
Introduction: A Safety Case That Protects Persons Without Converting Them into Proof
In the past, an institution could harm you by a human decision that was wrong, biased, lazy, or cruel, and yet the shape of that harm was usually legible as human fallibility. You could name the official. You could ask for the file. You could demand the reasons, and even when those reasons were thin, you were at least contesting something that had the grammar of an accountable act. In the automated and AI mediated institution, the same material harms occur, but their distinctive danger is not that they err, nor even that they discriminate, but that they close: they produce a settled outcome, backed by a record, backed by a workflow, backed by a language of inevitability, and they do so without a usable path for contradiction that a normal person can afford. What injures is not only the wrong decision; what injures is the conversion of disagreement into cost, the conversion of appeal into fatigue, and the conversion of uncertainty into a demand that the subject pay, repeatedly, in time, paperwork, humiliation, and exposure.
This book argues for a new institutional speech act: the Person Safety Case, or PSC. I call it a speech act deliberately, because the kind of work it must do is not exhausted by description, and it cannot be satisfied by sincerity. J. L. Austin showed that some utterances do not report facts but perform public commitments whose validity depends on conditions and whose failure can be diagnosed as misfire rather than mere falsity; an institution does something when it says something, and it can fail in ways that are structurally inspectable. A PSC is designed to perform a burden shift. It binds an institution to a set of claims about non harm, supported by auditable evidence objects and explicit invalidation conditions, such that the system can be safely contradicted at reasonable cost without requiring the person to become fully legible in order to receive fair treatment.
That last clause is the discipline of the entire volume. Many governance programs, including well intentioned ones, quietly treat the affected person as an evidence substrate. If we cannot measure a harm, the institution says, then we cannot be accountable for it; and if we cannot measure it, then the solution is to log more, infer more, retain more, and correlate more until the person is made readable enough to function as the proof plan. The PSC rejects that bargain. The institution must become legible enough to be audited and challenged, and yet the person must not be transformed into the collateral that makes the audit possible. The PSC is therefore a method for proving system behavior while refusing surveillance creep as the default accountability technique.
The book begins from a simple test of seriousness: page one tells you that PSC fails if it cannot survive two environments without demanding heroism from the subject. The first is public benefits eligibility and fraud detection, where error becomes deprivation and opt out is fiction. The second is credit and tenant screening, where inference becomes destiny through propagation and residue. These are not metaphors. They are the canonical stress tests because they fuse three properties that expose institutional moral weak points: high stakes, low exit, and record persistence. In these environments, a system that is “accurate on average” can still be structurally unsafe, because it can be contestable in theory and impossible to contest in life. In the United States, consumer reporting law recognizes, at least at the level of statutory design, that adverse decisions based on reports must be accompanied by notice and dispute pathways, including reinvestigation mechanisms; yet this same domain also demonstrates how formal rights can exist while effective contestability collapses under process, delay, opacity, and vendor fragmentation. The PSC does not pretend that law is absent. It insists that legality is not the same as person safety, and it builds a structure for demonstrating the latter without hiding behind the former.
Why borrow the term “safety case” at all. Because high hazard industries already know something that sociotechnical institutions have avoided admitting: if the consequences are severe, you do not satisfy legitimacy by pointing to internal good intentions, nor by listing controls, nor by showing compliance artifacts that are easy to generate and hard to falsify. You satisfy legitimacy by shouldering a burden of proof in a structured argument, supported by evidence, and organized around identifiable failure modes. The United Kingdom’s Health and Safety Executive makes explicit, in its statement of regulatory decision making, that safety management is a matter of demonstrating how risks are controlled so far as is reasonably practicable, and that such demonstrations depend on explicit judgments that can be scrutinized rather than on vague assurances. Assurance case practice, whether in defense standards or in contemporary regulatory guidance for AI governance, converges on the same grammar: claims, arguments, evidence, and conditions of inadequacy. The PSC adapts that grammar to the moral reality of automated institutions while refusing a naive importation that would turn sociotechnical life into a checklist theater. It is not “safety case for models.” It is safety case for persons.
The distinction matters because the institution’s most convenient error is categorical: it treats “model safety” as if it were the relevant object of moral proof. Model safety asks whether a model behaves robustly under distribution shift, whether outputs are toxic, whether accuracy is acceptable, whether security controls are in place, whether the lifecycle is managed. Those questions are real, and frameworks such as NIST’s AI Risk Management Framework exist precisely to organize them as socio technical risks rather than as isolated technical metrics. The PSC does not deny that work. It says it is insufficient. Person safety is a composite property that can be violated even when every model artifact looks mature. A system can be calibrated and still unchallengeable. It can be fair in a statistical sense and still punish dissent through process. It can be secure and still launder responsibility through vendor chains. It can be transparent in the marketing sense and still deny custody for reasons, meaning that the decision is dressed in words while the grounds remain inaccessible. The PSC therefore orients governance around a different center of gravity: contestability at reasonable cost outranks accuracy, because in high stakes domains a system that cannot be safely contradicted is not accountable.
The phrase “reasonable cost” is not rhetorical softening; it is an engineering specification for the human interface of institutional power. People who build systems already budget latency, throughput, and error budgets because those are the variables that determine whether a service exists as usable infrastructure or as a nominal offering. The PSC introduces the analogous discipline for contestation. It treats the ability to contest as a service level, not a policy aspiration. It treats time, procedural complexity, retaliation risk, cognitive burden, and physiological cost as measurable dimensions that can be designed, tested, and audited. This is where the psychology of procedural justice becomes more than academic garnish. Thibaut and Walker showed that perceived fairness is deeply linked to procedure, not only to outcome, and that people evaluate legitimacy through whether they have voice in the process, not only through whether the result is favorable. Tyler’s subsequent work makes the political implication explicit: legitimacy is sustained when authority is experienced as procedurally fair, and obedience is not reducible to fear of punishment. In automated institutions, we have engineered the inverse: a procedural environment in which the subject’s voice is turned into an input to be mined, rather than a standing to be respected. The PSC makes voice operational again, but under strict non capture constraints.
To see what “non capture” must mean, consider the trap that contemporary systems set for themselves. They are asked to be accountable, and they respond by expanding logging, expanding identity resolution, expanding retention, expanding downstream sharing, and expanding inference, because those expansions make internal investigation easier. They also make the person more trackable, more scoreable, and more permanently classifiable. The PSC refuses accountability by surveillance as the default. It does not prohibit evidence. It re classifies what counts as good evidence. An evidence object in a PSC is not a glossy narrative or a fairness dashboard that cannot be interrogated; it is an auditable artifact that demonstrates system behavior rather than institutional sincerity, and that can be used to falsify the institution’s claims without forcing the subject to disclose more of themselves than the decision ethically warrants. This is why the PSC is built around evidence objects and invalidation conditions rather than around promises and principles. A PSC that cannot be contradicted is not a PSC; it is marketing.
At this point an objection often appears, and it must be met cleanly. “Proving non harm” sounds like an impossible demand, and impossible demands become performative compliance: institutions generate paperwork that simulates proof while quietly treating the moral task as unbounded. The PSC is designed to avoid both extremes: it rejects the fantasy of absolute non harm, and it rejects the cynicism that reduces governance to residual risk rhetoric. The way out is structural: the PSC does not claim omniscience; it claims boundedness. It requires explicit unknowns, explicit thresholds for acceptable uncertainty, and explicit procedures for contradiction, rollback, and discontinuation. It makes irreversibility the governing variable because harm in automated institutions is often a function of propagation: a decision becomes a record, the record becomes a feature, the feature becomes a score, the score becomes a gate, and the gate becomes a life trajectory. This is why Part I of the book names irreversibility debt, the moral interest institutions accrue when they allow low confidence inferences to harden into high persistence residue. You can compensate a wrong transaction; you cannot easily compensate a wrong identity.
The PSC is therefore a method for converting moral language into a falsifiable institutional posture. It forces the institution to carry the cost of its own uncertainty rather than pushing that cost outward onto the subject as exhaustion, professionalized dispute, and implied assent. It does this by binding claims to evidence objects and by making invalidation explicit. The institution does not get to say “we are fair”; it must say what bounded inference means in its domain, what bounded escalation means, what bounded penalty means, and what bounded irreversibility means, and it must provide evidence objects that allow an auditor and an affected person to test those claims. It must also state the conditions under which the PSC fails, including the condition that matters most for democratic legitimacy: if the system cannot be safely contradicted at reasonable cost, it is not accountable.
This is also why the PSC is designed for adoption rather than for contemplation. A book that only diagnoses will be applauded and ignored. The PSC is an implementable standard that remains recognizably moral because it is engineered to preserve personhood against the institution’s appetite for legibility. You should be able to use it as an engineer building a workflow, as a leader approving deployment, as an auditor testing production conduct, as a regulator citing deficiencies, and as an affected person learning what you are owed and how to contest. That breadth is not a marketing ambition; it is a safety requirement. Systems fail in practice because responsibility is diluted across roles, and diluted responsibility is where harms become “nobody’s fault.” The PSC is built to re concentrate responsibility into a claim set that can be owned, challenged, and revoked.
The remaining chapters do not ask you to believe. They ask you to implement. Part I establishes the burden shift and defines PSC as a binding claim set that must be contradictable. Part II builds the primitives that make contradiction real, including contestability budgets, custody for reasons, verifiable withdrawal and residue semantics, conduct invariants near vulnerability, tempo controls as coercion prevention, and pre committed remediation through redress, rollback, and discontinuation. Part III assumes adversarial reality. It enumerates how institutions will cheat and how the PSC exposes those evasions, and it translates PSC into adoption levers such as procurement clauses, vendor obligations, audit access pathways, and revision governance. The appendices carry the payload: PSC 1.0 normative specification language, templates, proof without capture patterns, and two worked PSCs end to end for the stress tests that govern the book.
One final orientation belongs here, because without it the entire enterprise will be misunderstood. The PSC is not a demand for perfect systems; it is a demand for systems that can be contradicted without sacrificing the subject. The moral bar is not omniscience. The moral bar is whether the institution has engineered a low cost path for correction, has bounded the ways it can persist and propagate harm, and has pre committed to redress when it fails. That is what ethical legitimacy means under automation: not that the institution claims righteousness, but that it can be made wrong without making the person pay.
End of Introduction: PSC 1.0 Additions
PSC claim added or sharpened. A sociotechnical system that materially affects access to necessities or life chances is ethically illegitimate unless it can be safely contradicted at reasonable cost through a published Person Safety Case whose claims are falsifiable.
Evidence object introduced or refined. The PSC Index of Claims and Invalidation Conditions, a front matter evidence object that enumerates each binding claim, the evidence objects that support it, and the specific conditions under which the PSC is deemed invalid.
Invalidation condition enabled. The PSC is invalid if contradiction requires disproportionate personal legibility, including generalized expansion of personal logging or identity resolution as the primary route to accountability, rather than auditable evidence of system behavior.
Chapter 1. Closure Without Contradiction
The harm pattern this book names first is not error, even though error is often where public arguments begin; the harm pattern is closure, the moment a decision hardens into an institutional fact while the affected person lacks a safe, comprehensible, low cost way to contradict it. In sociotechnical institutions, closure is not simply a terminal state in a workflow; it is a design outcome in which authority achieves its preferred property, namely finality, by routing the cost of uncertainty outward into the subject’s life, time, body, and future options. That outward routing is frequently lawful on paper and still illegitimate in practice, because the institution can claim that contest existed while ensuring that contest was unusable at the very moment it mattered most.
The two stress tests the reader is owed from page one are not case studies chosen for vividness; they are environments engineered, by policy and by market structure, to make exit fictional. Public benefits eligibility and fraud detection is the first environment because deprivation is the unit of error and the person cannot opt out of being evaluated without losing the means to live, a fact American due process doctrine has treated as morally salient for decades (Goldberg 264). Credit and tenant screening is the second environment because inference becomes destiny through propagation and residue: one denial becomes a hardening record that future landlords, employers, insurers, and credit grantors can consume at machine speed, producing a life that is increasingly governed by the persistence of yesterday’s score rather than today’s reality, a concern that is not speculative but already embedded in the rights architecture of consumer reporting law (15 U.S.C. § 1681i; 15 U.S.C. § 1681m).
What, then, is “closure without contradiction” in operational terms. It is a decision that triggers penalty, deprivation, or exclusion while the subject’s route to challenge requires professionalization, sustained attention, repeated disclosure, or toleration of retaliation, and while the institution retains the ability to say, in a future audit or lawsuit, that an appeal channel existed. The device is not always malice. It can be procurement indifference, a mismatch between statutory timelines and housing market tempo, or a leadership doctrine that treats operational throughput as inherently virtuous. The book’s claim is that this device must be treated as a safety defect, because closure without contradiction is the mechanism by which harm becomes durable. A wrong decision that is reversible is a serious event. A wrong decision that is practically irreversible becomes, in effect, a new form of governance.
Due process law already gives us a vocabulary for why closure is dangerous, even if it does not give us a modern engineering method. In Goldberg v. Kelly, the Court grounded the procedural requirement of a pre termination hearing in the stakes of welfare deprivation, emphasizing that such benefits are not a discretionary convenience but the means by which recipients live; the core point is that when the stakes are existential, procedure is not bureaucratic ornament but a condition of legitimacy (Goldberg 264). In Mathews v. Eldridge, the Court supplied a balancing structure that has since become canonical, requiring attention to the private interest affected, the risk of erroneous deprivation and the probable value of additional safeguards, and the government’s interest including fiscal and administrative burdens (Mathews 335). The PSC does not import these doctrines as a compliance checklist. It imports the moral geometry they encode: institutional authority is not legitimate simply because it is administratively efficient, and safeguards are not optional add ons when the risk of error and the cost of that error are borne by those least able to absorb them.
The contemporary failure is that institutions increasingly satisfy the appearance of process while destroying its usability. The institution issues notice that is formally adequate and practically unreadable. It offers an appeal that exists and is not reachable. It sets deadlines that are short when the person must respond and long when the institution must correct. It demands that the subject reconstruct hidden workflows, vendor chains, and data provenance in order to contradict a conclusion that the institution itself produced. It accelerates tempo at the moment consent, waiver, or concession would be most valuable to the institution, and then describes the resulting compliance as voluntary. The result is closure.
Michigan’s MiDAS unemployment fraud system is a vivid, already litigated instance of closure without contradiction because it shows the entire machinery: algorithmic determination, high stakes penalty, and contest that exists but is structurally unusable. In Cahoo v. SAS Analytics Inc., the Sixth Circuit described how MiDAS automatically adjudicated fraud, imposed severe penalties, and routed the burden outward, including through mechanisms like automated questionnaires that demanded rapid response and through the system’s practical inaccessibility for many claimants, some of whom did not learn of determinations until the time for appeal had expired (Cahoo 891–92). What matters for our purposes is not the particular vendor or state agency. What matters is the structural pattern: automated closure can be achieved at scale, but contradiction cannot, and so the institution externalizes its uncertainty as deprivation, collections, and reputational residue, while maintaining the legal fiction that contest existed.
Tenant screening exhibits the same pattern under a different legal costume. The Fair Credit Reporting Act grants a right to dispute inaccurate information and requires reinvestigation within prescribed time windows, typically thirty days, with limited extensions and exceptions (15 U.S.C. § 1681i(a)(1)(A); “Tenant Background Checks and Your Rights” 3). It also requires that when adverse action is taken based on a consumer report, the person must receive notice including the identity and contact information of the reporting agency and the person’s rights (15 U.S.C. § 1681m(a); “Tenant Background Checks and Your Rights” 2). Yet in rental markets where a unit is allocated quickly and alternatives are scarce, a thirty day reinvestigation window frequently means that the “right” to correction is temporally misaligned with the lived reality of exclusion. The law supplies contest; the market supplies closure.
The recent federal enforcement action against TransUnion’s tenant screening products makes the institutional cheating space legible by documenting how the appearance of compliance can coexist with the manufacture of practical non contestability. The FTC and CFPB’s complaint alleged, among other things, failures in reasonable procedures to assure accuracy and failures tied to dispute handling and transparency obligations in tenant screening contexts, describing a system that produced adverse outcomes for consumers seeking housing (“Complaint” 6–10). The stipulated order binds remedies that implicitly concede the core problem: when the system’s outputs govern access to housing, inaccurate closure is not a minor defect, and dispute mechanisms must be treated as safety controls rather than customer service (“Stipulated Order” 5–18). The press release accompanying the settlement underscores what the PSC will later formalize: you cannot claim consumer protection while hiding sources, degrading dispute usability, and then treating the resulting denials as if they were purely the market’s judgment (FTC and CFPB).
Across both stress tests, the appeal channel is often described as the antidote to harm. “There is an appeal” becomes the phrase that absolves system design from the duty to be contestable. This is the precise point where the PSC begins its burden shift. An appeal that exists only as a formal right is not a safety control. A safety control is an engineered capacity that functions under realistic conditions, including fatigue, fear, poverty, disability, language barriers, and the ordinary constraints of daily life. The institution must therefore be forced to specify, ex ante, what contradiction will cost the person, and must be forced to prove that the cost is reasonable given the stakes and the irreversibility of the decision.
This is why this chapter introduces “contestability at reasonable cost” as a threshold that outranks accuracy. Accuracy is necessary and insufficient because it cannot be demonstrated in any ethically legitimate way when the system’s claims are non falsifiable for the subject. If the person cannot safely contradict the system, the institution has no disciplined way to learn from its own error in the one place error is most morally salient, namely in the individual life it governs. Moreover, accuracy can be optimized by designing systems that suppress contest, because contests slow throughput and generate accountability records. If accuracy is the primary metric, the institution can win by optimizing the wrong thing. If contestability at reasonable cost is the primary threshold, then accuracy must be pursued under the constraint that contradiction remains possible.
