The shift from governance to proof

When a regulator, court or insurer examines a disputed outcome the discussion narrows very quickly. Broad descriptions of governance stop mattering on their own. The focus shifts to one decision affecting one person at one point in time. What happened, who allowed it, what records existed before it occurred, what evidence shows the outcome actually took place and what basis permitted it at that moment.

Many organisations are less prepared for that shift than they appear. Their governance material is often designed to describe structures, responsibilities and oversight in general terms. Scrutiny increasingly works differently. Regulators, courts and insurers are becoming less interested in whether governance existed in broad principle and more interested in whether a specific outcome can actually be reconstructed from records and evidence that already exist.

Where the Shift Begins

It is a distinction matters because it changes the level at which examination takes place. Instead of reviewing governance as a general organisational condition, scrutiny is looking for one identifiable outcome affecting one identifiable person at one moment in time.

Recent regulatory activity is increasingly pointing in this direction. One of the clearest examples is the Italian data protection authority’s enforcement action against Luka Inc. concerning the Replika chatbot. The significance of this case is not simply that it involved artificial intelligence but that the regulator examined what actually happened in practice rather than accepting governance descriptions at face value.

The regulator focused on whether age verification mechanisms genuinely existed and operated during the relevant period. In practical terms, they were not asking whether the organisation claimed to care about age verification but whether the mechanism could be shown to have existed and functioned in reality at the time the relevant interactions occurred.

That distinction is important because governance language often describes intentions while enforcement examines events. A policy stating that controls should exist is not the same thing as evidence showing those controls operated in a specific case.

The closer scrutiny moves toward real outcomes and provable operation, the less protection broad governance language provides on its own.

Accountability Is Becoming Narrower and More Specific

A similar movement can be seen in financial regulation with the UK Financial Conduct Authority’s increasing focus on individual accountability under the Senior Managers and Certification Regime. The importance of this is frequently understated because it changes the practical nature of scrutiny. The regime does not treat accountability as something held abstractly by “the organisation” in general terms rather it attaches responsibility to named individuals holding defined authority.

The issue therefore becomes much narrower and much more concrete. The question is no longer whether governance processes existed around a system but whether a named person, or body, held the authority to permit the type of decision that occurred and at the time it occurred. Authority does not exist for accountability purposes merely because a process operated or because a system produced an output. Authority exists only where a person, or recognised body, can be shown to have held the power to permit that outcome in that case.

The EU AI Act moves in a related direction through its record-keeping and logging obligations for high-risk systems. The Act does not just ask organisations to publish principles or describe governance structures at a high level. It creates obligations around traceability, monitoring and the ability to examine system operation after the fact. While the legislation does not literally require reconstruction of every individual decision in every circumstance, the practical effect moves in a similar direction.

Traceability only becomes meaningful if specific outcomes can later be examined in a way that coherently connects decisions, authority, evidence and basis together.

This is where much governance language becomes unstable under scrutiny. Traceability is often described as though the existence of logs automatically creates accountability. In practice, logs only show activity. They do not necessarily show authority. They do not necessarily show whether the decision was permitted. They do not necessarily show whether the basis existed before the decision occurred.

Courts Are Also Moving Toward Stronger Evidential Expectations

The position within the courts is more uneven, but important changes are still visible. They are not suddenly reconstructing every administrative decision individually. However, recent decisions in the United States have reduced the extent to which agencies can rely on courts automatically accepting their interpretation of unclear laws. That creates greater pressure to justify actions through clearer reasoning, stronger records and a more demonstrable basis.

That matters because the shift is not toward courts reconstructing every decision in detail. The shift is toward courts becoming less willing to accept unsupported claims from institutions simply because those claims come from an official body. Agencies increasingly need to show why actions were justified, using clearer reasoning, stronger records and evidence that can actually be examined.

A similar pattern appears in the way courts look at the real-world effects of administrative decisions. Increasingly, agencies are expected to address how decisions affect actual people rather than relying only on broad statements about policy or authority. This is not a universal move toward intensive examination of every individual case. However, it does reflect growing attention to how specific decisions produce specific effects and whether those effects were properly considered and justified.

Technology is also changing evidential expectations. The increasing availability of video evidence has altered how some appellate courts examine disputed events because direct visual records can challenge or contradict written descriptions of what occurred. Research published in the Duke Law Journal has noted a substantial increase in judicial references to video evidence and a sharp rise in the use of video exhibits within appeals. In some cases, courts have examined video evidence themselves rather than relying entirely on how events were described by lower courts or institutions.

The broader significance is not limited to video itself. The more direct evidence exists, the weaker purely descriptive governance narratives become. Once an event can be replayed, reconstructed or directly examined, explanations alone carry less weight because scrutiny shifts away from description and toward demonstrable fact.

What This Actually Means

At the same time, the position should not be overstated. Courts still show substantial deference in many areas and some recent decisions continue to apply highly deferential standards that make certain forms of challenge extremely difficult. There is no universal legal movement toward intensive reconstruction of every challenged decision.

The stronger conclusion is narrower than that. The legal and regulatory environment is becoming less tolerant of accountability structures that cannot answer specific evidential questions about individual decisions. That movement is already visible in data protection enforcement, financial regulation and AI-related traceability obligations. The practical effect is that broad governance descriptions increasingly become insufficient once scrutiny narrows to one identifiable outcome.

An organisation may possess governance frameworks, oversight committees, principles and policies. None of those disappear. However, when a decision is challenged, examination increasingly compresses toward a much smaller set of questions centred on one real event. What happened, who allowed it, what record existed before the decision, what evidence shows the outcome occurred and what basis permitted it at that moment.

What This Means in Practice

The practical implication is not necessarily that organisations need more governance material. In many cases, they already possess policies, committees, oversight structures and reporting processes in large quantities rather it is whether those structures can support examination of one real decision after the fact.

That changes the point of attention. The issue becomes less about describing governance in general terms and more about whether specific outcomes can later be connected to identifiable authority, existing records, contemporaneous evidence and a demonstrable basis.

Many organisations appear structured around oversight of systems in general. Scrutiny, however, increasingly narrows toward reconstruction of individual events. That creates a different form of exposure.

A governance framework may exist while the evidential chain around a specific decision remains unclear. Authority may exist operationally without being fixed clearly enough in records to be demonstrated later. Logs may show activity without showing whether the activity was permitted. Explanations may exist without contemporaneous evidence showing what actually occurred at the time.

The practical pressure therefore shifts toward demonstrability rather than description. The central issue increasingly becomes whether one challenged decision can actually be shown from records and evidence that already exist.

References