post-bind Evidentiary closure stabilization - responsibility-bearing closure state after the boundary condition has resolved
EVIDE activates after admissibility resolution, authority binding, and closure formation - once the closure state requires independently reviewable evidentiary stabilization outside the originating system. It does not re-evaluate, supervise, or reconstruct upstream conditions.
Section 3
Core Function

EVIDE stabilizes as independently reviewable closure artifacts external to the source system:

  • responsibility-bearing closure states
  • declared authority conditions
  • declared oversight conditions
  • intervention and classification context
  • observational-quality semantics (v2.0)
  • decision wave compression detection (DWC — Dim 10)
  • formal accountability collapse detection (FAC — Dim 11)
  • evidentiary readiness state

The layer preserves the accountable configuration as it existed at closure time rather than reconstructing it later from logs, memory, or downstream interpretation.

Immutability Invariant: The original intake object received by EVIDE remains fixed - canonicalized, hashable, and preserved exactly as received. The evidentiary_profile computed server-side evolves independently as an interpretive layer. This separation guarantees total integrity of the original evidentiary datum regardless of subsequent server-side computation.

Each closure artifact receives:

  • evide_id - stable external identifier, independent of the source system's reference
  • intake_hash - SHA-256 of the received payload at intake moment, independent of the source system's content hash
  • intake_timestamp_utc - EVIDE-side temporal anchor, independent of the source system's clock
  • authority_verification_status - claimed (DAPI-linked claimed identity reference present) or declared (authority as declared by source system, no DAPI reference)
Section 4
Failure Mode Protected Against
Post-event accountability reconstruction

Without a closure layer, logs, explanations, retrospective narratives, and downstream interpretations can silently replace the contemporaneous accountable state that existed when consequence became real.

The dangerous transition is not explicit falsification. It is gradual certainty inflation across interoperating layers:

  • One layer declares
  • Another preserves
  • Another operationalizes
  • Eventually the ecosystem treats accumulated declarations as stronger than the observable conditions ever justified

The distinction is structural: behavioral completion can be reconstructed from logs. Responsibility closure cannot be reconstructed without losing the evidentiary value of its contemporaneous existence.

EVIDE prevents this by stabilizing the closure state at the moment responsibility closes and anchoring it externally as a reconstruction-independent evidentiary object.

Section 5
Explicit Non-Claims

These are structural non-claims. Each represents a function that belongs to an adjacent layer type, not to EVIDE.

Does not resolve admissibility That is the boundary layer's function.
Does not witness governed-state conditions That is the witness layer's function.
Does not produce behavioral history That is the substrate layer's function.
Does not enforce execution EVIDE cannot prevent or permit an action from binding.
Does not supervise workflows EVIDE does not continuously monitor before or after bind.
Does not orchestrate runtime behavior EVIDE is not an agent framework or observability platform.
Does not validate decision correctness EVIDE does not certify that the decision was correct, safe, or compliant.
Does not independently verify declared authority DAPI references are recorded as claimed, not verified server-side.
Does not determine liability Whether liability attaches to the outcome is a separate governance question.
Does not reconstruct If the closure state is not externalized at the moment it exists, EVIDE cannot produce it from downstream artifacts.
EVIDE preserves closure. It does not govern execution.
Section 6
Observational-Quality Semantics (v2.0)

EVIDE v1.9 recorded that a boundary was validated. EVIDE v2.0 records the observational quality of the validation itself.

The key problem: validation layers can implicitly overclaim stability beyond the portion of the system they could actually observe. If EVIDE records that a boundary was validated without recording what portion of the system the validation could actually see, then "validated" silently overclaims. Making the visibility surface part of the evidentiary object keeps the closure layer honest without pulling it upstream into governance or admissibility.

"v1.9 made the boundary explicit.
v2.0 makes the evidentiary quality of the boundary explicit."

v2.0 adds to the closure artifact:

  • gate identity - the identity of the validation gate that assessed boundary readiness
  • gate scope reference - what portion of the upstream system the gate could actually observe
  • declared visibility surface - what conditions were within the gate's observational reach (declared_complete / partial / insufficient)
  • unresolved signals - conditions that could not be confirmed at validation time
  • canonical evidentiary state - verified / verified_partial / candidate / unverifiable
"Unverifiable" is not failure. It is not clearance. It is documented diligence in situations where the upstream system was too opaque to safely confirm stability. This prevents "verified" from silently implying complete visibility, and prevents opacity from being collapsed into either false stability or automatic failure. In audit or legal contexts, unverifiable with a present gate identifier demonstrates diligence - not negligence. The uncertainty remains preserved as an evidentiary object rather than converted into a clean authorization state.
"The uncertainty remains preserved as an evidentiary object
rather than converted into a clean authorization state."
Section 7
Continuity State Inheritance Matrix

EVIDE v2.0 computes a continuity dimension within the server-side evidentiary_profile via Forensic Cross-Check - an inferred anti-Synthetic-Coherence sensor derived from the intersection of classification state and runtime_visibility.