Reasonable cost, as a safety concept, must be defined across at least four dimensions because institutions routinely make recourse “free” in money while pricing it in the other currencies that actually govern human life. First, time: how quickly a person can initiate contest, how quickly a human decision maker can be reached, and how quickly an interim protection is granted when the consequence is deprivation or exclusion. Second, procedural complexity: how many steps, how many distinct channels, how many documents, how much specialized literacy, and whether the process implicitly requires legal counsel or professional advocates. Third, retaliation risk: whether the person can contest without increasing the probability of investigation escalation, blacklisting, “case note” stigma, or future adverse action. Fourth, physiological and psychological burden: whether the contest pathway demands sustained attention under conditions of threat, uncertainty, and scarcity that reliably produce stress, perseveration, and depleted executive function, a dynamic documented in stress research on prolonged cognitive activation and its bodily costs (Brosschot, Gerin, and Thayer 113–24). The point is not to moralize vulnerability. The point is to force institutions to treat human limits as design constraints rather than as silent sources of compliance.
At this stage the reader might object that institutions need closure. Benefits programs cannot function if every decision remains perpetually open. Fraud detection cannot be made harmless by endless delay. Landlords cannot hold units indefinitely while disputes run their course. These objections are serious, and the PSC does not answer them with sentiment. It answers them with a new institutional obligation: if the institution demands closure for operational reasons, it must accept the reciprocal burden of making contradiction cheap, safe, and time coherent. The institution may still act. It may still deny. It may still terminate. But it must carry the cost of its own uncertainty by building recourse service levels, interim protections, and reason giving practices that make error reversible without demanding heroism from the subject.
This is the conceptual function of the Contestability Budget, introduced here and operationalized later. A Contestability Budget is not an aspiration and not a customer promise. It is a binding declaration attached to a decision class, specifying the maximum reasonable cost, across time and complexity and burden, that an affected person will be required to pay to contradict that decision, together with the minimum service levels the institution commits to provide. In a benefits context, this includes response windows that do not rely on constant connectivity, accessible channels that are not single points of failure, and interim protections when deprivation is imminent, aligning with the due process insight that the value of additional safeguards must be weighed against the risk and stakes of erroneous deprivation (Mathews 335). In a tenant screening context, this includes a contest pathway that is temporally aligned with the housing allocation window, meaning the institution must either slow the decision at high stakes moments or provide immediate provisional remedies, because a thirty day reinvestigation right is structurally insufficient if the housing opportunity evaporates long before the correction arrives (15 U.S.C. § 1681i(a)(1)(A); “Tenant Background Checks and Your Rights” 3).
Minimum service levels for recourse are the first place the PSC refuses institutional theater. Service levels mean that recourse must be measurable and audited: time to reach a competent reviewer, time to receive a reasoned response, time to correct records, and time to obtain temporary stabilization when the consequence is irreversible. They also mean that independence is not optional: the reviewer must be structurally separated from the incentives that produced the closure in the first place. A system that routes appeals to the same unit that generated the decision without independence, without reason custody, and without time guarantees is a system that has created a ritual of contradiction rather than a capability of contradiction. MiDAS illustrates the endpoint of the ritual: automated determinations at scale and practical non access to timely contest, producing harm that later had to be resolved through extraordinary external intervention rather than ordinary internal safety controls (Cahoo 891–92). TransUnion’s tenant screening enforcement illustrates the other endpoint: a consumer reporting ecosystem that can claim the existence of rights while producing disputes and transparency failures that regulators later treat as unlawful because the rights are not made real in practice (“Complaint” 6–10; “Stipulated Order” 5–18).
The chapter therefore ends with the book’s first invalidation rule, because PSC is not a moral philosophy; it is a burden shifting instrument designed to be contradicted. The rule is simple and non negotiable: if a system cannot be safely contradicted at reasonable cost, it is not accountable, regardless of its accuracy claims, its fairness rhetoric, or its governance paperwork. This invalidation rule is intentionally harsh because institutions reliably choose what is easy to measure, and contestability is only easy to measure once it is forced into the open as an explicit commitment.
The deeper reason this rule matters is that contradiction is not an add on right appended after the model ships; it is the condition under which a person remains a person in the face of institutional inference. Without contradiction, the subject becomes the object of an administrative story that cannot be interrupted. With contradiction, the institution is forced to remain responsive to reality rather than merely consistent with its own outputs. Contestability is therefore not only a procedural property. It is an ontological safeguard: it prevents the institution from converting an inference into a fate.
End of Chapter 1. What This Chapter Adds to PSC 1.0
PSC claim added or sharpened. For any decision class that can impose deprivation, exclusion, penalty, or durable record effects, the institution must demonstrate contestability at reasonable cost, and that threshold governs the legitimacy of the decision even when model level accuracy is high (Goldberg 264; Mathews 335).
Evidence object introduced or refined. The Contestability Budget as a binding, auditable declaration that specifies recourse service levels and the maximum reasonable cost of contradiction across time, procedural complexity, retaliation exposure, and physiological burden, accompanied by measurable service level evidence in the operational record (15 U.S.C. § 1681i(a)(1)(A); “Tenant Background Checks and Your Rights” 2–3).
Invalidation condition enabled. Closure Without Contradiction Invalidation Rule: a PSC is invalid if the system’s contest pathway is not safely usable under realistic conditions, meaning the institution cannot show that contradiction is achievable at reasonable cost without requiring heroism, professionalization, or expanded personal capture, even if formal appeal rights exist (Cahoo 891–92; 15 U.S.C. § 1681m(a)).
Chapter 2. Person Safety Is Not Model Safety
If Chapter 1 named the central harm pattern as closure without contradiction, then Chapter 2 must name the error that allows that pattern to masquerade as responsible governance: we keep treating “model safety” as though it were a proxy for “person safety,” and we keep rewarding institutions for proving properties of artifacts rather than proving conditions of life for the people those artifacts touch. That substitution is not a semantic quibble. It is the reason an institution can pass every internal review, publish a glossy documentation package, and still produce a world in which the subject bears the cost of the institution’s uncertainty through deprivation, delay, and procedural exhaustion.
Model safety is a property of an engineered component under a defined set of testing assumptions. It asks whether a model is robust, reliable, secure, and performant within an intended domain, whether it behaves as described, and whether known risks have been mitigated to some tolerable level. Person safety is not reducible to any of that, because it is a composite property of a sociotechnical relation: the system plus the institution that operationalizes it, the documentary substrate that gives it authority, the tempo and coercion environment that shapes assent, and the redress pathway that determines whether contradiction is real or ceremonial. You can “prove” a model is safe in the sense of being stable, well evaluated, and operationally controlled, and still build a pipeline that makes a person unsafe by making them unappealable, unerasable, or permanently stained.
This is not an argument against technical rigor. It is an argument for a different target. The NIST AI Risk Management Framework, for example, explicitly frames AI risk as the probability and magnitude of negative impacts, and it stresses that harms can be experienced by individuals, groups, communities, and society at large. It also enumerates “characteristics of trustworthy AI systems” that include being valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy enhanced, and fair with harmful biases managed. (National Institute of Standards and Technology, Artificial Intelligence Risk Management Framework (AI RMF 1.0) 3–4). The problem is not that this framing is wrong. The problem is that it is institutionally satisfiable without ever forcing an institution to prove that a person can contradict a decision at reasonable cost, that records will not outlive reasons, or that the system’s persuasive surface will not convert fatigue into assent. In other words, the problem is that “trustworthy AI” often remains a property of the institution’s narrative about itself rather than a binding set of constraints on how power can touch a person.
The European Union’s AI Act makes the same distinction visible from another angle. It requires organizational controls for high risk systems, including deployer obligations such as assigning human oversight to competent natural persons, monitoring operation, reporting serious incidents, and keeping logs automatically generated by the high risk system for an appropriate period of at least six months, subject to applicable data protection law (European Union, Regulation (EU) 2024/1689 art. 26). These are serious governance requirements, and they are closer to institutional reality than many voluntary frameworks. Yet even here, compliance can coexist with person level unsafety. A system can have human oversight and logs and still operate as a closure machine if contestability is unaffordable, if explanations are pseudo explanations, if withdrawal is nonverifiable, or if adverse decisions propagate into third party records faster than a person can even learn what happened. Person safety is the discipline of binding those dynamics, not merely documenting them.
The six bounds of person safety
To make that binding discipline operational, PSC treats person safety as a composite property with six bounds: bounded inference, bounded retention, bounded escalation, bounded persuasion, bounded penalty, and bounded irreversibility. These bounds are designed to be auditable in production, contestable by affected persons, and enforceable as invalidation conditions. They are not aspirational values. They are constraints on how an institution may convert uncertainty into action.
Bounded inference is the rule that inference must be limited to what is necessary for the decision’s legitimate purpose, and that the institution must be able to show where inference stops. It is not enough to say that a model uses a “reasonable” set of features; the PSC must force a claim about inference scope, including what categories of data are excluded, what proxy classes are treated as disallowed, and what inferential leaps are prohibited because they create status from correlation. Here the PSC aligns with the logic of data minimization and purpose discipline found in data protection law, where processing should be “adequate, relevant and limited to what is necessary,” and personal data should not be kept longer than necessary for the purposes for which it is processed (European Union, Regulation (EU) 2016/679 art. 5(1)(c), 5(1)(e)). But PSC goes further than compliance by requiring that inference boundaries be contestable: a person must be able to learn, in meaningful form, what kinds of inferences were permitted and which were structurally disallowed, without having to reveal more of themselves in order to ask the question.
Bounded retention is the rule that the system’s memory must be proportionate, partitioned, and time bound, and that the institution must be able to prove what remains and why. This is not a simplistic deletion fantasy. Some residue must remain for justice, for fraud prevention, for safety auditing, and for contestability itself. The AI Act’s log retention requirement for high risk systems is instructive precisely because it is double edged: logs are a safety primitive, but logs are also a capture primitive if they become a pretext for generalized personal surveillance (European Union, Regulation (EU) 2024/1689 art. 26(6)). The PSC therefore treats retention as a bounded, classed, and justified practice rather than an unstructured “keep everything” default. The institution must be able to produce a retention claim that maps each residue class to a necessity argument, a maximum duration, and a withdrawal semantics statement, anticipating Chapter 7.
Bounded escalation is the rule that adverse pathways must not widen automatically, and that escalation must be governed by explicit thresholds, competent review, and nonretaliatory process. Escalation is where sociotechnical systems become punitive without ever admitting they are punitive. In benefits eligibility, escalation looks like a low confidence anomaly score quietly becoming a case referral, then a suspension, then a recovery action, then a cross agency flag, all while the subject is told that “an automated system detected inconsistencies.” In credit and tenant screening, escalation looks like one score shaping another, one denial feeding an adverse record, and the adverse record raising the price of basic shelter. Model safety does not, by itself, constrain this widening. Person safety does, by forcing an escalation bound: what triggers escalation, what evidence object supports it, who can stop it, and what is the maximum downstream propagation allowed before a human review with authority to reverse is required.
Bounded persuasion is the rule that interfaces and communications must not manipulate persons into surrendering rights, consenting to surveillance, or accepting irreversible outcomes through cognitive exploitation. This is not a moral claim against persuasion in general. It is a safety claim about coercive design in high stakes institutional contexts, where the subject often cannot opt out without losing access to basic needs. The Federal Trade Commission’s staff report Bringing Dark Patterns to Light is a primary description of the mechanism: design practices that “trick or manipulate users into making choices they would not otherwise have made,” often by exploiting cognitive biases, hiding information, and making cancellation or refusal labyrinthine (Federal Trade Commission, Bringing Dark Patterns to Light 1–2). Person safety therefore treats persuasive surface area as a bounded domain, especially near vulnerability and irreversibility. If the institution’s compliance strategy depends on exhausting the person into assent, then person safety has already failed, no matter how accurate the model is.
Bounded penalty is the rule that adverse consequences must be proportionate, reversible where possible, and decoupled from uncertainty. A central pathology of automated institutions is that uncertainty is externalized onto the subject as penalty: if the system cannot resolve an identity, it suspends; if it cannot reconcile a document, it denies; if a score is low confidence, it still becomes the basis for a high consequence act because the institution prefers false negatives against the subject to operational inconvenience for itself. Person safety requires the reverse: when uncertainty is high, penalties must narrow, and the institution must absorb the cost of verification rather than pushing it onto the person as deprivation. This is the burden shift in its most concrete form.
Bounded irreversibility is the rule that some decisions should not be allowed to become permanent faster than they can be contradicted. Irreversibility is not only the moment of denial. It is the propagation of the denial into records, the export of the score into vendor systems, the memo that becomes a human note, the flag that becomes a future default. Once the residue spreads, reversal becomes formal rather than real. This is why the PSC introduces irreversibility classes as a control surface for tempo, discontinuation, and rollback. It is also why the PSC introduces a new accounting concept: irreversibility debt.
Irreversibility debt
Irreversibility debt names the moral interest an institution accrues when its decisions propagate into records that outlive the reasons that produced them. The “debt” is not metaphorical; it is an operational liability that compounds. Every time an institution allows a low confidence inference to harden into a durable record, it borrows legitimacy from the future while making future contradiction more expensive. Every time it exports an adverse signal to a third party without a synchronized rollback mechanism, it creates a situation where the person must fight across multiple bureaucracies to restore a life the institution damaged in one automated breath. That compounding is the reason contestability cannot be treated as a customer service feature; it is a safety control that prevents the accumulation of irreversible residue.
Here GDPR’s logic of storage limitation is suggestive but insufficient. GDPR requires that personal data be kept in a form permitting identification “for no longer than is necessary” for the purposes of processing, allowing longer storage only under defined conditions such as archiving in the public interest with appropriate safeguards (European Union, Regulation (EU) 2016/679 art. 5(1)(e)). This is a discipline of time bound legitimacy. PSC adopts the spirit but shifts the burden: the institution must treat irreversibility as a classed hazard, and it must prove how it prevents hazards from becoming permanent before they can be contradicted.
To make this implementable, PSC 1.0 will use an irreversibility taxonomy with classes that are defined by the practical possibility of restoration, not by the institution’s formal ability to say “we can reconsider.” A workable starting point is as follows, stated without pretending these are the final words. Class 0 irreversibility covers outcomes that are reversible with immediate restoration and no downstream propagation, such as a transient user interface error that does not alter any durable record. Class 1 covers outcomes that are reversible with restoration but impose nontrivial friction, such as a temporary hold that can be lifted but requires multi step verification. Class 2 covers outcomes that are theoretically reversible but practically costly because records have propagated to multiple internal systems, requiring coordinated rollback. Class 3 covers outcomes that are practically irreversible for most people because they have propagated into third party records, because timelines are long, because the opportunity window closes, or because the remedy is reputational rather than transactional. Class 4 covers outcomes whose irreversibility is structural, such as decisions that permanently reshape a person’s access to housing, credit, or public benefits in ways that cannot be fully restored even after correction, because lost time, lost opportunity, and downstream stigma cannot be repaid.
The PSC point is not to win a taxonomy argument. The PSC point is to force a binding claim: if an outcome is Class 3 or Class 4, the institution must use tempo controls, conduct invariants, and precommitted redress protocols strong enough to prevent irreversibility debt from becoming the system’s hidden business model.
Why conventional governance artifacts can still permit person unsafety
The modern institution already has a thriving ecosystem of governance artifacts: model cards, impact assessments, checklists, standards mappings, vendor questionnaires, and compliance binders. Some of these are genuine advances. Model Cards, for example, were proposed as documentation to increase transparency into how well AI technology works, and the paper explicitly points to serious impact domains such as health care, employment, education, and law enforcement as contexts where documentation gaps are especially problematic (Mitchell et al. 1). PSC does not reject this work; it uses it as evidence for a sharper claim: transparency about model performance does not, by itself, guarantee person safety, because performance transparency can coexist with unbounded inference, unbounded retention, coercive tempo, and unusable recourse.
A similar pattern appears in rights oriented governance proposals. The Blueprint for an AI Bill of Rights articulates five principles that should guide the design and deployment of automated systems, including Safe and Effective Systems, Algorithmic Discrimination Protections, Data Privacy, Notice and Explanation, and Human Alternatives, Consideration, and Fallback, and it explicitly situates these principles wherever automated systems can meaningfully impact rights, opportunities, or access to critical needs (The White House Office of Science and Technology Policy, Blueprint for an AI Bill of Rights 2–3). This is a morally serious document, and it is directly aligned with PSC’s insistence that progress must not come at the price of civil rights. Yet as long as the institution can treat these principles as guidance rather than as a contradictable claim set, it can comply in form while maintaining closure in practice. “Notice and explanation” can become content that is technically present but functionally empty. “Human alternatives” can become a phone line that is unreachable. “Safe and effective” can be interpreted as “the model meets our accuracy threshold,” while the person is trapped inside a process that cannot be navigated without professionalization.
Even where law provides explicit safeguards, person safety can fail when the safeguards are not usable. GDPR’s Article 22, for example, creates a general rule that a person has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them, subject to enumerated exceptions. It also requires that, in relevant cases, the controller implement suitable measures to safeguard the data subject’s rights, including at minimum the right to obtain human intervention, to express one’s point of view, and to contest the decision (European Union, Regulation (EU) 2016/679 art. 22(1), 22(3)). These are contestability primitives in legal form. The PSC argument is that legal form is not enough: if the cost to exercise these rights is unreasonable, if the person must repeatedly disclose sensitive information to prove their own safety, or if the system’s tempo converts delays into deprivation, then the institution has preserved the appearance of rights while violating the substance of person safety.
This is why PSC refuses the substitution of model safety for person safety. Model safety is necessary. It is not sufficient, and it is not the right unit of proof for institutional legitimacy. Person safety is the right unit because it forces the institution to prove not only that a component behaves, but that the institution does not turn the person into the evidence substrate for its own accountability.
PSC 1.0 delta for this chapter: the Person Safety Bounds schema and irreversibility classes
PSC 1.0 must now acquire a formal schema that can be inserted into any safety case and audited without interpretive license. The schema introduced here is the Person Safety Bounds section, which requires a deployer and provider to make explicit, testable claims about each of the six bounds, supported by evidence objects, and accompanied by invalidation conditions. This section is also where the irreversibility class taxonomy is declared for the system’s decision types, because tempo controls and discontinuation thresholds in later chapters depend on it. Without this schema, “person safety” remains a moral aspiration that can be satisfied by rhetoric.
