Section 1
1. The Problem
Physical AI systems are entering public spaces faster than evidentiary frameworks are evolving. Humanoid robots, autonomous service robots, drones, and industrial systems increasingly interact with humans in uncontrolled environments - at public events, in shopping centers, hospitals, warehouses, and streets.
When an incident occurs, organizations typically preserve video footage, operator reports, telemetry logs, and maintenance records. But they often cannot independently demonstrate what the robot perceived, what state it reported itself to be in, what safety conditions were active, or what contextual assumptions were being inherited - at the exact moment before the event.
The regulatory window is closing. Regulatory obligations for many categories of high-risk AI systems begin entering into force from August 2026, while governance approaches for autonomous physical systems remain fragmented across jurisdictions. National guidelines on humanoid governance - including Shanghai's - remain largely voluntary. The normative gap between deployment velocity and accountability frameworks is a measurable risk.
Section 2
2. The G1 Incident - A Public Illustration
In 2026, a Unitree G1 humanoid robot executing a martial arts routine at a public event in China struck a child during a 360° sweep motion. The incident became widely shared. Most coverage described it as a robot "attacking" a child.
The footage, however, tells a more complex story - depending on which footage you watch.
Viral clip - compressed frame
Implied reading: robot attacks child
Wide-angle recording - full sequence
trajectory begins
↓
perimeter visible
↓
child enters zone
↓
impact
Implied reading: perimeter deployment failure
Same physical event. Two divergent reconstructions. Two opposite governance implications - one pointing toward the robot system, one pointing toward the deployment context.
Neither reconstruction is necessarily false. Each reconstruction inherits the limits of its observational window.
The divergence is not a question of manipulation or altered evidence. It is a direct consequence of observational frame selection. The video that circulated was technically accurate. It simply did not capture enough of the contextual structure to reconstruct the event at governance level.
Section 3
3. Observer-Dependent Reconstructability
Two observers can reconstruct the same physical event differently - not because one is lying, and not because evidence was altered, but because observational visibility differs. The frame of observation itself becomes part of the evidentiary condition.
This is particularly acute for physical AI incidents because the systems themselves generate sensor data continuously - but that data is internal, manufacturer-controlled, and not independently preserved at the moment of the event.
The question is not only
"what happened?"
The question is
"what did the system observe
when it happened?"
These are different evidentiary questions with different accountability implications.
The evidentiary claim is intentionally narrow.
Not what the system believed.
Not what the system perceived.
But what the system reported observing at the boundary moment.
This distinction preserves the forensic value of the deposit while avoiding evidentiary overclaim.
Section 4
4. The Missing Evidentiary Question
After a physical AI incident, post-event analysis typically addresses what the robot did. It rarely independently preserves what the robot reported at the moment of the event.
The missing evidentiary layer includes:
- -- What the robot perceived in its sensor environment at crossing-time
- -- What state the system reported itself to be in
- -- What obstacles or humans were within its detection range
- -- What safety conditions were active or inactive
- -- What contextual assumptions were being inherited from the deployment environment
These questions cannot be answered retrospectively from logs alone - especially when the logs are controlled by the robot manufacturer and reconstructed after the event.
Internal telemetry logs can be edited, overwritten, or selectively preserved. An independent evidentiary deposit created at the moment of the event - external to the manufacturer's systems - cannot be retroactively altered without invalidating the chain of custody.
Section 5
5. Why External Evidentiary Preservation Matters
After a physical AI incident, multiple parties have legitimate but potentially divergent interests in how the event is reconstructed. The robot manufacturer has an interest in demonstrating that the system functioned as designed. The deployment operator has an interest in demonstrating that safety protocols were followed. The insurer has an interest in establishing whether liability falls within or outside the covered scope.
None of these interests is illegitimate. But when the evidentiary record is held exclusively by one of these parties - typically the manufacturer, through internal telemetry logs - the independence of that record cannot be assumed by the others.