This mechanism prevents a closure object from appearing stable in the evidentiary record when the classification and visibility signals do not jointly support that stability claim.

Confirmed visibility
Partial visibility
Unverifiable
Stable classification
Stable
Degraded
Broken
Contested classification
Degraded
Degraded
Broken
Unresolved classification
Degraded
Broken
Broken
Anti-Synthetic-Coherence sensor: A closure object may declare verified boundary readiness while carrying a contested classification and partial visibility. The Forensic Cross-Check surfaces this inconsistency in the evidentiary_profile.continuity dimension as Degraded - preventing synthetic certainty from silently inflating evidentiary strength across composed layers.

Note: In v2.0, the continuity dimension (Dim 9) operates in mode: "inferred". profile_version: "1.1" introduces two additional inferred dimensions: Decision Wave Compression (DWC — Dim 10) and Formal Accountability Collapse (FAC — Dim 11). States for Dim 10-11: not_detected | detected | critical | unknown. When the Gate Qualification Framework (deferred to v2.x) defines a direct observation source, the continuity mode transitions from "inferred" to "qualified".

Section 7b
Closure Surface vs Continuity Substrate
A closure may remain structurally intact
while continuity conditions underneath it
are already degraded at crossing time.

This is the most important distinction introduced in EVIDE v2.0. Two surfaces coexist inside every closure artifact:

Closure Surface
Structurally intact

The closure object is formally valid: authority declared, decision finalized, handoff completed, intake hash computed. The system produced a structurally complete evidentiary object.

Continuity Substrate
Already degraded at crossing

The runtime conditions beneath the closure — visibility, classification coherence, oversight throughput, attribution integrity — may have degraded before or during externalization. The Forensic Cross-Check surfaces this tension.

Before v2.0, a degraded continuity substrate was invisible inside a structurally intact closure. The evidentiary object appeared clean because structural completeness and continuity integrity were not distinguished.

In v2.0, the evidentiary_profile separates these two surfaces explicitly:

  • Closure surface is assessed by the declared fields — authority, classification, threshold, boundary_readiness. These can all be structurally present.
  • Continuity substrate is assessed by the inferred dimensions — continuity (Dim 9), decision_wave_compression (Dim 10), formal_accountability_collapse (Dim 11). These expose whether the conditions beneath the declared surface were coherent at the moment of crossing.
A closure object with: boundary_readiness: verified + classification: stable + continuity: degraded + dwc: detected

is not a contradiction. It is an accurate evidentiary picture: the closure is structurally complete, the boundary was independently assessed, but the responsibility coherence beneath it was already under compression at the moment it was externalized. This is precisely what EVIDE is designed to make visible — not to prevent, and not to collapse into binary pass/fail.

This is the architectural core of EVIDE v2.0: the closure layer now preserves both the surface of the closure and the substrate conditions under which it was formed. A third party reviewing the record can distinguish structural completeness from continuity integrity — and that crystallization survives outside the originating system.

Section 8
Consumer-Boundary Invariant

EVIDE outputs must not be interpreted by downstream consumers as:

  • execution authorization
  • admissibility certification
  • runtime-governance approval
  • inherited authority transfer of any kind

The closure artifact preserves evidentiary accountability only within the explicitly declared scope of the layer. No downstream consumer may silently upgrade evidentiary stabilization into execution authority.

Implementation patterns that route an EVIDE closure artifact directly into an execution decision path without independent authority resolution are structural failures - they violate the no-authority-transfer invariant that any well-composed governance architecture must maintain.

Controlling test for composition discipline: Interoperability must increase reviewability without silently transferring authority across layers. If adding an interoperability seam makes the governed state harder to independently review, or allows authority, proof burden, or legitimacy to migrate silently from one layer to another, the seam has failed - regardless of how operationally coherent it appears.
Section 9
Composability with Adjacent Layer Types

EVIDE is designed to compose with any governance architecture that implements the following layer types, regardless of the specific system providing them.