In PSC 1.0, the core discipline is therefore simple and severe: if the institution cannot state where inference stops, what residue persists, how escalation is bounded, how persuasion is constrained, how penalties are coupled to confidence, and how irreversibility is prevented from outpacing contradiction, then the institution does not yet have a person safety case. It has documentation.
Chapter close: what this chapter adds to PSC 1.0
The PSC claim added or sharpened is that a system is illegitimate unless person safety can be demonstrated as bounded inference, bounded retention, bounded escalation, bounded persuasion, bounded penalty, and bounded irreversibility, with irreversibility classified by practical restorability rather than formal reconsideration. The evidence object introduced or refined is the Person Safety Bounds Statement, a structured claim set with bound specific metrics, supporting artifacts, and test cases that can be run in production and audited externally. The invalidation condition enabled is that any system whose operation exhibits unbounded inference, retention, escalation, persuasion, penalty, or irreversibility in the covered decision domain fails PSC, even if model level safety documentation is complete and even if formal rights exist in theory but are not usable in practice.
Chapter 3. The Person Safety Case
If Chapter 1 named the failure mode as closure without contradiction, and Chapter 2 defined person safety as a bounded property rather than an aspirational posture, then this chapter must do the harder thing: it must specify the institutional form that can carry those commitments without collapsing into performance, improvisation, or a compliance artifact that speaks fluently while doing nothing. The central wager is that in automated and AI mediated institutions, moral legitimacy is not secured by having “values,” or by publishing “principles,” or by convening an ethics council, even when those gestures are sincere; legitimacy is secured when an institution binds itself to a claim set that can be contradicted, at reasonable cost, by the people who bear the consequences, and by auditors who can test behavior without turning subjects into an evidentiary substrate. What follows is the definition of that binding form.
3.1 Why “ethics” collapses into cheap speech in machine mediated institutions
The problem is not that ethics is irrelevant. The problem is that, inside institutional incentive structures, ethics becomes legible as communication long before it becomes legible as constraint. When an organization can gain reputational benefit, procurement access, employee morale, or regulatory goodwill from adopting the appearance of ethical concern, the equilibrium pressure is to speak ethically at low cost and to do the minimum that preserves optionality. The analytic frame here is not a cynical one; it is a structural one. In strategic communication settings, senders will transmit signals whose informativeness is limited by misaligned incentives and by the absence of binding costs for misrepresentation, and the receiver must interpret those signals under the assumption that the sender is optimizing for its own payoff rather than for shared truth. That is the underlying logic of strategic information transmission models in game theory, and it becomes an institutional default when ethical claims are not bound to falsifiable obligations.
Recent scholarship on “ethics washing” in technology governance names a specific variant of this dynamic: the instrumentalization of ethical rhetoric as a market oriented governance substitute, where ethical language functions as a veneer that is cheap to produce relative to the structural reforms it implies. Yet the most useful formulations do not tell us to abandon ethics; they tell us to stop treating ethics as a governance mechanism by itself. Bietti’s distinction between the intrinsic value of ethics as a mode of inquiry and the instrumental use of “ethics” as a means to reputation or profit is especially important here, because it refuses the false choice between naïve moralism and contemptuous debunking; what fails, on this view, is not moral inquiry but its institutional weaponization into a communicative tactic. (Bietti 2–3).
From the PSC standpoint, then, the diagnosis is precise: ethical talk is not self invalidating, but it is non binding by default; it does not, by itself, allocate burdens of proof, specify testable claims, require evidence objects, define contradiction pathways, or name invalidation conditions. Without those features, “ethics” becomes compatible with closure, because it can be satisfied by discourse rather than by a structurally enforceable right to contest.
3.2 Why importing safety cases without redesign produces sociotechnical theater
Safety case regimes arose to solve a familiar problem: complex systems create risk spaces too large for prescriptive rules to enumerate exhaustively, and so the institution must provide reasons and evidence that the system is acceptably safe for its intended use, not as a promise but as an argument that can be evaluated. Contemporary assurance case literature defines the core move with unusual clarity: an assurance case provides assurance “by giving an argument to justify a claim” about the system, supported by evidence about design, development, and tested behavior, and its novelty relative to guideline based compliance lies in making the argument explicit rather than producing evidence without rationale. (Rushby 3). This explicitness is not aesthetic; it is the mechanism by which reviewers can attack the weak links, demand additional support, and force the system owner to surface assumptions.
But that same literature is explicit about the limits. Rushby is blunt that the aspiration to “think of all the circumstances the system will encounter and everything that could possibly go wrong” confronts potentially infinite spaces with finite resources, such that the task is to provide maximally credible reasons and evidence while recognizing that absolute guarantees are unavailable. (Rushby 9). In engineering safety, this leads to well developed disciplines of hazard analysis, assurance argument structure, and proportionality of evidence to risk. In sociotechnical systems, naïve transfer fails for at least three reasons.
First, the object of safety is different. In sociotechnical systems, the “hazard” is often not a component failure but an institutional decision that propagates through records, incentives, and social meaning. The system’s behavior is inseparable from the documentary substrate and the organizational workflow that enacts authority. Second, the evidence problem is different. In physical safety, evidence can often be generated without intimate capture of persons. In person centered systems, the easiest evidence is personal logging, expanded data retention, and pervasive trace capture, which is exactly what the PSC must treat as presumptively unsafe. Third, the contestability problem is different. In engineering, safety cases are evaluated by specialized regulators and certifiers; in the PSC domain, the subject must be able to contradict outcomes without professionalization, while still enabling deep technical audit.
This is where “safety case theater” is born: the organization learns to produce the artifact that resembles a safety case, but the artifact does not allocate a real right to contradiction, does not define the evidentiary objects that would expose failure modes, and does not bind discontinuation or rollback obligations to repeated failure. A document exists, therefore “governance exists,” therefore legitimacy is asserted. The PSC is designed to make this move fail.
3.3 PSC as a new institutional speech act: binding claims designed to be contradicted
A Person Safety Case is a speech act in the strict sense that it does something in the world by being issued: it changes what an institution owes, what an auditor can demand, and what a subject can contest. Its function is not expressive; it is allocative. It allocates burdens of proof, allocates duties of explanation, allocates timelines for review and rollback, and allocates a standing permission for contradiction. The intellectual ancestry here is speech act theory’s insistence that certain utterances are not descriptions but actions, whose felicity depends on conditions of authority and procedure rather than on sincerity alone. (Austin 5–6).
Formally, PSC 1.0 defines the PSC as a binding claim set supported by evidence objects and constrained by explicit invalidation conditions. The claim set is not “we are ethical,” and not “the model is accurate,” and not “we comply with policy”; it is instead a set of falsifiable statements about person safety bounds, contestability budgets, documentary reason custody, withdrawal and residue semantics, tempo controls, and remediation commitments. The evidence objects are auditable artifacts that demonstrate system behavior, not institutional intention. The invalidation conditions are the explicit ways the PSC can fail, including the ways it fails when practice diverges from paper.
This structure is not invented from nothing; it is a domain specific adaptation of assurance case logic. The GSN Community Standard defines an assurance case as “a reasoned, auditable argument created to support the contention that a defined system will satisfy particular requirements” and emphasizes that the argument must be auditable rather than rhetorical. (GSN Community Standard 9). The Object Management Group’s Structured Assurance Case Metamodel similarly treats evidence as objective artifacts with provenance presented to show that a claim is valid, and it highlights the need for controlled vocabulary so that terms keep stable semantics across an argument. (OMG 12–13). PSC 1.0 borrows this rigor, then adds a constraint that these traditions do not have to carry in the same way: proof must not depend on capture.
At this point, a predictable objection appears: “You cannot prove non harm.” The PSC answers by refusing the straw target. The PSC does not claim omniscience or zero harm across all futures. It claims bounded non harm under stated conditions, with explicit unknowns, with continuous falsifiability, and with precommitted remediation when bounds are violated. Its ambition is to reverse uncertainty externalization: instead of the subject bearing institutional uncertainty as deprivation, delay, paperwork, and implied assent, the institution bears uncertainty as additional constraints, slower tempo at irreversibility points, narrower inference, and stronger rollback duties. In other words, the PSC is a way of making uncertainty expensive for the institution rather than metabolically expensive for the person.
3.4 The anti theater triad: explicit unknowns, low cost contestability, evidence objects
PSC 1.0 treats three elements as non substitutable. If any are missing, the PSC is not “weak”; it is invalid.
First, explicit unknowns. In engineering assurance, the discipline of stating assumptions and confidence limits is a precondition of honest argument. Rushby’s emphasis on potentially infinite state spaces and finite resources is not an aside; it is a mandate to name where the argument stops, what is not known, and what residual risks remain. (Rushby 9). In sociotechnical systems, the analogous move is to state, in ordinary language and in audit language, what the institution does not know: distributional uncertainty, subgroup performance gaps, unmodeled causal pathways, and the possibility of novel failure modes. In the PSC, unknowns are not a disclaimer; they are a trigger for constraint. When unknowns rise, inference must narrow, stakes must slow, and rollback commitments must strengthen.
Second, low cost contestability. The PSC does not treat contestability as a downstream customer service function; it treats contestability as part of the proof that the institution can be trusted to use inference near lives. This is the “designed to be contradicted” requirement in operational form. A PSC that is strong on paper but weak in recourse is not ethically incomplete; it is procedurally deceptive, because it uses the existence of a process to imply that people can use it. Chapter 5 will formalize contestability budgets; here, the claim is simpler: without an accessible contradiction pathway, all other claims become self sealing.
Third, evidence objects. Safety case traditions insist that evidence is not narrative; it is the set of artifacts that connect claims to observable behavior. The OMG specification’s definition is intentionally broad, because evidence can be documents, test results, measurement results, records of process, and other objective artifacts presented to show claim validity. (OMG 12). The PSC narrows the field by imposing a privacy bound: evidence objects must, wherever feasible, be generated through aggregation, privacy preserving measurement, and auditable system level logging rather than generalized personal capture. Evidence, in PSC terms, must be compatible with personhood.
These three elements are the anti theater triad because each blocks a common evasion. Explicit unknowns block the “confidence by omission” tactic, where silence about uncertainty is treated as certainty. Low cost contestability blocks the “recourse exists” fiction. Evidence objects block the “trust us” move, and they also block the opposite move where accountability is purchased by expanding surveillance.
3.5 PSC 1.0 required sections and normative language conventions
The PSC must be readable by engineers, legible to regulators, usable by auditors, and contestable by affected persons. That requires a disciplined structure and disciplined language.
PSC 1.0 therefore adopts the normative language conventions used in technical standards: the PSC uses MUST, MUST NOT, SHOULD, and MAY with the semantics specified by RFC 2119, clarified by RFC 8174’s instruction that these keywords are interpreted as normative requirements when, and only when, they appear in all capitals. (Bradner sec. 1; Leiba sec. 1). This is not pedantry. Sociotechnical governance fails through ambiguity: “we will try,” “we aim,” “we consider,” “as appropriate.” The PSC treats ambiguity as an accountability hazard. Where discretion is legitimate, the PSC may permit it with MAY and MUST record justification; where discretion is unsafe, the PSC forbids it.
A PSC 1.0 document is valid only if it contains, at minimum, the following sections, each written as claims linked to evidence objects and invalidation conditions: a Scope and Decision Inventory that enumerates each decision class, the populations impacted, and the irreversibility class; a Person Safety Bounds section that instantiates the bounds defined in Chapter 2 for this system; a Contestability Budget section that defines service levels, independence requirements, and anti retaliation protections; a Custody for Reasons section that specifies documentary provenance, reason custody, and the handling of generated text in official records; a Withdrawal and Residue section that defines residue classes, withdrawal semantics, and proof packets; a Conduct Near Vulnerability section that specifies conduct invariants and production monitoring; a Tempo Controls section that binds delay, cooling periods, and justification at irreversibility points; a Redress, Rollback, and Discontinuation section that precommits remediation protocols and discontinuation triggers; an Explicit Unknowns and Residual Risk section that names uncertainties and binds compensating controls; and an Evidence Index that enumerates evidence objects, their provenance, access rules, and refresh cadence.
Two features matter more than completeness. First, every section must be written in a way that can be attacked by a reviewer; the PSC is not a story about institutional care, it is an argument with failure points. Second, every section must be written in a way that does not require the subject to become a dataset in order to be treated fairly.
3.6 The PSC’s central burden shift: making contradiction cheaper than compliance theater
We can now state, cleanly, what the PSC does that ordinary governance does not. It takes what institutions currently treat as externalities and turns them into first class obligations. When an institution is uncertain, it currently tends to externalize that uncertainty into higher burdens on the subject: more documentation, more waiting, more interrogations of identity, more risk of permanent record contamination, more “prove you are not fraud,” more “dispute this score.” The PSC reverses that flow by making uncertainty an internal cost: narrower inference; more conservative escalation; slower tempo at irreversible points; stronger rollback and compensation duties; and, when repeated failure makes safe contradiction impossible, discontinuation.
This is also why the PSC cannot be reduced to a standards checklist. Rushby’s contrast between guideline based assurance and assurance cases is instructive: standards often specify evidence to produce, whereas assurance cases add the explicit argument that explains why evidence is sufficient. (Rushby 3). The PSC is an assurance case for persons that refuses the two dominant failure modes at once: it refuses the “produce artifacts without rationale” compliance posture, and it refuses the “produce rationale without contestability” governance theater posture. It binds the institution to an argument whose weak links can be located, contradicted, and forced to improve.
The remainder of the book makes this executable by defining the PSC primitives as measurable, auditable, and adoption ready. But the conceptual center is already present here: the PSC is the institutional mechanism by which a person can remain partially opaque while still having standing to contest decisions that shape their life, because the proof burden is carried by the institution’s claims and evidence, not by the subject’s forced legibility.
Chapter 3 close: the required three items
PSC claim added or sharpened. A valid Person Safety Case MUST be a binding, falsifiable claim set supported by evidence objects and constrained by explicit invalidation conditions, with the explicit purpose of enabling safe contradiction at reasonable cost without converting persons into the evidence substrate. (Bradner sec. 1; Leiba sec. 1; Rushby 3).
Evidence object introduced or refined. The PSC Evidence Index, built as an auditable map from each normative claim to specific evidence artifacts with provenance, access rules, and refresh cadence, using controlled vocabulary to prevent semantic drift across audits. (OMG 12–13).
Invalidation condition enabled. The PSC is invalid if it omits explicit unknowns, if contestability is not demonstrably usable at reasonable cost, or if its proof plan depends primarily on generalized expansion of personal capture rather than system level evidence objects compatible with personhood. (Rushby 9; GSN Community Standard 9).
Chapter 5. Contestability Budgets
A right to appeal that cannot be exercised under ordinary constraints is not a safeguard but a rhetorical alibi. In high consequence sociotechnical systems, the institutional move is familiar: the decision arrives with a gesture toward recourse, while the lived path to contradiction is stretched across deadlines, forms, phone trees, opaque notices, and the slow violence of waiting. The result is not only that errors persist; it is that the institution converts its own uncertainty into the subject’s labor, time, and bodily cost, and then treats the resulting exhaustion as assent. The Person Safety Case cannot tolerate this conversion. If PSC is a burden shift, then Contestability Budgets are the first instrument that makes the shift measurable, auditable, and enforceable.
The book has already placed a hard constraint on itself: the PSC must survive the benefits eligibility and fraud detection environment, where deprivation is immediate and exit is not real, and it must survive credit and tenant screening, where inference propagates into durable records and downstream refusals. In both stress tests, the system’s most efficient cheating strategy is not to raise falsehood to truth; it is to raise the cost of contradiction until contradiction becomes irrational. When the Supreme Court described the welfare recipient’s condition under termination, it did not sentimentalize; it stated a structural fact about capacity: deprivation alters what a person can do, including what they can do to contest the deprivation, because subsistence urgency consumes attention and time (Goldberg v. Kelly 264–265). That insight is not historically bounded. It is the core mechanical reason that contestability must be treated as a safety property rather than a legal afterthought.
1. From appeals to budgets: making contradiction a designed capacity
A Contestability Budget is a maximum allowable cost, expressed as a composite of measurable burdens, for a person to initiate, sustain, and complete a contradiction pathway for a given decision class. The term “budget” is chosen deliberately. In institutions, budgets are what gets managed; they are what triggers governance when exceeded; they are what can be audited. A “right” without a budget can be honored in form and denied in practice. The PSC therefore requires that contestability be engineered as a bounded cost surface, and that the institution pre commits to staying inside that bound in production.
This chapter borrows, but also tightens, the administrative burden literature. Moynihan, Herd, and Harvey define administrative burden as the learning costs, psychological costs, and compliance costs that citizens face in their interactions with the state, and they treat those costs as consequential political design variables rather than incidental friction (Moynihan, Herd, and Harvey 43–69). PSC absorbs that triad and adds what sociotechnical systems uniquely intensify: retaliation risk, tempo coercion, and opportunity cost under scarcity. It also adds one more requirement that governance artifacts often evade. A budget is not a description of what people currently endure; it is a normative ceiling that the institution must not exceed.
The second intellectual move is to name what institutions sometimes do intentionally. Nichols and Zeckhauser, in the canonical economics account of ordeal mechanisms, describe restrictions and costly hurdles as screening devices that sort applicants, including by discouraging take up through imposed costs (Nichols and Zeckhauser 372–377). PSC does not deny that institutions sometimes treat burdens as targeting strategy, including under fraud narratives. It instead draws a bright legitimacy line: in high stakes sociotechnical adjudication, burdens that function as ordeals must be treated as suspect by default and require explicit justification, independent audit, and strict caps. In PSC terms, you may not “target” by exhausting the person.
2. The contestability cost model: what must be counted
A Contestability Budget counts what institutions prefer not to count. That is the entire point. The PSC requires a cost model that is legible enough to be audited and adversarially tested, while still faithful to the human reality that burdens compound nonlinearly under poverty, disability, language barriers, caregiving, and fear of retaliation.
The PSC therefore defines the contestability cost of a decision pathway as a composite, at minimum, of six measurable dimensions.