An external evidentiary deposit, created at the moment of the event and preserved outside any party's control, does not resolve these divergent interests. It provides a neutral substrate - independently timestamped, owner-attributed, tamper-evident - from which all parties can reconstruct the event without depending on any single party's post-hoc account.
Independence is not neutrality of content. The deposit records what the system reported - which may favor one interpretation or another. Independence means that record cannot be retroactively altered, selectively preserved, or reconstructed after the fact by any party with an interest in the outcome.
Section 6
6. What EVIDE Records
Using MCP integration, a physical AI system can submit a certified evidentiary deposit at critical moments - before, during, or at the boundary of a high-stakes event. The deposit is external, independently timestamped via RFC 3161, and not controlled by the robot manufacturer.
perimeter_violation_detected
unexpected_human_entry
obstacle_in_safety_zone
motion_continuity_active
emergency_stop_triggered
sensor_disagreement
confidence_degradation
pre_impact_state
visibility_partial
safety_zone_breach
operator_override_active
environment_classification
Note on signal labels. Signal labels shown above are illustrative examples of what a submitting system might report. EVIDE does not determine whether a perimeter violation occurred or whether any specific safety condition was breached. It records what the submitting system reported observing at the moment of deposit.
The goal is not to determine liability. The goal is to preserve reconstructability - independently, at the moment it matters, before any post-event interpretation has occurred.
Section 7
7. What EVIDE Does Not Certify
This distinction is architectural, not a disclaimer. EVIDE operates strictly within the evidentiary layer - observation, crystallization, reconstruction. It does not enter the territory of judgment, compliance determination, or liability attribution.
EVIDE certifies
- the system reported observing a specific state
- at a specific, independently verifiable timestamp
- under the accountability of a DAPI-verified owner
- with a tamper-evident chain of custody
EVIDE does not certify
- that the robot acted correctly
- that the deployment was compliant
- that the operator was negligent
- that the system was safe or unsafe
For robot manufacturers specifically. Integrating EVIDE does not imply that incidents are expected or that the system is unsafe. It provides an independent record of what the system observed - which, in most incident investigations, is precisely the evidence that demonstrates the system functioned as designed. In the G1 case, an EVIDE deposit at crossing-time would have independently documented whether the child entered the motion zone before or after the kinematic chain became uninterruptible. That is a manufacturer shield, not an admission of risk.
"This is what the system reported observing
at crossing-time."
Correct, incorrect, safe, unsafe - those determinations belong to the judge, the regulator, the insurer. EVIDE provides the independently preserved substrate from which those determinations can be made.
Section 8
8. Physical AI + MCP + EVIDE
Via the EVIDE MCP Server, any physical AI system with an agentic layer can connect to the EVIDE evidentiary infrastructure. The integration requires a DAPI-verified owner identity and an active EVIDE subscription - the robot itself does not hold the accountability; its human or organizational owner does.
1
Event detection
The robot's onboard system detects a boundary condition - perimeter breach, unexpected entry, confidence degradation, pre-impact proximity.
2
MCP escalation call
The agent layer calls evide_escalate via the EVIDE MCP Server, submitting the current sensor state, safety context, visibility conditions, and active execution state.
escalation_trigger: "governance_uncertainty"
agent_state_summary: "Unexpected human entry detected within active motion zone. Perimeter boundary condition at crossing-time."
unresolved_signals: ["human_proximity_detected", "motion_continuity_active"]
visibility_surface: "partial"
observer_state: "degraded"
3
Independent crystallization
EVIDE receives the deposit, applies RFC 3161 timestamping, computes the evidentiary profile including FCC continuity assessment, and returns a tamper-evident record with evide_id and intake_hash.
4
Persistent evidentiary anchor
The record survives independently of the robot's internal logs, the manufacturer's systems, and any subsequent software update or incident investigation. It is verifiable by any third party against the EVIDE public registry.
Non-blocking architecture. Physical AI safety systems operate on real-time control cycles measured in milliseconds. The evide_escalate call is designed to operate asynchronously - the robot writes the state observation to a local protected buffer and the MCP agent transmits the package for crystallization in parallel, without blocking or interfering with the physical execution cycle or any safety-critical function.