Before-or-at bind
Witness layer
Independently witnesses policy posture, authority state, tool access, oversight configuration, and runtime/deployment conditions around the boundary. When a valid witness record is referenced, the closure artifact may carry stronger evidentiary support conditions without transferring admissibility or execution authority into the closure layer.
At bind
Boundary layer
Resolves admissibility at the execution boundary before consequence commits. The boundary layer's resolution artifact forms part of the upstream accountable state EVIDE stabilizes. EVIDE does not re-evaluate admissibility and does not depend on any specific boundary system - it requires only a finalized, attributable closure state.
Post-bind
EVIDE
Stabilizes the resulting responsibility-bearing closure state once closure has been reached. The closure artifact is structured so a third party can verify the record without accessing EVIDE, the source system, or any upstream layer.
Witness layers and EVIDE close the reconstruction gap at both ends of the evidentiary seam: the witness layer helps eliminate the need to reconstruct what governance conditions existed upstream; EVIDE eliminates the need to reconstruct the accountable configuration that existed at the binding moment.
Composability rule: EVIDE does not require any specific upstream system. It requires that the submitted closure object be finalized, attributable, and reconstruction-independent. Any boundary system producing a structurally equivalent resolution artifact satisfies EVIDE's intake conditions.
Section 10
Schema Reference (v2.0)

The boundary_readiness field in v2.0 is promoted from a string to a structured object. This is the central schema change that introduces observational-quality semantics into the evidentiary record.

Canonical state: verified
"boundary_readiness": { "status": "verified", "readiness_gate": { "identifier": "GateSystem-v1.2", "scope_reference": "https://example.org/gate-policy/boundary-v1" }, "visibility_surface": "declared_complete", "unresolved_signals": [] }
Canonical state: unverifiable
"boundary_readiness": { "status": "unverifiable", "readiness_gate": { "identifier": "GateSystem-v1.2", "scope_reference": "https://example.org/gate-policy/boundary-v1" }, "visibility_surface": "insufficient", "unresolved_signals": ["downstream_propagation_state", "rollback_viability"] }
status visibility_surface unresolved_signals Evidentiary meaning
candidate null [] Upstream declares readiness. No independent gate assessment.
verified declared_complete [] Gate confirmed stability across declared scope. Maximum evidentiary strength.
verified_partial partial [min. 1] Gate confirmed what it could see. Gaps are part of the record.
unverifiable insufficient [min. 1] Gate attempted but surface was below threshold. Proves diligence, not failure.

Full schema: app.certifywebcontent.com/json - API documentation: app.certifywebcontent.com/docs/evide-intake-schema/

Section 11
FEDIS - Legal Evidentiary Export

Closure artifacts stabilized by EVIDE are structured for independent verifiability outside the source system. For legal, compliance, and LegalTech contexts, EVIDE records may be exported and certified as forensically admissible digital evidence through the FEDIS workflow (Forensic Evidence Declaration and Integrity Statement).

FEDIS certification includes:

Signed forensic declaration under ISO/IEC 27037 - RFC 3161 qualified timestamp anchoring - Admissible under eIDAS and EU evidentiary frameworks - L3 (Forensic) anchoring layer in the HOE taxonomy (Human Oversight Event).

FEDIS does not alter the evidentiary object. It adds an independently verifiable forensic wrapper that gives the closure artifact international legal standing without modifying the underlying intake record or its hash.

The FEDIS layer structures the closure artifact as a forensic evidentiary package designed to support admissibility review under EU, US, UK, Canadian, and Australian evidentiary frameworks.

FEDIS documentation: EVIDE vs Execution Certification

EVIDE - External Evidentiary Deposit
EVIDE stabilizes the responsibility-bearing closure state once a finalized, attributable decision has reached closure - producing a portable, reconstruction-independent artifact that carries the accountable configuration forward beyond the originating system, so that later challenge and review answer to a fixed contemporaneous record rather than to the system's own retrospective account of what happened.
Application JSON Schema - v2.0 API Documentation Signals EVIDE vs Execution Certification v2.0 Roadmap Use Cases Evidentiary Registry

Dott. Emanuel Celano - Informatica in Azienda - info@informaticainazienda.it