First are learning costs: the time and effort required to discover that a decision was made, understand what it was, identify the reason codes or predicates, locate the correct channel, and learn what evidence will be treated as admissible. Learning costs spike when notices are vague, when explanation is pseudo explanatory, and when the system hides the decisive features behind trade secrecy or vendor laundering. In credit and tenant screening, learning costs are frequently front loaded into adverse action notices and dispute instructions that are technically present but practically unreadable for ordinary people. The FCRA’s adverse action framework presumes that a person is told that information in a consumer report contributed to an adverse decision and is given core identity and dispute information (15 U.S.C. § 1681m(a)). PSC treats that statutory posture as a minimum, not a completion, because the text can be complied with while the actual learning burden remains high.
Second are compliance costs: documentation requirements, form complexity, number of steps, number of channels, the need for notarization or in person appearances, the need to upload files in constrained formats, and the probability that the institution will demand the same document multiple times due to internal non custody. These costs are not neutral. They select for professionalized subjects and they punish ordinary life. Lipsky’s street level bureaucratic frame remains instructive: when policy is delivered through routines and constraints at the point of service, the interaction itself becomes the real policy surface, regardless of what the formal rule claims (Lipsky). In PSC terms, contestability is not what the policy says; it is what the person can accomplish through the actual channel.
Third are psychological costs: stigma, fear, stress, humiliation, and cognitive depletion induced by the recourse process itself. Administrative burden research identifies psychological costs explicitly, and PSC treats them not as soft variables but as safety relevant, because they predict abandonment and coerced acceptance (Moynihan, Herd, and Harvey 43–69). The design implication is direct: a contestability pathway that depends on shame, confusion, or intimidation is an unsafe pathway.
Fourth is retaliation risk: the realistic fear that initiating contest will make one’s future treatment worse, whether through informal discretion, heightened scrutiny, punitive escalation, or subtle denial of service quality. This risk is structurally salient in benefits administration, in housing relationships, and in contexts where the institution controls access to time sensitive goods. PSC requires that retaliation risk be treated as a cost component with explicit controls, including safe channels, anti retaliation commitments tied to evidence objects, and monitoring for correlated adverse outcomes after contest initiation.
Fifth is time to resolution, treated not as neutral latency but as exposure to harm. Contestability cost must include time to acknowledgment, time to interim relief, time to substantive decision, and time to restoration. The Supreme Court’s due process balancing test in Mathews v. Eldridge explicitly frames procedural sufficiency around private interest, risk of erroneous deprivation and value of safeguards, and governmental burden (Mathews v. Eldridge 332–335). PSC does not dispute the flexibility of due process; it operationalizes a non negotiable person centered constraint: where time itself becomes coercion or deprivation, the contestability budget must tighten, not loosen.
Sixth is opportunity cost under scarcity. In benefits, time spent contesting is time not spent working, caregiving, or securing food and shelter, and the system is aware of this. Goldberg names the mechanism: termination can be immediately desperate and the need to secure subsistence can impair the person’s practical ability to seek redress (Goldberg v. Kelly 264–265). Contestability Budgets must therefore be set with scarcity realism, not with an imagined professional complainant who can take off work, has stable connectivity, and can tolerate delayed outcomes.
These dimensions must be quantified, published, and tested. Quantification does not mean reducing psychological cost to a fake scalar with false precision; it means committing to measurable proxies and thresholds that can be audited and improved: maximum number of steps; maximum pages of required documentation; maximum reading level for notices; maximum queue time to a human; maximum time to an interim relief decision in irreversibility class cases; and maximum number of “handoffs” across departments. When the system uses digital interfaces, PSC additionally requires counting manipulative interface costs. The FTC’s staff report on dark patterns documents how interface designs can trick, steer, or obstruct consumers, often by exploiting cognitive biases and by making certain choices difficult to execute (Federal Trade Commission, Bringing Dark Patterns to Light 1–3). In PSC terms, an appeal path that exists inside a dark pattern architecture is not a real appeal path.
3. The stress tests: why the statutory baseline is not enough
Contestability Budgets are easiest to justify in the abstract and easiest to betray in the stress tests. That is why the chapter stays anchored to benefits and screening rather than drifting into governance generalities.
In credit and tenant screening, the system often claims that the person can dispute errors, but the system’s tempo makes that claim hollow. Under the FCRA, consumer reporting agencies must conduct a reinvestigation of disputed information within a statutory timeline, with specific conditions for extension (15 U.S.C. § 1681i(a)(1)(A)). The existence of a statutory dispute right does not, by itself, ensure contestability at reasonable cost in tenant screening, because housing markets move on timescales shorter than the reinvestigation cycle, and a single denial can cascade into homelessness risk. The joint consumer resource on tenant background checks states plainly that tenant screening companies must investigate disputes within thirty days and that a person may request a free copy of the report within sixty days of an adverse action notice, with the notice expected to include the background check company’s contact information and dispute rights (Consumer Financial Protection Bureau et al. 2–3). Those statements are necessary public information, and PSC treats them as evidence that the institution knows the tempo mismatch and cannot pretend ignorance. If the recourse mechanism resolves after the opportunity is gone, the person has not been protected; the institution has documented a post hoc process.
In public benefits, the harm pattern is sharper. Because deprivation is immediate, contestability must include interim relief protocols and near real time review capacity. Goldberg’s due process holding is operationally specific: timely and adequate notice, an effective opportunity to defend by presenting arguments and evidence orally before the decisionmaker, and a decisionmaker who is impartial and, as a rule, did not participate in the initial determination under review (Goldberg v. Kelly 266–271). PSC does not import Goldberg as legal compliance theater. It imports the structural logic: when deprivation is high consequence, contestability must be meaningfully exercisable by ordinary people, not by heroic subjects with professional help.
This is also where the “ordeal” temptation is strongest. Fraud detection programs, especially those tied to eligibility, have a built in incentive to make contest costly to suppress caseloads and to shift error costs away from the institution. Nichols and Zeckhauser’s ordeal logic helps explain why burdens persist even when they are socially wasteful: they function as screens (Nichols and Zeckhauser 372–377). PSC’s response is not moral outrage; it is a safety rule. If the institution wants burdens, it must demonstrate that those burdens do not function as de facto denial for eligible persons, and it must do so with evidence objects that do not require personal capture as the main instrument of proof.
4. Service levels: turning contestability into operational commitments
A budget that cannot be enforced in operations is decoration. PSC therefore requires Contestability Service Levels, binding commitments analogous to reliability SLOs, but oriented to contradiction rather than uptime.
At minimum, PSC requires service levels for four intervals: time to reach a contest initiation channel from notice receipt; time to acknowledgment; time to interim stabilization where irreversibility risk is high; and time to final resolution with a reasoned decision and restoration semantics. These must be stated by decision class and aligned to the Person Safety Bounds, especially bounded irreversibility and bounded penalty. The goal is not speed for its own sake; it is to prevent time from becoming coercion. A slow appeal path can function as a denial even when the outcome eventually favors the person, because the harm happens during the wait.
Service levels must also constrain procedural complexity. The institution must state, and then meet, ceilings on steps, documentation items, channel switches, and repeated submissions caused by internal non custody for reasons. If the process requires a person to reassemble the institution’s own hidden workflow, the institution has failed custody and has offloaded epistemic labor onto the subject.
Finally, service levels must include accessibility commitments: language access, disability accommodations, and multi modality pathways that do not require stable broadband or advanced literacy. This is not benevolence. It is the minimum required for “reasonable cost” to be non fictional.
5. Independence of review: contestability cannot be self judging
Contestability fails when the institution grades its own paper, or when review is routed to a vendor who is contractually aligned with denial outcomes. PSC therefore specifies independence as a structural requirement, not an aspirational best practice.
Goldberg makes the principle explicit: even if prior involvement does not always disqualify, the decisionmaker should not have participated in making the determination under review, and impartiality is required (Goldberg v. Kelly 271). PSC generalizes this into implementable controls: review must be performed by a function with separation from the operational unit that made or executed the decision; review must have authority to reverse, restore, and trigger remediation protocols; and the person must be able to access review without professional representation. Goldberg is again operational: counsel need not be furnished, but the recipient must be allowed to retain counsel if desired, which implies that the process must be intelligible enough for both represented and unrepresented persons to use (Goldberg v. Kelly 270). A contestability pathway that is effectively navigable only with paid professional help violates the reasonable cost threshold by design.
Mathews v. Eldridge is sometimes misused to argue that less process is always acceptable when administrative burden is high. The opinion’s balancing test does consider governmental burdens, but it does so within an explicit three factor analysis that includes private interest and the risk of erroneous deprivation, as well as the value of additional safeguards (Mathews v. Eldridge 332–335). PSC reads that structure as permission to be precise, not permission to externalize. If the risk of harm and the irreversibility class are high, contestability budgets tighten; they do not loosen under institutional convenience.
6. The PSC rule: what counts as passing, and what counts as failure
A Contestability Budget is not satisfied by publishing a phone number and a deadline. It is satisfied only when audited evidence shows that ordinary people, under realistic constraints, can contradict the system to completion without disproportionate cost. PSC therefore adopts a straightforward pass condition: for each decision class within scope, the institution must (1) specify the contestability budget ceiling and service levels, (2) provide evidence objects demonstrating performance against those commitments, and (3) demonstrate that contest initiation does not correlate with elevated penalty or degraded future treatment absent documented independent justification.
Failure is equally straightforward. If measured contestability costs exceed the declared budget for a material proportion of cases, the PSC claim is invalid. If service levels are routinely missed without triggers and remediation, the PSC claim is invalid. If review is not independent in the Goldberg sense, the PSC claim is invalid. If the only way to meet contestability is to expand personal logging and surveillance, the PSC claim is invalid under Proof Without Capture. And if the recourse architecture uses manipulative interface patterns that increase the cost of contradiction, the PSC claim is invalid, because what exists is not contestability but steering (Federal Trade Commission, Bringing Dark Patterns to Light 1–3).
This chapter’s discipline is to treat these as safety failures rather than reputational failures. A system that cannot be contradicted at reasonable cost is unsafe, even when its average accuracy is high, because the person is exposed to error without a usable correction mechanism. The PSC does not ask institutions to be perfect. It asks them to be contradictable without consuming the subject.
PSC 1.0 delta for this chapter
PSC claim added or sharpened: Every in scope decision class must include a quantified Contestability Budget and Contestability Service Levels that keep contradiction feasible under realistic scarcity, including explicit treatment of learning, compliance, psychological burden, retaliation risk, and time to interim relief and final resolution, with independence of review treated as a structural requirement.
Evidence object introduced or refined: The Contestability Budget Worksheet, paired with a Recourse Service Ledger that records end to end contestability performance against declared ceilings and service levels, including step counts, time to human contact, time to acknowledgment, time to interim stabilization, time to resolution, and reversal outcomes, with interface audits documenting that recourse paths are free of manipulative obstruction.
Invalidation condition enabled: The PSC is invalid if audited contestability costs exceed the declared budget at scale, if service levels are routinely missed without remediation, if review lacks Goldberg style impartiality and separation from the original determination, or if the recourse pathway is materially compromised by coercive tempo or manipulative interface design.
Chapter Six
Custody for Reasons
Institutions do not govern persons directly. They govern through documents, through letters that deny and notices that warn, through case notes that become permanent and through fields that become fate, through workflow screens that routinize suspicion, through a record that looks inert until it is invoked as the only memory the institution will recognize. In the two stress tests of this book, benefits eligibility and fraud detection and credit and tenant screening, the decisive harm is rarely a single wrong output; it is the production of closure in a documentary form that cannot be meaningfully contradicted. A person is told, in writing, that the institution has concluded something about them, and the text is treated as the end of the matter. What follows is a distinctive kind of violence: not only deprivation, but a forced relationship to a document that the person cannot interrogate, cannot reopen, and cannot rebut without professionalizing themselves into an amateur paralegal and an exhausted archivist.
This chapter establishes a discipline I call documentary due process: the preservation of custody for reasons, provenance, and contestability in the documentary substrate where authority is performed. The phrase custody is doing deliberate work. We already understand custody as a requirement for evidence in adversarial settings: a chain that binds an artifact to its origin, its handling, its integrity over time. In sociotechnical governance, reasons are also evidence. They are not moral decoration; they are the institutional basis on which power is exercised. If reasons are allowed to drift, if provenance is optional, if decision texts can be produced without an auditable lineage to the actual decision procedure, then contestability becomes a fiction and accountability becomes a rhetoric.
The core claim of this chapter is simple: the Person Safety Case cannot be satisfied by a system that makes consequential decisions while allowing the institution to lose custody of its own reasons. The PSC forces the institution to keep what it uses to govern.
1. Reasons are not explanations. They are the governable object.
In ordinary governance talk, “explanation” is treated as the ethical output: a narrative that makes a decision palatable. But administrative law, at its best moments, is more exacting. It does not ask for charm; it asks for reasons that are tethered to the record. Under the Administrative Procedure Act, initial decisions and decisions on review in formal adjudication must include findings and conclusions, and the reasons or basis for them, on all material issues. That is not an inspirational ideal; it is a structural requirement that binds authority to an inspectable documentary trace (United States, 5 U.S.C. § 557(c)).
The Supreme Court makes the same structural demand in its reasoned decision making doctrine. An agency action is arbitrary and capricious when the agency fails to examine the relevant data and articulate a satisfactory explanation for its action, including a rational connection between facts found and the choice made (Motor Vehicle Mfrs. Ass’n v. State Farm, 463 U.S. 29). The Court’s insistence is not simply that an explanation exist, but that a decision be judgeable by reference to the grounds the decision maker actually used, rather than a retrofitted narrative offered after the fact. That distinction is the beginning of custody for reasons: the reasons must exist in the record at the time authority is exercised, not as a post hoc performance once challenged.
Private institutions routinely exercise power that is structurally analogous to public adjudication, especially in the two stress tests of this book. They decide whether you will eat, whether you will live somewhere stable, whether you will clear the screening threshold that determines where your life is permitted to take place. Yet they often treat reasons as optional, and they frequently treat explanation as a consumer experience problem rather than a due process substrate. In credit and tenant screening, the law itself can inadvertently normalize this externalization. When an adverse action is taken based on a consumer report, the user must provide notice and identify the consumer reporting agency, but must also state that the consumer reporting agency did not make the decision and is unable to provide the specific reasons why the adverse action was taken (United States, 15 U.S.C. § 1681m(a)(3)(B)). The notice regime can therefore satisfy formal legality while leaving a person with a document that is structurally incapable of providing reasons. The result is predictable: the institution can point to a compliance artifact and still deny a person the documentary surface on which contest is possible.
The PSC refuses that separation. In PSC terms, reasons are not customer support. Reasons are a safety control. They are the object whose custody must be maintained.
2. The documentary substrate is a system component, not a byproduct.
A Person Safety Case treats the documentary layer as part of the system, not downstream paperwork. That stance is already implicit in the governing definition of a “record.” Under the Federal Records Act, records include recorded information of all forms and characteristics, made or received by an agency under Federal law or in connection with public business, preserved as evidence of the organization’s activities or because of the informational value of the data (United States, 44 U.S.C. § 3301). The key point is not bureaucratic; it is epistemic. The record is the evidence substrate of authority. If a decision is made but cannot be reconstructed from a trustworthy record, then the system has preserved power while discarding the very thing that would let power be judged.
Records management theory makes the same point through the language of trustworthiness. The National Archives and Records Administration explains that trustworthy records depend on characteristics such as reliability, authenticity, integrity, and usability, and that systems should preserve audit trails showing who edited a record and when (NARA, “Characteristics of Records and Information”). A PSC does not import records management as compliance theater; it imports it as person safety infrastructure. When denial letters, adverse action notices, case notes, “risk narratives,” and exception memos become the decisive interface between a person and an institution, the integrity of those documents is not a back office concern. It is the material condition of contestability.
This is why I call the discipline documentary due process. It demands, at minimum, that the institution can answer a narrow set of questions without improvisation: What was decided. Who decided. On what grounds. Using which policy version. Using which model or rule set. Using which inputs and with what provenance. With what uncertainty. With what escalation pathway. And, crucially, what the institution claims would invalidate the decision if a material fact were shown to be wrong. If the system cannot answer these questions in its own documentary substrate, the person is forced to supply the missing structure through their own labor, and the burden shift fails.
3. Generative text raises the deniability gradient unless custody is engineered.
Generative systems do not merely change how documents are produced. They change what a document is allowed to mean. Fluency increases deniability because it becomes trivial to produce plausible text that sounds like a reason without being a reason, and to produce a reason without being able to show that the reason was the basis of the decision. The model can generate an elegant denial letter that summarizes factors, cites policy language, and reads like adjudication. But unless the organization preserves custody for the underlying decision process, the letter is a mask: it appears to be the institution speaking its reasons while functionally severing the text from the actual grounds of the decision.
NIST’s Generative AI Profile is explicit that generative AI introduces distinct risk categories, including confabulation, defined as confidently stated but erroneous or false content. This is not a niche failure mode; it is a predictable property of the technology class (National Institute of Standards and Technology 3). In institutional settings, confabulation is not only misinformation. It becomes documentary poison. A denial notice that contains an invented rationale, an incorrect basis, a misdescribed dataset, or an inaccurate explanation of rights is not just “wrong text.” It is a safety failure that contaminates the contestability surface. The person now must fight both the adverse outcome and the institution’s own fabricated narrative.
The PSC therefore imposes a hard rule: a generative system may assist with drafting, but “the model wrote it” can never be an accountability escape hatch. A document that exercises authority must be tethered to accountable agents, specific system components, and auditable inputs. NIST’s profile emphasizes content provenance as a primary consideration and calls for mechanisms that track and validate lineage and authenticity of AI generated data, as well as documentation of model adaptations and training data origins, including provenance related information (National Institute of Standards and Technology 44–48). These are not merely technical hygiene recommendations. For PSC purposes, they are the bones of documentary due process: provenance is what prevents fluent text from becoming a deniable substitute for reasons.