IP protection by architecture. EVIDE does not receive raw telemetry feeds, proprietary sensor data, model weights, or video streams. It receives state observations - abstract descriptions of what the system reported at a specific moment. Cryptographic hashing ensures the evidentiary integrity of the record without exposing the manufacturer's internal systems or intellectual property.
Section 9
9. Who It Serves
Three distinct stakeholders carry different accountability burdens after a physical AI incident. EVIDE addresses all three from a single independent evidentiary layer.
Robotics OEMs
Manufacturers
- --Independent proof the system functioned as designed
- --Defense against "autonomous malfunction" narratives
- --No IP exposure - state observations only
Deployment Operators
Event organizers, service operators
- --Documented compliance with safety perimeters
- --Independent record of environment conditions at event time
- --Separation of deployment responsibility from system responsibility
- --Named accountability via DAPI - the responsible engineer signs with their own verified identity, creating a personal evidentiary anchor that works both as protection and as a professional incentive for diligence
Insurers
Product liability, event liability
- --Tamper-evident record not controlled by any liable party
- --Reduces post-incident reconstruction disputes
- --RFC 3161 timestamping admissible in legal proceedings
On named accountability. When a company assigns a named engineer as responsible for a physical AI deployment and that person signs the evidentiary record with their own
DAPI-verified identity, the accountability is no longer abstract. It is personal, permanent, and independently verifiable. An engineer who knows their name is on the record works differently from one who operates behind an anonymous organizational process. DAPI does not create pressure - it creates clarity.
Section 10
10. System Categories
EVIDE for Physical AI is not limited to humanoid robots. The evidentiary layer applies to any autonomous physical system that makes decisions affecting human safety or organizational accountability.
🤖
Humanoid robots
Public demonstrations, event performance, hospitality, retail interaction. High exposure to uncontrolled crowd environments.
🦾
Cobots and industrial robots
Collaborative workspace environments where human-robot proximity is by design. Safety zone management is a continuous governance condition.
🚗
Autonomous ground vehicles - AGV / AMR
Logistics, last-mile delivery, warehouse automation. Incidents in shared spaces with pedestrian traffic.
🚁
Drones and aerial systems
Urban air mobility, inspection, delivery. Proximity incidents with infrastructure or people in uncontrolled airspace.
🏥
Medical and surgical robots
High-stakes decision boundaries where the evidentiary record of what the system observed is critical for regulatory review and liability determination.
Section 11
11. Future Direction
As physical AI enters public environments at scale, evidentiary reconstruction may become as important as operational safety itself. The two are not in competition - they are complementary layers of the same accountability structure.
The question regulators, insurers, and legal systems will increasingly ask is not only:
"What did the robot do?"
But increasingly:
"What did the robot report observing
when it did it?"
These are different questions. They require different infrastructure. EVIDE provides the second layer.
The EVIDE Physical AI use case is one of the first extensions of the EVIDE framework beyond documentary AI governance into the physical world. The same principles apply: observation, crystallization, reconstruction - strictly within the evidentiary boundary, not the judgment boundary.
This is not a logging tool. EVIDE for Physical AI is an agent-to-evidentiary accountability boundary - the layer that transforms what an autonomous physical system observed into independently verifiable, owner-attributed, timestamped evidentiary records that can survive regulatory review, legal dispute, or audit without requiring access to the manufacturer's internal systems.
What EVIDE is not
- -- a safety controller
- -- a collision avoidance system
- -- an emergency stop mechanism
- -- a robot governance engine
EVIDE operates after observation
and before reconstruction.
It does not intervene in physical execution. It preserves what was observed at the boundary - independently, before any party has had the opportunity to interpret it.
Any autonomous physical system.
One evidentiary accountability boundary.
evide_escalate - crystallize a physical boundary state
independently preserved, owner-attributed, tamper-evident.
"Physical AI introduces a new accountability question:
not only what happened,
but what the system reported observing when it happened."