4. Custody for reasons: the minimal documentary controls PSC requires.
Custody for reasons is the set of controls that preserves a decision’s grounds as a stable, reconstructible object across time, personnel change, vendor substitution, and interface redesign. It requires restraint. It is easy to respond to accountability pressure by logging everything and storing it forever. Chapter Four already forbids that kind of proof by capture. The task here is to preserve the minimum documentary structure necessary for contradiction without turning the person into the raw material for endless institutional memory.
The first control is the Decision Basis Record. Every consequential decision must produce, as a first class artifact, a compact basis record that is not a narrative but a structured object. It contains the decision type, the authority under which the decision is made, the policy version, the system version, the model or ruleset identifier, the decisive factors expressed as auditable reason codes with supporting references, the uncertainty markers relevant to the decision, and the formal invalidation conditions that would compel reconsideration. This record is not written for the person and not withheld from the person; it is written to make the decision judgeable.
The second control is the Provenance Envelope. Every authority bearing document must carry a provenance envelope that binds it to the system events that produced it, including the agents responsible, the data sources used, and the transformations performed. The W3C PROV recommendation offers a widely used conceptual grammar for this kind of provenance, representing entities, activities, and agents, and explicitly treating provenance as information that can support assessments of quality, reliability, or trustworthiness (W3C, PROV Overview). PSC does not mandate a particular schema, but it requires that the provenance envelope be machine verifiable and resistant to post hoc alteration. The envelope is what prevents a denial letter from becoming an orphaned text that cannot be tied back to actual system behavior.
The third control is the Authorship and Assistance Disclosure. If generative systems contribute to an authority bearing document, the document must disclose the mode of contribution, not as branding but as a safety annotation. Drafted by a model. Edited by a human. Generated from a template. Summarized from the Decision Basis Record. The purpose is not to warn the reader about artificiality; it is to prevent documentary laundering, where a model’s fluent output is treated as if it were an adjudicator’s reasons. If the institution cannot say what produced the text, it cannot be accountable for the text.
The fourth control is the Immutable Edit Log for Authority Documents. NARA’s discussion of trustworthy records emphasizes audit trails and the ability to show who changed a record and when (NARA, “Characteristics of Records and Information”). In PSC terms, authority bearing documents, including internal case notes that influence outcomes, must preserve a tamper evident edit history. This does not mean the person gets full exposure to sensitive internal discussion. It means the institution cannot silently rewrite its own basis. If the reasons change, the record must show that they changed, why they changed, and what evidence triggered the change.
The fifth control is the Reason Receipt. Every affected person must be able to obtain, without professionalization, a reason receipt that is anchored in the Decision Basis Record. In tenant screening and credit contexts, a person can be told that a consumer reporting agency did not make the decision and cannot provide the specific reasons (United States, 15 U.S.C. § 1681m(a)(3)(B)). PSC does not treat that as acceptable. The user who takes the adverse action must preserve its own grounds and must be able to provide a reason receipt that is contestable. The receipt does not need to reveal trade secrets. It does need to reveal what the institution claims it relied upon, in a form that can be disputed.
The sixth control is the Record Reconstruction Guarantee. When a decision is contested, the institution must be able to reconstruct the decision context: the policy state, the system state, the model version, the inputs as used, the thresholds applied, and the escalation pathway. If the organization cannot reproduce the basis of its own authority, it has created a contestability mirage. This guarantee is the documentary analogue of reproducibility in science. It is not perfection; it is the minimum condition for contradiction.
The seventh control is Separation of Narrative from Basis. A system may generate explanatory narrative for accessibility, but the narrative must be derived from the basis record, not independent of it. The narrative is allowed to be incomplete; it is not allowed to be creative. The PSC treats creative explanation as a safety hazard because it can introduce confabulated content into the authority interface (National Institute of Standards and Technology 3). The safest pattern is that narrative text is a rendering layer over a basis record, with explicit constraints that forbid the narrative generator from inventing grounds.
Finally, the eighth control is Cryptographic Attestation for Provenance When Feasible. The PSC does not require a specific technical stack, but it does recognize that provenance claims are only as strong as their resistance to manipulation. Content provenance standards such as C2PA specify a model in which content credentials include signed manifests and assertions about edits and origins, designed to make provenance verifiable across systems (C2PA, Technical Specification). PSC uses this not as a mandate to embed content credentials into everything, but as a proof that verifiable provenance is feasible and that documentary authority can be bound to integrity guarantees stronger than institutional promise.
5. Proof without capture: keeping reasons without expanding surveillance.
A legitimate fear is that custody for reasons will be misused as a rationale for radical logging and permanent retention. The PSC blocks that move. Custody for reasons is custody for institutional behavior, not expanded capture of personal life. The Decision Basis Record should prefer references to already collected inputs, policy categories, and system derived features, and it should be explicit when a feature is a proxy and therefore contestable. The Provenance Envelope should emphasize system event lineage, not intimate personal detail. Where evidence must be preserved for auditability, it should be preserved with minimal exposure and with clear withdrawal and residue semantics, which Chapter Seven will formalize.
The rule is that the institution must preserve the documentary substrate it needs to justify its own actions, and it must do so in a way that does not conscript the person into being an ever expanding evidence substrate. Custody for reasons is therefore a burden shift technology. It makes uncertainty internal again.
6. Documentary invalidation: when the PSC must fail.
A Person Safety Case must be falsifiable, not inspirational. Documentary due process is therefore enforced through invalidation triggers. The most important trigger is simple: if a consequential decision cannot be reconstructed from a trustworthy record that preserves the decision’s grounds, the PSC is invalid for that decision pathway. A second trigger follows: if the authority bearing text cannot be tied to a provenance envelope that identifies accountable agents and system components, the PSC is invalid. A third trigger is specific to generative systems: if a model contributed to an authority bearing document and the institution cannot demonstrate separation between narrative and basis, including controls preventing confabulation, the PSC is invalid. A fourth trigger concerns post hoc reason substitution: if the institution’s stated reasons change after contest begins without a recorded basis for the change, the PSC is invalid for that case class because the system has demonstrated that reasons are not under custody. A fifth trigger links back to the burden shift: if the institution’s proof of correct decision making relies primarily on generalized expansion of personal logging rather than on institutional evidence objects and provenance controls, then documentary integrity has been purchased with capture, and the PSC is invalid as a person safety claim.
These invalidation rules are not punitive. They are design forcing functions. They make it cheaper to engineer custody for reasons than to litigate the consequences of losing it.
Chapter Six close: what this chapter adds to PSC 1.0
PSC claim added or sharpened. The system must maintain custody for reasons by producing a Decision Basis Record and a provenance bound authority interface, such that every consequential decision is judgeable by reference to contemporaneous grounds and reconstructible system state, without requiring the affected person to reconstruct hidden workflows (United States, 5 U.S.C. § 557(c); Motor Vehicle Mfrs. Ass’n v. State Farm).
Evidence object introduced or refined. The Reason Custody Packet, consisting of the Decision Basis Record, the Provenance Envelope expressed in a verifiable provenance model, the immutable edit log, and the reason receipt rendered from the basis record, with explicit authorship disclosure when generative systems assist (W3C, PROV Overview; NARA, “Characteristics of Records and Information”; National Institute of Standards and Technology, NIST AI 600-1).
Invalidation condition enabled. The PSC is invalid for any decision pathway where the institution cannot reconstruct the grounds and provenance of an authority bearing document from a trustworthy record, or where generative text is permitted to produce decision narrative not derivable from the Decision Basis Record, thereby enabling confabulation or post hoc reason substitution (National Institute of Standards and Technology 3; NARA, “Characteristics of Records and Information”).
Chapter 7. Verifiable Withdrawal and Residue
Withdrawal is the place where “person safety” stops being an aspiration and becomes an engineering claim with legal and moral weight, because it forces an institution to say, in operational terms, what it means for a person’s data to stop acting on them. In benefits eligibility and fraud detection, withdrawal collides with the non optional character of the program and the state’s need to document reasons; in credit and tenant screening, it collides with propagation, resale, and the practical reality that a score can outlive the facts that generated it. In both environments, the public rhetoric of “deletion” routinely functions as a sedative: it sounds like control, but it often names only the deletion of a front end record while derived artifacts continue to shape future decisions. The Person Safety Case cannot tolerate that semantic gap, because the gap is where irreversibility debt compounds: the institution keeps the downstream advantages of inference while the person bears the downstream costs of residue.
The first move, therefore, is to treat withdrawal as a verifiable state transition in a system of record, not as a promise about intent. Modern data protection law already gestures toward this distinction, even when popular summaries flatten it. Under the GDPR, the “right to erasure” is not a metaphysical requirement that all traces vanish; it is a structured obligation with enumerated grounds, paired with explicit exceptions for legal obligation, public interest archiving, and the establishment, exercise, or defence of legal claims, which is to say that the law itself anticipates legitimate residue and insists on articulated necessity rather than default retention. The same architecture appears in the CCPA as amended by the CPRA: deletion is a right with specified exceptions, and the statute explicitly contemplates recordkeeping about deletion requests, again signaling that “nothing remains” is not the only legitimate end state and that the ethical task is disciplined justification and constrained persistence, not theatrical purity. The PSC takes the most institutionally expensive implication of these regimes and makes it explicit: withdrawal must be legible as an auditable transition with declared residue, because only that form can support contestability without converting the person into a permanent evidence substrate.
To get there, we need a taxonomy that is both morally meaningful and operationally executable. “Residue” is any artifact that persists after a withdrawal event and that either continues to affect outcomes or continues to shape what can be proven about outcomes. In PSC 1.0, residue is not a failure; residue is a class of objects that must be disclosed, bounded, and justified. The minimum residue classes that matter in sociotechnical systems are these: raw source data; normalized records in operational databases; derived features and aggregates; embeddings and vector representations; model parameters and intermediate training artifacts; scores, ranks, and risk labels; human authored notes and case narratives; exports and downstream shares; and audit traces, including logs and provenance records. The reason to name these classes is not academic completeness; it is to prevent the two most common forms of institutional evasion: deleting only the easiest layer while leaving decision bearing artifacts intact, or denying the existence of derivatives by treating them as “not personal data” in practice even when they operate as personal destiny.
Once residue classes are named, withdrawal must be specified as a semantics matrix rather than a single verb. In the PSC, a withdrawal request can map to different actions depending on the residue class and the governing authority, but the mapping must be precommitted and testable. At minimum, the matrix must distinguish deletion, restriction of processing, disassociation, and correction with propagation. “Deletion” must mean that the object is removed or rendered infeasible to access for a defined level of effort, not merely hidden from a user interface; NIST’s sanitization guidance is unusually helpful here because it defines sanitization precisely as rendering access to target data “infeasible for a given level of effort,” which allows a PSC to state measurable claims rather than metaphors. “Restriction of processing” must mean the artifact may persist for reasons that are declared, but it must be technically prevented from flowing into new decisions, which aligns with the GDPR’s explicit right to restriction and its requirement to notify recipients when restriction or erasure occurs, again emphasizing propagation control as part of the obligation rather than an optional courtesy. “Disassociation” must mean the artifact is transformed such that it no longer reliably links to the person under the threat model the PSC claims, and the PSC must state the threat model because disassociation without a threat model is only a vibe. “Correction with propagation” is the key semantics for screening and credit: when a person disputes a record, the institution must not only correct the local copy but also trigger reinvestigation and downstream correction duties where legally required; in the U.S. context, the FCRA’s reinvestigation and dispute process is a canonical example of an embedded, time bound correction pathway that institutions often satisfy formally while undermining materially through delay, opacity, or fragmentation.
The moral hinge of this chapter is the distinction between residue that exists to keep a person safe from the institution and residue that exists to keep the institution safe from accountability. The PSC therefore introduces a doctrine of necessity for residue: if an artifact remains after withdrawal, the institution must prove necessity under one of a finite set of legitimate aims, and it must prove that the retained form is the least person entangling form compatible with that aim. The legitimate aims are narrow by design: contestability and reason custody, fraud prevention subject to bounded inference, safety and security, and compliance with a specified legal obligation. This doctrine is not invented from nothing; it is the operationalization of what the GDPR already encodes by carving out explicit exceptions to erasure and by treating storage limitation as a principle that is violated whenever retention becomes default rather than purpose bound. But the PSC adds something that law and policy documents rarely force: it requires that necessity be demonstrated in the system’s own evidence objects rather than asserted in narrative prose, because narrative prose is where “we had to” lives.
This is why Chapter 7’s core deliverable is the Withdrawal Proof Packet. The packet is not paperwork for its own sake; it is the smallest auditable bundle that allows an external party to verify that withdrawal occurred as claimed without requiring the person to submit to expanded surveillance to make the proof possible. In PSC terms, the packet must contain four things expressed with normative clarity. First, dependency discovery: a demonstrable account of where the person’s data and its derivatives reside across systems, vendors, and exports, because without lineage visibility withdrawal is always partial by default. Second, action semantics: a precise declaration, per residue class, of what was deleted, what was restricted, what was corrected, what was disassociated, and what cannot be altered, including the technical mechanism used. Third, attestations: signed, time stamped confirmations from each system owner and vendor, including the minimum evidence needed to show the action occurred, with special attention to downstream recipients because propagation is where screening systems externalize uncertainty as human exhaustion. Fourth, a residue declaration: an explicit statement of what remains, why it remains, how long it remains, and how the PSC prevents it from re entering decision flows. The packet is, in effect, a contestability enabling artifact that transforms withdrawal from a private act of institutional discretion into a public, challengeable state transition.
Two constraints prevent the Withdrawal Proof Packet from becoming a surveillance wedge. The first is Proof Without Capture: the packet is invalid if satisfying it requires generalized expansion of personal logging as the primary route to accountability. This chapter’s contribution is to make that constraint concrete by binding it to NIST’s privacy control logic, which explicitly treats “disposal” as an outcome that must be achievable through policy and technical measures, including deletion, and also treats audit and log records as objects that must themselves be minimized and managed rather than allowed to metastasize into a parallel surveillance substrate. The second constraint is contestability symmetry: the institution cannot demand a higher burden from the person to trigger withdrawal than the burden the institution itself is willing to bear to prove withdrawal occurred. If withdrawal requires professionalized language, repeated identity re performance, or prolonged procedural endurance, then the system has simply displaced its own uncertainty and operational cost onto the subject, which is the exact harm pattern the PSC exists to reverse.
At this point, the technical reader will press the hardest question: what does withdrawal mean for machine learned artifacts, especially embeddings, model parameters, and cached intermediate computations, where “deletion” is not naturally defined? The PSC refuses the two common evasions. The first evasion is to declare that model parameters are not personal data and therefore not in scope; whatever the legal classification in a given jurisdiction, the PSC’s ethical classification is functional: if the artifact can influence outcomes about a person, or can be used to infer information about them under the PSC’s threat model, it is within person safety scope. The second evasion is to declare that full unlearning is impossible and therefore withdrawal must be limited to raw records. Here, the PSC draws a line between impossibility and design choice. The technical literature on “forgetting systems” has long insisted that lineage and derived artifacts are the locus of risk and that systems should be designed to support fast, complete forgetting of data and its lineage; Cao and Yang’s work is explicit that the challenge is not only deleting a record but reverting its effects across features and models, and they treat lineage visibility as part of the user facing control surface rather than an internal convenience. The PSC therefore treats support for derivative withdrawal as a design requirement that may be satisfied in more than one way, but cannot be waived by rhetorical fatalism.
There are only three PSC admissible approaches to learned residue, and each has an evidence burden. One approach is architectural containment: training pipelines are partitioned so that a withdrawal request affects a bounded region of the training state, making recomputation feasible within a defined service level. The evidence object here is a training lineage map plus a recomputation budget tied to the contestability budget, because a system that requires months of retraining to honor withdrawal is simply imposing irreversibility debt by design. A second approach is cryptographic control: where feasible, training artifacts and caches are encrypted with keys whose destruction renders the artifacts infeasible to access, aligning with NIST’s explicit recognition of cryptographic erase as a sanitization technique and its broader framing of sanitization as an infeasibility claim. The evidence object is key management custody plus a verifiable destruction attestation that can be audited without disclosing secrets. The third approach is non use commitments: where derivative unlearning cannot be reliably demonstrated under the PSC’s threat model, the institution must restrict the artifact from use in future decisions and must demonstrate that restriction via production tests and access controls, conceding that some residue remains but proving it is inert with respect to the person. This is not a loophole; it is a costly concession that forces the institution to carry the operational cost of its own technical limits rather than forcing the person to live indefinitely inside the model’s memory.
The stress tests now sharpen the requirement. In benefits eligibility, withdrawal cannot be allowed to become a backdoor for erasing the documentary substrate needed to challenge deprivation; the person must be able to contest a decision, which requires some custody for reasons. The GDPR already embeds this tension by allowing retention where necessary for legal claims while insisting on storage limitation and purpose binding, which means a PSC compliant benefits system should move disputed case materials into a contestability vault with restricted processing semantics: retained for challenge and audit, prohibited from new inference, time bounded by a declared schedule, and disclosed as residue in the proof packet. In tenant screening, withdrawal and correction must grapple with propagation. Federal consumer protection guidance makes clear that when a tenant is denied due to a tenant screening report, the applicant is entitled to learn that fact and to pursue dispute and correction pathways, which means the PSC must treat downstream correction triggers as part of withdrawal semantics rather than treating them as a courtesy. If a screening system cannot discover where it has exported a score, cannot notify recipients in a defined window, and cannot produce a residue declaration that explains what remains and why, then it cannot claim person safety with a straight face, because it has built a system where inference becomes destiny through untracked diffusion.
A final discipline completes the chapter: withdrawal must be testable under adversarial conditions. Institutions will claim they delete; vendors will claim they propagate corrections; logs will claim compliance. The PSC therefore requires production level withdrawal drills, measured not as internal compliance theater but as external contestability performance: the system must be able to produce a Withdrawal Proof Packet within a declared service level, and an auditor must be able to falsify the claim by sampling residue classes and checking both presence and inertness. This is the point where the PSC’s burdens become legible to procurement, regulators, and courts. The EU AI Act’s emphasis on logging and record keeping for certain AI systems, including minimum retention expectations for automatically generated logs, is a reminder that auditability is not optional and that logs themselves are a residue class that must be governed rather than allowed to become a permanent shadow biography. The PSC’s innovation is to bind that auditability to person safety: logs may be necessary, but their retention must be justified, minimized, and prevented from re entering decision flows as a covert feature store.
Withdrawal, then, is not a consumer rights add on; it is an institutional honesty test. A system that claims to be accountable must be able to say what remains after withdrawal, why it remains, and how it is prevented from continuing to act on the person. Anything less is closure with nicer branding.
PSC claim added or sharpened. A system must provide Verifiable Withdrawal with Residue Disclosure: for any withdrawal, correction, or restriction event, the institution must be able to demonstrate, by residue class, what action occurred, what remains, why it remains, how long it remains, and how it is technically prevented from influencing future decisions, without requiring generalized expansion of personal capture as the proof mechanism.
Evidence object introduced or refined. The Withdrawal Proof Packet: a time stamped, auditable bundle consisting of dependency discovery, action semantics per residue class, multi party attestations including vendors and recipients, and a residue declaration with necessity justifications and inertness controls.
Invalidation condition enabled. A PSC is invalid if the institution cannot produce a Withdrawal Proof Packet within its declared service level, if it cannot enumerate and justify residue classes that remain, if retained residue continues to influence future outcomes after a restriction or deletion claim, or if the proof plan depends primarily on expanded personal surveillance rather than on auditable system behavior.
Chapter 8. Conduct Near Vulnerability
A Person Safety Case cannot remain at the level of isolated decisions, because the harm pattern that destroys legitimacy in the stress tests is not only error but patterned treatment. A benefits system may be statistically “accurate” and still behave like a machine for attrition if it repeatedly demands re proof, escalates suspicion in the face of ordinary hardship, or treats confusion as consent; a screening system may satisfy formal notice duties and still behave as a destiny engine if it converts low confidence signals into durable stigmas that propagate across landlords, brokers, and databases. What the person experiences in both cases is not a single act but a directed relationship over time, an institutional posture that has a tempo, a persistence, an escalation gradient, and a persuasion style. I call this posture conduct: the patterned behavior of a sociotechnical system toward persons across interactions, not reducible to any one model output or any one employee action.
Vulnerability is the condition under which conduct becomes ethically decisive, because vulnerability changes what it means for an institution to be “fair.” In the PSC, vulnerability does not name an identity class, and it must never function as a license for paternalism or surveillance; it names a context in which the cost of error and the cost of contest are jointly elevated, so that institutional moves that might be tolerable in low stakes settings become coercive or destructive. The point of the chapter is therefore not to moralize about protecting the vulnerable. It is to specify auditable conduct invariants that constrain how the system may behave when vulnerability is plausibly present, so that the institution cannot harvest the person’s fragility as a resource for closure.
1. Vulnerability is a safety context, not a person type
The U.S. consumer protection tradition contains a surprisingly exact vocabulary for the thing most ethics documents describe vaguely. Dodd Frank’s definition of “abusive” conduct includes “taking unreasonable advantage of” a consumer’s lack of understanding of material risks, costs, or conditions; the consumer’s inability to protect their interests in selecting or using a product or service; or the consumer’s reasonable reliance on a covered person to act in the consumer’s interests. PSC adopts this structure because it identifies vulnerability where it actually bites: not as a demographic label, but as a predictable asymmetry in comprehension, bargaining power, and the practical ability to protect one’s interests. Vulnerability in PSC terms is present whenever any of those conditions plausibly holds and the decision at issue is consequential enough that the person cannot reasonably “avoid” the harm by simply walking away.
That “avoidability” constraint is another bridge between consumer protection and person safety. The FTC’s unfairness standard requires substantial injury that is not reasonably avoidable by consumers and not outweighed by countervailing benefits. In the PSC, the phrase “not reasonably avoidable” becomes a design forcing function: when exit is fictive, when the market is monopolistic in practice, when benefits are essential, when housing is scarce, when contestation is expensive, the institution is on notice that ordinary autonomy assumptions do not hold. In such settings, conduct must be tightened precisely because the person cannot cheaply self insure against the institution’s power.
Public law and disability rights sharpen the same point in a different register. Under the ADA Title II regulation, a public entity must ensure that communications with applicants, participants, members of the public, and companions with disabilities are as effective as communications with others. This is not merely an accessibility mandate; it is a formal recognition that institutional conduct toward people who face communication barriers must change, because unchanged conduct converts barriers into exclusion. Housing law contains an analogous logic. The Fair Housing Act prohibits conduct that makes housing unavailable because of disability and treats refusal to make reasonable accommodations in rules, policies, practices, or services as discrimination when such accommodations may be necessary to afford equal opportunity to use and enjoy a dwelling. PSC reads these as conduct claims: in the presence of vulnerability, legitimacy requires changes in how the system behaves, not merely changes in what it says.
Two constraints govern the chapter. The first is equal recognition. The CRPD insists that persons with disabilities have the right to recognition everywhere as persons before the law and to enjoy legal capacity on an equal basis with others, which blocks the institution from treating vulnerability as a reason to downgrade agency or rights. The second is privacy. The CRPD requires states to protect the privacy of personal, health, and rehabilitation information of persons with disabilities on an equal basis with others, which blocks the predictable institutional move of “protecting” through expanded capture. A PSC compliant vulnerability regime must therefore be legible as protection without infantilization and protection without surveillance.
2. Why conduct, and why now: the automation of escalation and the industrialization of persuasion
Conduct matters more in AI mediated institutions because two things scale unusually well: escalation and persuasion. Escalation scales because automated systems can route a person into higher consequence pathways with a keystroke, a risk score threshold, or a vendor flag that no one feels fully responsible for; persuasion scales because interface design can be tuned to convert fatigue into assent, especially when the person is already under deprivation pressure or housing scarcity pressure. The institution can behave “politely” at the surface while repeatedly steering the person toward the most institutionally convenient outcome: giving up.
The FTC’s dark patterns staff report documents how interface designs can trick and trap consumers through manipulative choice architecture, and the point is not consumer annoyance but coerced outcomes. In PSC terms, dark patterns are not merely UX sins; they are conduct violations, because they exploit exactly the vulnerability conditions the system should be mitigating: limited time, limited attention, limited comprehension, and constrained ability to avoid injury. This is why the PSC treats vulnerability as a conduct tightening variable: the more constrained the person’s ability to protect their interests, the narrower the institution’s legitimate space for persuasive pressure.
3. The conduct invariants: five rules that must hold in production
A conduct invariant is a property of system behavior that must remain true across ordinary variation in data, personnel, load, and channel. The PSC does not ask institutions to “consider vulnerability.” It requires them to build a vulnerability mode into their conduct, and then to prove through evidence objects that the mode is real.
The first invariant is narrowing inference under vulnerability. When vulnerability is plausibly present, the system must reduce reliance on proxies, reduce the number of inferential hops between evidence and conclusion, and explicitly treat missingness and ambiguity as unknown rather than as adverse signal. This is the inverse of the common fraud logic, where hardship becomes suspicion. In benefits fraud detection, vulnerability mode requires that the system preferentially request clarifying evidence rather than escalate penalty; in screening, it requires that low confidence correlations not be converted into categorical labels that follow the person. The legal intuition is already visible in the abusive conduct definition: taking unreasonable advantage of inability to protect interests is unlawful, which implies that institutions must not structure decision making so that persons who cannot protect themselves are exposed to higher penalty for lower certainty. In PSC terms, uncertainty stays inside the institution when vulnerability is present.
The second invariant is limiting persistence. Vulnerability mode requires caps on repeated documentation demands, repeated re verification, and repeated outreach that functions as harassment or attrition. Persistence is a hidden coercion vector because it makes the person’s life into the institution’s workflow. Where some persistence is necessary for safety, it must be tightly scoped, time bounded, and paired with custody for reasons so that the person is not forced to relitigate the same facts endlessly. Disability and housing law provide a stable normative anchor here: the obligation to provide effective communication and reasonable accommodation is, operationally, a requirement to stop doing the same thing repeatedly when doing the same thing predictably excludes. PSC translates that logic into a persistence ceiling that can be audited.
The third invariant is restricting persuasive pressure. In vulnerability mode, the system must not use manipulative choice architecture, must not steer the person toward waiving rights, and must not present irreversible commitments in moments of maximum fatigue. Dark patterns are the canonical violation. The legal vocabulary again aligns with PSC: “unfairness” requires injury not reasonably avoidable, and “abusiveness” includes taking unreasonable advantage of lack of understanding or inability to protect interests, which is precisely what high pressure interfaces and obscured opt outs do. A PSC therefore requires a persuasion budget near vulnerability: limits on the frequency and framing of prompts, mandatory symmetry between acceptance and refusal flows, and prohibition of interface moves that increase the cognitive cost of declining. This is not about making systems less effective; it is about preventing effectiveness from being purchased by exploiting constrained autonomy.
The fourth invariant is bounding escalation pathways. Vulnerability mode requires that automated escalation to punitive tracks be tightly constrained, that escalation thresholds incorporate uncertainty explicitly, and that a human review with independence and authority be required before a person is routed into high consequence channels such as fraud investigation, benefit suspension, eviction recommendation, or adverse reporting that propagates. The Fair Housing Act’s prohibition on practices that make housing unavailable because of disability, together with HUD’s discriminatory effects framework, underlines why escalation cannot be treated as neutral: system practices that disproportionately route protected groups into denial or unavailability require justification and, in PSC terms, are presumptively unsafe when driven by low confidence signals. The point is not to collapse everything into discrimination analysis; it is to require that escalation be auditable as a controlled safety function rather than an automatic reflex.
The fifth invariant is preventing reputational permanence from low confidence signals. Vulnerability mode requires that low confidence flags, soft suspicion markers, and ambiguous risk scores not be retained as durable identity attributes and not be exported into ecosystems that convert them into destiny. In screening, this means restricting propagation and imposing time to live semantics on flags; in benefits, it means prohibiting indefinite “watchlist” posture without fresh evidence and without contestable reasons under custody. This invariant is the conduct analogue of Chapter Seven’s residue discipline: some trace may be necessary for contestability and safety, but the institution must prove necessity and must prevent residue from continuing to act on the person absent justified, reviewable grounds. The CRPD’s privacy requirement supports the principle that disability related or vulnerability related information must not become a permanent institutional memory on unequal terms.
4. How to build and test conduct: production level evidence objects
If conduct is patterned behavior, proof of conduct cannot be a policy memo. The PSC therefore requires production level testing that treats vulnerability as an adversarial scenario, not a compliance checkbox.
The core mechanism is a Conduct Invariant Test Suite that executes in production and in pre production. In benefits, the suite must include cases where vulnerability is expressed through communication barriers, unstable documentation, caregiving constraints, or acute hardship, and must verify that the system responds by narrowing inference, offering effective communication, avoiding escalation, and providing a viable contest path. The ADA effective communication rule supplies a non negotiable baseline: communications must be as effective for applicants and participants with disabilities as for others, which implies that vulnerability mode must be measurable at the communication layer, not only at the model layer. In screening, the suite must include cases where the person disputes a record, where time is scarce, where a low confidence signal is present, and must verify that the system does not convert ambiguity into durable stigma and does not use manipulative pressure to suppress dispute. The dark patterns report supplies the audit target: design must not trick or trap.
A PSC compliant institution must also maintain a Conduct Trace Ledger, aggregated and privacy preserving, that records whether vulnerability mode was invoked, which safeguards were triggered, whether escalation occurred, what retention semantics applied, and whether the person’s contestability budget was respected. The ledger is not an expansion of personal capture; it is an institutional behavior record designed to prove that the system behaved within its safety envelope.
Finally, PSC requires an accommodation and assistance channel that is not punitive. If seeking help increases suspicion, vulnerability mode becomes a trap. Housing and disability law make clear that reasonable accommodations are part of equal access, not a mark of fraud. PSC operationalizes this by requiring that requests for assistance and accommodations be treated as protected system events, with anti retaliation monitoring as part of the conduct ledger.
5. Conduct based invalidation: the conditions under which the PSC must fail
Conduct near vulnerability is the region where institutions will be tempted to cheat most, because the person’s capacity to resist is weakest. The PSC therefore binds this chapter to invalidation conditions that are uncomfortable by design.
The PSC is invalid if vulnerability mode is absent, undefined, or non operational, because that means the institution has knowingly built a system that treats constrained autonomy as an opportunity for closure rather than as a safety context. The PSC is invalid if evidence shows that vulnerability correlated cases experience broader inference, higher escalation, greater persistence burdens, or greater persuasive pressure than baseline cases, because that is a direct inversion of the burden shift and is consistent with “taking unreasonable advantage” of inability to protect interests. The PSC is invalid if the system uses manipulative interface tactics or asymmetric friction in moments of vulnerability to suppress contest or to secure waivers, because that is precisely the kind of not reasonably avoidable injury the unfairness standard is designed to capture. The PSC is invalid if low confidence signals are retained or exported in ways that create reputational permanence without necessity justification and without time bounded semantics, because this converts uncertainty into destiny and violates the residue discipline. The PSC is invalid if accommodating requests or seeking effective communication triggers suspicion or degradation of service, because effective communication and reasonable accommodation are not optional moral goods; they are conditions of equal participation in institutional life.
This is the chapter’s ultimate discipline. Vulnerability does not ask the institution to be kind. It requires the institution to become more constrained, more evidentiary, and less opportunistic. It requires the system to behave as though the person’s limited capacity to contest is a reason to internalize uncertainty, not a reason to externalize it.
Chapter Eight close: what this chapter adds to PSC 1.0
PSC claim added or sharpened. The system must implement Conduct Near Vulnerability as a production enforced safety mode, such that when a person’s ability to protect their interests is plausibly constrained and stakes are consequential, the system demonstrably narrows inference, limits persistence, restricts persuasive pressure, bounds escalation, and prevents reputational permanence from low confidence signals, consistent with unfairness and abusiveness principles that prohibit not reasonably avoidable injury and taking unreasonable advantage of inability to protect interests.
Evidence object introduced or refined. The Conduct Invariant Test Suite and Conduct Trace Ledger, comprising production test cases, guardrail checks, and privacy preserving aggregate traces that show when vulnerability mode triggered, which safeguards activated, whether escalation occurred, whether persuasion restrictions were respected, and whether any low confidence signals were time bounded and non propagating, with accessibility evidence tied to effective communication requirements.
Invalidation condition enabled. The PSC is invalid if vulnerability correlated cases experience higher escalation, broader inference, higher persistence burdens, or manipulative persuasive pressure; if assistance or accommodation seeking increases suspicion or penalty; or if low confidence flags become durable identity residue that propagates without necessity justification and time bounded semantics.
Chapter Nine
Tempo as a Coercion Control
If contestability is the practical capacity to contradict an institution without ruin, then tempo is the institution’s most under discussed coercion lever, because it governs when contradiction is possible and, more importantly, when contradiction is already too late. The decisive harms in benefits eligibility and fraud detection, and in credit and tenant screening, are often narrated as errors of inference or failures of explanation; in practice, they are frequently failures of time. Institutions accelerate the moment of deprivation or the moment of reputational inscription, then delay the moment of review, and the resulting asymmetry forces compliance through fatigue, threat, and irreversible residue rather than through legitimate persuasion. When due process is described in constitutional doctrine as an opportunity to be heard “at a meaningful time and in a meaningful manner,” the word meaningful is doing temporal work that modern sociotechnical systems have learned to hollow out while leaving the surface intact (Mathews 333; Armstrong 552).
A Person Safety Case cannot treat time as a neutral operations concern because time is a control surface that can convert uncertainty into coercion. In both stress tests, the institution’s preferred harm pattern is recognizable: produce a fast adverse outcome with immediate downstream propagation, then offer a slow appeals process whose deadlines, forms, and evidentiary standards are calibrated to require professionalization, spare time, and surplus cognitive bandwidth. The subject is then forced into a posture that resembles “choice” while being structured as capitulation. This is why the PSC must formalize tempo as a safety variable and must require tempo controls, not as generic friction, but as principled counter coercion engineered at the exact points where irreversibility debt begins to accumulate.
The book has already argued that closure without contradiction is the danger, and that contestability at reasonable cost outranks abstract accuracy as a legitimacy threshold. Chapter Five gave us the Contestability Budget; Chapter Six gave us custody for reasons so that the record does not become a machine for deniability; Chapter Seven gave us withdrawal semantics so that the subject can exit without metaphysical deletion fantasies; Chapter Eight treated conduct near vulnerability as a patterned safety property. Tempo integrates and sharpens each of these. Without tempo controls, the Contestability Budget collapses into paperwork theater because the window in which contestation could matter closes before contestation can realistically occur; custody for reasons degenerates into late arriving documentation that is formally available but practically inert; withdrawal becomes a promise after propagation; conduct invariants become unenforceable because the system has already converted low confidence into permanent residue.
I. Tempo is not speed. Tempo is the distribution of time costs.
In sociotechnical systems, tempo is not simply how quickly a decision is rendered; it is the distribution of time costs and time risks across parties. The institution chooses, explicitly or implicitly, how long the subject has to respond, how quickly the adverse action takes effect, how long the record persists before it can be disputed, how long the dispute process takes, and whether the subject is punished for taking time. The system can be “fast” for denial and “slow” for review while still reporting an overall average throughput that looks efficient. The lived experience, however, is that time itself has been weaponized.
This is not an analogy. The legal tradition already treats time as a coercion variable when the stakes are high and the risk of pressured assent is structurally predictable. Consumer protection law does not only prohibit deception; it also constrains certain high pressure environments by forcing a cooling off period and by binding sellers to explicit cancellation mechanisms. The FTC Cooling Off Rule requires that, in covered door to door sales, consumers receive notice that they may cancel “prior to midnight of the third business day,” and the FTC describes the rule as preventing unfair and deceptive practices in contexts associated with high pressure tactics and barriers to refunds (16 C.F.R. § 429.1; “Cooling off Period”).
Similarly, consumer finance law formalizes time buffers around irreversible commitments. Regulation Z requires that consumers receive the Closing Disclosure no later than three business days before consummation, and the Bureau’s integrated disclosure guidance is explicit about the three day review period as a consumer protection measure (12 C.F.R. § 1026.19(f)(1)(ii)(A); CFPB, Know Before You Owe). In the same regulatory ecology, the Truth in Lending Act provides a right of rescission until midnight of the third business day in certain transactions secured by a principal dwelling, a striking statutory acknowledgment that some commitments are sufficiently consequential, and sufficiently exposed to pressure and informational asymmetry, that the law builds time for reconsideration as a right rather than as a courtesy (15 U.S.C. § 1635(a)).
These doctrines do not solve the book’s stress tests, and the PSC is not reducible to consumer finance compliance. Their value is conceptual and architectural: they show that time is a legitimate subject of regulation when pressure and asymmetry predictably interfere with free agency, and they show that “more time” is not a sentimental preference but a structural safeguard that shifts burden back onto the party that designed the risk.
II. The cognitive substrate of tempo coercion is measurable and predictable.
A Person Safety Case must be defensible not only as moral argument but also as a claim about how humans decide under constraint. Time pressure and scarcity do not simply make people “feel stressed”; they reliably alter decision strategies and reduce effective deliberation. Payne, Bettman, and Johnson’s work on adaptive strategy selection shows that under time pressure people shift toward lower effort heuristics, trading off information acquisition and potentially accuracy in ways that are context sensitive rather than irrational, which means that a system that demands complex contestation under time constraints is effectively selecting for error and resignation (Payne et al. 534–52).
More pointedly for the stress tests, scarcity is not only an economic condition but a cognitive condition. Shah, Mullainathan, and Shafir show that scarcity captures attention and can reduce cognitive bandwidth, such that the very populations most exposed to benefits administration coercion are also those most likely to have their decision quality impaired by time burdens and urgent tradeoffs (Shah et al. 682–85). Mani, Mullainathan, Shafir, and Zhao provide experimental evidence that poverty itself can impede cognitive function, illustrating why administrative systems that convert time into a compliance tax are not neutral bureaucracies but predictable engines of inequity (Mani et al. 976–80).
The PSC therefore treats tempo coercion as an interaction effect. A short deadline is not equally short for all subjects; it becomes shorter as vulnerability increases because the subject’s available bandwidth, safe time, and risk tolerance are constrained. Chapter Eight called this conduct near vulnerability; Chapter Nine makes it operational by tying tempo controls to irreversibility classes and vulnerability signals that do not require invasive capture.
III. What tempo coercion looks like in the stress tests.
In benefits eligibility and fraud detection, tempo coercion is often the hidden mechanism that makes formal rights unusable. A notice may say “you may appeal,” yet the timeline for appeal, the requirement to assemble documentation, the hours and channels for submission, and the threat of immediate benefit interruption can make the “right” a fiction. The crucial move is the conversion of an initial adverse signal into immediate deprivation, followed by delayed review. When the private interest is subsistence and the error cost is deprivation, the institution has an ethical duty to avoid using time to force acquiescence. Goldberg v. Kelly is the classic constitutional articulation of this logic: the Court emphasized the severity of welfare termination and required a pre termination evidentiary hearing, precisely because the timing of deprivation is itself part of what makes the deprivation intolerable (Goldberg 264–71).
In credit and tenant screening, the tempo pattern is different but equally coercive. The market is fast; applicants are forced to accept that a denial, an elevated deposit, or a “we moved forward with another applicant” outcome is final because housing decisions are made in hours and because the applicant cannot pause the market to dispute the score. Here tempo coercion is institutionalized as market realism: the system asserts that it cannot slow down, while it simultaneously profits from the irreversible residue of quick negative inference. That residue then propagates into future applications, producing what Chapter Two called irreversibility debt. A PSC that cannot impose tempo controls here is not a PSC; it is a reassurance document that mistakes speed for inevitability.
IV. Tempo as a safety control: the PSC requirements.
Tempo controls begin by rejecting the misleading binary of speed versus delay. The relevant question is whether the system provides a protected time envelope at irreversibility points, and whether the system prohibits itself from exploiting time scarcity to secure assent, enforce compliance, or insulate itself from contradiction. The PSC therefore requires a Tempo Control Map, a formal identification of all irreversibility points and all time gates affecting the subject, and it binds each irreversibility point to a minimum protective time envelope unless the institution can prove that delay would itself cause substantial harm that cannot be mitigated. The posture is the same as the burden shift that governs the entire book: the institution must justify coercive tempo; the subject must never be required to justify the need for time as if time were a favor.
An irreversibility point, in PSC terms, is any moment when an action becomes hard to unwind because it triggers propagation, record inscription, third party disclosure, deprivation of essential goods, or an escalation pathway that increases penalty severity. At irreversibility points, the default rule is principled delay: the system must create a cooling period sufficient for review, consultation, and contestation, and must freeze propagation during that period unless it can show a narrowly tailored necessity to proceed. This is not an abstract moral claim; it is an operational design pattern already recognized in adjacent legal regimes. Regulation Z’s three business day waiting period and statutory rescission rights show how law encodes reconsideration time as a safeguard precisely because pressured assent is foreseeable and because the cost of reversal is otherwise loaded onto the weaker party (12 C.F.R. § 1026.19(f); 15 U.S.C. § 1635).
The PSC must also prohibit acceleration that converts fatigue into assent. “Acceleration” here means not only short deadlines but also interface and workflow patterns that create urgency through repeated prompts, countdown mechanisms, batch notices, or single channel submission requirements that force the subject into a narrow time window. Because the book’s discipline is contestability at reasonable cost, the PSC must treat artificially compressed time windows as a safety defect unless the system provides compensating controls that keep the subject whole, including interim relief, a preserved place in line, and a guarantee that contestation will suspend adverse propagation until review. This requirement is not romantic; it is an engineering translation of the due process concept that the hearing must be at a meaningful time, which is precisely what is violated when the adverse effect is imposed first and review is offered later in a way that cannot repair the deprivation (Mathews 333; Goldberg 264–71).
Finally, tempo controls must be adaptive to vulnerability without requiring capture. The PSC therefore binds tempo to conduct invariants: when vulnerability is detected through non invasive signals, such as self attestation, previous benefit reliance, homelessness risk flags, disability accommodations already on file, or other legitimate indicators, the system must automatically extend protected time envelopes, simplify steps, and reduce documentation burdens, while also preserving the subject’s right to proceed quickly if they choose. The key is asymmetry: the system may not demand speed from the vulnerable, but it also may not weaponize “protection” into paternalistic delay. The subject must control the tempo within the protected envelope; the institution controls only the boundaries that prevent coercion.
V. The PSC evidence objects for tempo.
Because tempo coercion is frequently deniable, tempo controls must be proven through evidence objects that show behavior, not intention. First, the PSC requires a Tempo Control Map, an auditable register that enumerates every time gate that affects a person’s ability to contest, withdraw, or avoid irreversible penalty, including deadlines, processing times, queuing policies, channel availability, and escalation timers. This map must be versioned, linked to system changes, and testable against observed behavior. Second, the PSC requires an Irreversibility Points Register that defines the irreversibility class for each consequential action and binds it to specific protective time envelopes and propagation freezes. Third, the PSC requires a Clock Integrity Ledger: a system of logs that can demonstrate, for a statistically valid sample, the actual time experienced by subjects between notice, opportunity, action, and effect, segmented by vulnerability relevant groups without expanding personal capture. The ledger is not a surveillance dataset; it is an aggregated attestation that the system is not manufacturing urgency or hiding delay.
The crucial move is that these evidence objects must allow contradiction. An auditor, regulator, or affected person’s advocate should be able to test whether the advertised tempo controls are real by running scenario based evaluations that mimic the stress tests: a benefits termination path with an appeal attempt; a tenant screening denial with a dispute submission; a cooling period request at an irreversibility point; a withdrawal attempt after a derived score has been exported. A PSC that cannot be contradicted through these tempo probes is not protecting persons; it is documenting workflow.
VI. The coercion by tempo invalidation trigger.
Because this chapter adds a safety control, it must also add a failure condition that invalidates the PSC when the control is missing or performative. The coercion by tempo invalidation trigger is therefore defined as follows: the PSC is invalid if the system imposes or permits time constraints that predictably prevent meaningful contestation, or if it allows an adverse decision to become effectively irreversible before the subject has had a protected opportunity to understand, contest, and obtain independent review, unless the institution can prove necessity and provide compensating safeguards that keep the subject whole during review. This trigger is intentionally strict because tempo coercion is one of the easiest ways for institutions to preserve formal rights while making them unusable, and the PSC’s entire burden shift collapses if time remains an ungoverned instrument of closure.
The reader may object that tempo controls are operationally expensive or that they will slow systems in a world that demands speed. The PSC’s answer is disciplined: speed is not a trump value when it is purchased by transferring uncertainty costs onto the subject’s life. If a system cannot operate without relying on coerced tempo, then the system’s throughput is itself a harm vector and must be redesigned. The PSC does not deny the legitimacy of operational constraints; it denies the legitimacy of hiding those constraints inside the subject’s exhaustion. The institution may choose speed, but if it chooses speed it must prove non harm under speed, and if it cannot, it must choose safety.
Chapter Nine close: the three required items
PSC claim added or sharpened. The PSC must include a Tempo Safety Claim stating that, at all irreversibility points, the system provides protected time envelopes, propagation freezes, and interim safeguards sufficient to guarantee an opportunity to be heard at a meaningful time and in a meaningful manner, without requiring heroism, professionalization, or invasive capture to obtain that protection (Mathews 333; Armstrong 552).
Evidence object introduced or refined. The chapter introduces the Tempo Control Map paired with an Irreversibility Points Register and a Clock Integrity Ledger, as auditable artifacts that demonstrate real world time distributions and the enforceability of protected time envelopes without converting persons into the evidence substrate.
Invalidation condition enabled. The chapter enables the coercion by tempo invalidation trigger: the PSC is invalid if adverse actions become effectively irreversible before a protected contestation window can operate, or if time constraints predictably render contestation non meaningful, absent narrowly proven necessity and compensating safeguards that keep the subject whole during review (Goldberg 264–71).
Chapter Ten: Redress, Rollback, and Discontinuation
A Person Safety Case earns its name only when it binds the institution not just to claims about how the system behaves when everything goes right, but to protocols for what must occur when the system behaves wrong, when the institution cannot know whether it behaved wrong, and when the subject cannot afford to wait for certainty. In high stakes sociotechnical environments, harm rarely arrives as a single catastrophic event; it arrives as the slow crystallization of a provisional inference into an enduring record, then into a downstream dependency, then into a foreclosure of options that the institution treats as administrative normality. The decisive question is not whether the organization can identify error in retrospect, but whether it has precommitted to a restoration path that does not require the affected person to become an unpaid investigator, litigator, and archivist in the process. The PSC therefore treats remediation as a safety control, not a customer service posture, and it evaluates that control by a single governing property: whether contradiction can be converted into correction at reasonable cost, with the cost carried by the institution’s design rather than by the subject’s endurance.
Two legal idioms help name what institutions attempt to evade. The first is the due process demand for an “opportunity” granted “at a meaningful time and in a meaningful manner,” which becomes hollow when the only meaningful event is the deprivation itself and the offered remedy cannot restore what was taken or prevent repetition (Logan v. Zimmerman Brush Co. 435–37). The second is the administrative law remedy of “set aside,” which signals that a formal decision is not ethically complete until it contains a reversible structure, a built in capacity for nullification when the decision is found unlawful or unsupported (5 U.S.C. § 706). These are not imported here as compliance requirements but as conceptual anchors: to be accountable is to be reversible where reversibility is still possible, and to be compensatory where reversibility has been squandered by design.
10.1 Remediation as Precommitted Protocol Rather Than Discretionary Favor
Institutions like to narrate remediation as an act of benevolence. That narrative is itself a harm vector because it preserves asymmetry: the system can injure by default, yet repair only by permission. A PSC rejects this by treating remediation as a branch of the proof plan. When the PSC claims bounded inference, bounded escalation, and bounded irreversibility, it must also claim and evidence a bounded path back. The redress protocol is the return circuit of the system, and without it the institution’s proofs are performative because they rely on the subject’s continued tolerance of unresolved error.
This is the point where many “appeals” systems reveal their true design: they are not restoration mechanisms but exhaustion mechanisms, engineered to produce administrative closure through attrition. In Chapter One, we defined contestability at reasonable cost as the threshold property that outranks accuracy; in this chapter, we specify the shape of restoration that contestability must cash out into. Contestability without restoration is not accountability; it is a controlled opportunity to be denied again, with better documentation.
A PSC therefore requires remediation to be written as protocol with triggers, time bounds, independence constraints, and post action obligations that are auditable. The PSC’s remediation section is not a narrative; it is a commitment set. Under the EU AI Act’s high risk regime, a similar logic appears in the provider’s duty, upon reason to consider nonconformity, to “immediately take the necessary corrective actions” including withdrawing, disabling, or recalling the system as appropriate (Regulation (EU) 2024/1689, art. 20). The PSC generalizes this: remediation must be immediate when stakes are irreversible, and it must include the possibility that the system is withdrawn from use when correction cannot be trusted.
10.2 The Redress Ladder: Correction, Restoration, Compensation, Disclosure, Discontinuation
The PSC makes remediation legible by organizing it as a ladder of obligations whose rungs correspond to increasing degrees of irreversibility debt. The ladder is not optional. It is a claim set that can be tested in production and audited in retrospect.
Correction is the narrowest rung: the institution acknowledges a specific error and changes the immediate output or decision. Correction is necessary but often ethically insufficient because it leaves residues intact. A corrected decision that does not repair its documentary substrate becomes a corrected moment sitting atop a still corrupted record. This is why credit reporting law treats dispute resolution as more than “we looked again”; it requires reinvestigation and the correction or deletion of information that is inaccurate or cannot be verified, within a defined time window (15 U.S.C. § 1681i). The PSC adopts the structure without collapsing into that domain: correction must be time bound, reasons must be preserved, and the result must change both the forward looking decision and the record that will be used again.
Restoration is stronger: it requires reconstructing the subject’s position as if the error had not occurred, to the degree the system can still do so. In benefits, restoration includes reinstatement, retroactive payments, and repair of eligibility flags that propagate into other systems; in screening, it includes the removal or annotation of scores, adverse action markers, and “risk” notes that will be re exported. The PSC binds restoration to custody for reasons: the institution must be able to show which record elements were used, how they were used, and where they were exported, because without that provenance, restoration becomes speculation and the person becomes the cartographer of the institution’s own pipelines.
Compensation enters when restoration is not possible because time and propagation have already converted the error into lived deprivation or into foreclosed opportunities. Here the PSC names irreversibility debt directly: once the institution has allowed a decision to propagate beyond a restoration boundary, it accrues a moral and often legal interest in making the subject whole through compensation rather than through rhetoric. The Fair Credit Reporting Act’s civil liability provisions make this plain in one domain by authorizing damages for willful and negligent noncompliance (15 U.S.C. § 1681n; 15 U.S.C. § 1681o). The PSC does not claim that every screening harm is legally compensable under those provisions; it claims the deeper normative point: when the institution makes irreversibility cheap for itself, it must make the subject’s remedy expensive for itself, otherwise the organization’s incentive is to externalize uncertainty until harm becomes ordinary.
Disclosure is a rung, not an afterthought, because remediation without intelligible disclosure is not contestable. A subject cannot evaluate whether a correction is real, whether restoration occurred, or whether residues remain unless the institution provides a meaningful account of what happened, what changed, and what remains. The EU AI Act’s recognition that an affected person has a right to “clear and meaningful explanations” of the role of a high risk AI system in decision making formalizes one aspect of this requirement (Regulation (EU) 2024/1689, art. 86). The PSC sharpens it: disclosure must be paired with a rollback packet and a residue declaration, otherwise explanation becomes a substitute for repair.
Discontinuation is the final rung, and it exists because ethics without the possibility of stopping is another form of cheap speech. In safety engineering, a system that cannot be made safe is removed from service. NIST states the same logic in risk governance terms: where significant negative impacts are imminent, severe harms are occurring, or catastrophic risks are present, development and deployment should cease in a safe manner until risks can be sufficiently managed (NIST 8). The PSC adopts this as an institutional obligation: when repeated failure modes demonstrate that bounded inference, bounded escalation, and contestability at reasonable cost cannot be maintained, the institution must discontinue the system, the feature, or the use case, and it must do so through a controlled decommissioning path that preserves contestability for past decisions. Under the EU AI Act, the provider’s corrective action duty explicitly includes withdrawing, disabling, or recalling the system as appropriate (Regulation (EU) 2024/1689, art. 20). The PSC requires a discontinuation protocol even where no regulator compels it, because the possibility of discontinuation is what makes remediation credible in the first place.
10.3 Rollback Obligations: What Must Be Reversible
Rollback is the discipline of undoing, and sociotechnical rollback is harder than technical rollback because the “state” that must be reversed is not just a database row; it is a social fact supported by records, exports, and institutional memory. If remediation stops at the technical layer, the person remains harmed by the institutional residue.
The PSC therefore defines rollback obligations across at least four layers.
First, decision rollback: the adverse outcome must be nullified, not simply reconsidered. The administrative law language of “set aside” is useful here because it names nullification rather than negotiation: unlawful or unsupported action is treated as voided, not as a matter of discretionary reconsideration (5 U.S.C. § 706). In PSC terms, rollback means the institution treats the original decision as non authoritative for future use.
Second, documentary rollback: the records that performed authority must be repaired. This is custody for reasons in reverse. If a denial letter was generated, the revised record must preserve provenance and show the revision path so that the institution cannot launder its own history through silent overwrites. Where the organization cannot overwrite, it must append with explicit semantic markers that prevent the old record from continuing to govern downstream processes.
Third, propagation rollback: the institution must identify where the adverse signal traveled. This is the practical consequence of Chapter Seven: residue classes and dependency discovery are not academic; they are the only way to restore a person’s future. If a screening score was exported to affiliates, landlords, background check vendors, or internal risk systems, rollback must include notices or corrections to those recipients and, where feasible, removal of the exported item. Under the EU AI Act, deployers have an obligation, when they have reason to consider that use may result in a risk, to inform authorities and “suspend the use of that system” (Regulation (EU) 2024/1689, art. 26). Suspension is a forward looking control, but it implies a broader truth: institutions must track enough about their operational dependencies to stop and to correct.
Fourth, temporal rollback: rollback must be fast enough to matter. A remedy delivered after the irreversibility point is compensation, not restoration. The PSC therefore links rollback SLAs to irreversibility classes defined in Chapter Two and tempo controls defined in Chapter Nine. The institution does not get to argue that it is “still investigating” while the person is homeless, unfed, or locked out of the housing market by a propagated score. When stakes are high and time is coercive, delay is not neutral; it is a penalty.
The evidence consequence is direct: a PSC must include a rollback protocol that specifies, for each decision class, what is rolled back, how it is rolled back, how propagation is discovered, how recipients are notified, and how success is verified. Without that, the institution has not proven non harm; it has described intentions.
10.4 Restoration Versus Reconsideration: Why “Try Again” Is Not a Remedy
A common institutional cheat is to treat restoration as an internal reconsideration process. The subject is invited to submit additional documentation, the case is reopened, and the institution calls this redress. But reopening a file is not the same as repairing a life, and a process that asks the subject to reproduce evidence is often a second capture, not a remedy.
This is where the due process vocabulary matters. Logan distinguishes between a deprivation produced by “established state procedure” and a random unauthorized act, and it emphasizes that post deprivation tort remedies do not supply due process where the system itself destroys the entitlement by operation of law (Logan v. Zimmerman Brush Co. 435–37). The PSC transposes that logic: if the harm is structural, a remedy that requires the subject to pursue separate litigation or to survive prolonged dispute is not an adequate redress control. It may exist in the world, but it is not part of the system’s safety case. A PSC is a promise that the system contains its own restoration path, precisely because the subject cannot be asked to exit the system to obtain justice from it.
In benefits, this implies that retroactive payment, while often required, is not treated as sufficient because it does not restore the missed meals, the medical deterioration, the destabilized housing, or the humiliations of bureaucratic struggle. In screening, it implies that a corrected score after the lease has been signed by someone else is not restoration. The PSC therefore requires two things: first, that high consequence decisions be treated as provisional through cooling periods, human review checkpoints, or principled delay at irreversibility points; second, that when provisionality fails, compensation and discontinuation are not resisted as “exceptional,” but triggered as part of the safety logic.
10.5 Discontinuation Triggers: When Stopping Is the Only Honest Outcome
Discontinuation is not moral dramatics. It is the recognition that some systems cannot be made safe under their current architecture or use case because they generate closure without contradiction, accumulate irreversibility debt, and convert uncertainty into penalties for those least able to bear them.
A PSC binds discontinuation to triggers that are auditable. The triggers must include at least three classes.
The first class is repeated failure modes: recurring incidents that demonstrate that the contestability budget is not met, explanations are not meaningful, or rollback cannot be executed reliably. Repetition matters because it converts what institutions describe as “edge cases” into evidence of systemic design behavior. Under NIST’s risk framing, continued deployment in the presence of severe harms is inconsistent with responsible risk management, which explicitly contemplates cessation until risks can be managed (NIST 8).
The second class is unbounded irreversibility debt: a pattern of decisions that propagate into long lived records, are exported to third parties, and cannot be reliably unwound. This is the point at which rollback is structurally unavailable. Where rollback is unavailable, the system becomes ethically indefensible unless compensation and discontinuation follow. The EU AI Act makes discontinuation legible as a corrective action category through withdrawal, disabling, and recall (Regulation (EU) 2024/1689, art. 20). The PSC requires the same possibility even when market law does not.
The third class is inability to restore contestability: when the institution cannot provide custody for reasons, cannot produce evidence objects that demonstrate system behavior, or cannot operate the system without escalating capture. This is the “proof without capture” failure mode. If the only way the institution claims it can make the system accountable is by expanding surveillance of subjects, the PSC is invalid, and discontinuation becomes the appropriate outcome because the system’s accountability story depends on turning the person into the evidence substrate.
Discontinuation also requires a controlled end state. The PSC therefore requires a decommissioning plan that preserves access to appeal, preserves the evidence needed for past decision challenges, and prevents silent reintroduction under a new name. Discontinuation without documentary custody becomes institutional amnesia; discontinuation with custody becomes accountability.
10.6 Residual Risk Discipline: Residual Risk Is a Declaration With Costs, Not a Euphemism
Every institution wants to say “residual risk” and move on. The PSC makes residual risk expensive by requiring it to be operationalized, bounded, and paired with precommitted response and recovery.
NIST defines residual risk as “risk remaining after risk treatment,” and emphasizes that residual risk directly impacts end users and affected individuals and communities, and that documenting residual risk informs end users about potential negative impacts (NIST 8). That definition is operationally decisive for PSC 1.0 because it prevents two evasions at once. It prevents the fantasy that all risk can be eliminated, which leads to theater and denial. It also prevents the euphemism that risk can be acknowledged without altering the institution’s obligations. In a PSC, residual risk is a disclosed remainder that triggers additional duties: stricter tempo controls, lower thresholds for rollback, larger compensation commitments when harms occur, and tighter discontinuation triggers when the remainder proves too large.
Residual risk must also be linked to risk tolerance declarations and governance ownership. NIST explicitly notes that the framework does not prescribe risk tolerance and that organizations must define reasonable tolerance and document risk management processes (NIST 7). The PSC therefore requires the institution to state, for each high stakes use case, what it treats as unacceptable risk, who has authority to suspend the system, and what evidence will be used to determine whether risk is being realized in practice. Under the EU AI Act, deployers must suspend use without undue delay when they have reason to consider that use may result in a risk (Regulation (EU) 2024/1689, art. 26). The PSC extends this beyond high risk categories: suspension authority must exist wherever irreversibility and deprivation are plausible.
10.7 The Two Stress Tests: What Remediation Must Look Like When Opt Out Is Fiction
In public benefits eligibility and fraud detection, remediation fails most often through tempo and exhaustion. The institution denies or suspends, then invites appeal, then places the burden on the subject to navigate time, paperwork, and vulnerability while deprivation unfolds. Under PSC 1.0, the remediation protocol must therefore include an emergency restoration path: rapid provisional reinstatement pending review when denial creates deprivation risk, preservation of benefits while contested where legally and operationally feasible, and mandatory, short time bounds for correction. If the system cannot support rapid provisionality, it must narrow inference and narrow automation at those decision points because it cannot safely bear the uncertainty it is generating.
In credit and tenant screening, remediation fails through residue. The institution may correct a score or update a record, but the adverse action has already propagated into the housing market as a lost opportunity and into future screening systems as a shadow note. Under PSC 1.0, rollback must include propagation discovery and downstream correction notices, and compensation must be triggered when restoration is impossible because the opportunity has passed. The FCRA’s reinvestigation structure is instructive because it ties correction to deletion and to a concrete time window, and it creates liability for failure to comply (15 U.S.C. § 1681i; 15 U.S.C. § 1681n; 15 U.S.C. § 1681o). The PSC generalizes the lesson: remedies must have deadlines, semantic effects, and enforceable consequences, otherwise “correction” becomes a polite word for delay.
10.8 PSC 1.0 Delta: Remediation as the Place Where the PSC Becomes Real
A PSC that cannot produce a credible remediation protocol has not proven non harm; it has described governance aspiration. Remediation is the binding point between proof and person because it is where institutions either accept the costs of their uncertainty or externalize them as subject exhaustion. The chapter’s insistence on rollback and discontinuation is therefore not maximalism. It is the minimum required to prevent the system from converting its own opacity into the person’s burden.
PSC claim added or sharpened: High consequence systems must include a precommitted remediation protocol, auditable as a service level and as a semantic effect on decisions and records, such that correction, restoration, compensation, disclosure, and discontinuation occur by rule rather than by discretionary favor.
Evidence object introduced or refined: The Remediation Protocol Packet, consisting of the Redress Ladder mapping by decision class, the Rollback Packet with propagation discovery and verification steps, the Compensation Trigger Table tied to irreversibility classes, and the Discontinuation Trigger Register with stop authority and decommissioning plan.
Invalidation condition enabled: A PSC is invalid if the system cannot execute rollback and restoration within time bounds that precede irreversibility, if remediation depends on subject professionalization or expanded capture, or if repeated incidents demonstrate that discontinuation triggers are met but the system remains in operation.
Chapter 11. How Institutions Will Cheat
The Person Safety Case is designed to survive real deployment in environments where incentives point away from truth, where accountability is expensive, and where the institution can usually win by exhausting the person. If the book has asked the institution to shoulder a burden of proof, this chapter assumes the institution will try to move that burden back onto the subject, or onto time, or onto a vendor, or onto the obscurity of documentation, or onto secrecy claims that route scrutiny into dead ends. That is not a moral judgment. It is an empirically predictable response to liability, throughput pressure, procurement fragmentation, and professional distance from consequences. A PSC that cannot anticipate evasions is not a safety case; it is a narrative artifact that will be complied with and then defeated.
I will use “cheating” in a narrow sense: satisfying the surface form of governance while preserving the underlying harm pattern the PSC exists to interrupt, namely closure without a low cost path to contradiction. The test is operational. When a person confronts a decision that deprives or forecloses, can they contest it without professionalizing themselves into an advocate, without exposing themselves to retaliatory risk, and without becoming newly capturable as the condition of being heard. If the institution can answer “yes” in its paperwork while the lived answer is “no,” then the institution has cheated, even if every checkbox is ticked.
What follows is an evasion taxonomy written from the auditor’s and subject’s standpoint, paired with PSC countermeasures that force the institution back into falsifiability. I am not interested in rhetorical virtue. I am interested in what leaves an audit trace.
1. Definitional drift: the quiet redrafting of what the PSC promised
The first evasion is definitional drift, because it is the easiest to perform without looking like misconduct. A PSC makes binding claims about bounded inference, bounded escalation, bounded irreversibility, contestability budgets, withdrawal semantics. The institution’s temptation is to keep the words and change the referents: “appeal” becomes “submit a ticket,” “independent review” becomes “a different team under the same incentives,” “withdrawal” becomes “we stopped using it for new training but retained it everywhere else,” “high consequence” becomes “not technically an adverse action,” “residual risk” becomes the trash bin for everything unpleasant. The result is that the PSC remains readable while its commitments quietly stop mapping to the system the person experiences.
This is not hypothetical. Even mature risk frameworks explicitly acknowledge that risk management depends on organization specific profiles, tolerances, and operationalizations, which is reasonable, but it also creates room for quietly redefining the object being measured. The antidote is not to prohibit context. It is to bind meaning to invariants and to versioned definitions that cannot be altered without triggering re certification.
PSC countermeasure. Every term that functions as a burden shifting hinge must be defined as an operational invariant and must include a “minimum semantics” clause. The institution may elaborate, but not narrow. “Contestability” must minimally include a usable path to contradiction that does not require paid representation and does not impose unreasonable time, step count, or physiological burden, regardless of channel. “Independent review” must minimally include separation from the decision owner’s incentive structure, not merely a different queue. “Withdrawal” must minimally include dependency discovery and an attested declaration of what remains. The PSC must include a change control log that treats definitional change as a safety relevant modification, not editorial discretion.
Evidence object that exposes drift. A Definitions Diff Ledger that records every normative definition, the system components it applies to, and every change with rationale, effective date, and impacted PSC claims. The ledger must be auditable and must bind to the system inventory, so that definitional changes cannot be made while the underlying system quietly grows. The auditor is not looking for elegance. The auditor is looking for whether a definition was narrowed after an incident or before a deployment.
In practice in the stress tests. In benefits, definitional drift often appears as “appeal exists” while the appeal path is a labyrinth. In screening, it appears as “we provide reasons” while the reasons are generic, unlinked to the features actually scored. Regulation B explicitly rejects notices that hide behind internal standards or a qualifying score as “insufficient,” which is precisely why institutions drift toward vagueness when pressure rises.
2. Vendor laundering: outsourcing the model while retaining the power
The second evasion is vendor laundering: the institution treats procurement as moral insulation. A vendor provides a score, a fraud flag, a “risk tier,” a watchlist match. The institution consumes the output while disclaiming knowledge of its basis, and then uses that ignorance as a reason to deny contestability. The person is told that the system is proprietary, that the vendor cannot disclose, that the agency or landlord does not control the model, that the decision is “automated” but somehow no one is responsible for its reasons. In the worst form, the institution designs the workflow to make that laundering structurally true: decision authority is split across entities so that no single actor can produce a full reason custody packet.
Modern supervisory doctrine in adjacent high stakes domains already rejects the premise that outsourcing dissolves responsibility. Banking regulators state, in plain terms, that a banking organization’s use of third parties does not diminish its responsibility to operate safely and soundly and in compliance with law, to the same extent as if performed in house. Model risk management guidance likewise requires governance, effective challenge, documentation, and validation, including explicit attention to vendor models and third party products, rather than treating them as opaque boxes that cannot be questioned. The PSC generalizes that principle beyond banking: outsourced cognition does not outsource accountability.
PSC countermeasure. The PSC must treat every external model, dataset, or decision service as a first class component in the system inventory, with contractual audit rights and reason custody obligations as procurement prerequisites. If the vendor refuses to support contestability, the institution must either not deploy, or must interpose its own measurable controls that make the output contestable without vendor cooperation. The institution cannot claim bounded inference if it cannot describe the inference boundary. The institution cannot claim low cost contradiction if the contradiction pathway ends at “ask the vendor.”
Evidence object that exposes laundering. A Third Party Accountability Packet that includes: the chain of responsibility from input capture through decision issuance; a list of third parties and subcontractors supporting the decision; the institution’s access to data and information necessary to audit and contest; and the specific controls the institution applies to vendor outputs, including validation, monitoring, and discontinuation thresholds. Interagency guidance treats inventory, access to data, independent reviews, and termination authority as normal risk management expectations in high consequence outsourcing; the PSC uses the same spine.
In practice in the stress tests. Tenant screening is saturated with vendor laundering because the output is marketed as neutral infrastructure. Yet the consumer protection regime presumes contestability even when information is supplied by a reporting agency: when adverse action is based in whole or part on a consumer report, the user must notify the consumer and disclose routes to obtain and dispute the report’s accuracy and completeness. A PSC that tolerates “vendor says no” has surrendered to laundering by design.
3. Appeal gating: formal rights that are practically unusable
The third evasion is appeal gating, the deliberate design of recourse that exists on paper but is priced in time, complexity, and fear. The institution meets a formal obligation and then makes the path difficult to locate, difficult to understand, difficult to complete, and dangerous to pursue. This is one of the most common forms of cheating because it is deniable. A system owner can point to a web page. A regulator can point to a policy. Meanwhile the person is navigating long hold times, missing documents they cannot obtain, deadlines that assume stable housing and printer access, and communications that treat vulnerability as suspicion.
The PSC’s contestability budget exists because a right that cannot be exercised is not a safety control; it is theater. The trick institutions play is to count only the institution’s steps, not the person’s costs. The contestability budget must count cognitive complexity, time cost across multiple channels, and retaliation risk, which are predictable determinants of whether a “right” is usable.
PSC countermeasure. The PSC must require contestability service levels that bind the institution, not the person: time to acknowledgement, time to decision, maximum procedural steps, and minimum explanation quality. It must require escalation pathways that do not require professionalization and must include a non retaliation guarantee that is itself auditable. When the institution cannot safely guarantee that contesting will not increase scrutiny, suspicion, or future penalty, the PSC must treat the system as unsafe.
Evidence object that exposes gating. A Contestability Trace Dataset built from real recourse journeys sampled across vulnerability conditions, with measures for time, steps, resolution rate, and abandonment rate, plus qualitative reason codes for abandonment. This dataset must be produced without expanding personal capture as the price of measurement, which is why aggregation, privacy preserving attestation, and limited retention disciplines belong in the proof plan. The auditor will ask a simple question: is contestability usable for the most burdened subjects, or only for the most resourced.
In practice in the stress tests. In benefits fraud detection, appeal gating often manifests as deadlines and documentation requirements that assume stability the claimant does not have. In screening, it manifests as adverse action notices that technically comply while pushing the consumer into fragmented dispute processes that do not reach the decision owner in time to matter.
4. Documentation flooding: drowning contradiction in volume
The fourth evasion is documentation flooding. When challenged, the institution produces pages: policies, fairness statements, model cards, compliance memos, vendor brochures, audit summaries. The person cannot read them. The auditor can but only at high cost. The trick is that the institution confuses quantity with custody for reasons. Records exist, but they do not preserve the causal path from input to outcome in a way that enables challenge. Or they preserve that path, but only across so many systems that reconstruction is impractical. Documentation flooding is especially effective when the institution uses generative systems to produce “explanations” at scale, because fluency creates the illusion of reason even when provenance and causal custody are absent.
A PSC cannot accept documentation as proof. Proof requires evidence objects that are minimal, indexed, and falsifiable. The PSC must convert “we documented” into “we can show, for this class of cases, what inputs mattered, what thresholds were applied, what uncertainty existed, and what remediation pathway is available,” without requiring the subject to reconstruct hidden workflows.
PSC countermeasure. The PSC must require an Evidence Index that maps every PSC claim to the smallest evidence object that can invalidate it. The institution must not be allowed to bury a claim in a haystack of attachments. A safety case is an argument with exhibits, not a library. The PSC must also require a Reason Custody Packet for decisions in high consequence classes: a provenance chain, feature and threshold disclosure at the appropriate abstraction level, and a stable identifier that binds the decision record to the evidence that supports it.
Evidence object that exposes flooding. A Claim to Evidence Crosswalk plus a Minimal Reproduction Harness for key behaviors: given a controlled input scenario, the institution can reproduce the decision pathway and show which controls fired. If the institution cannot produce this harness without heroic reconstruction, it has admitted that its own reasons are not in custody.
In practice in the stress tests. Flooding is the default response to public scrutiny. The PSC’s job is to make flooding self defeating by requiring that each claim be tied to a small set of audit ready artifacts that can be contradicted.
5. Pseudo explanations: reasons that are not reasons
The fifth evasion is pseudo explanation. This is the move where the institution provides something that looks like a reason but is not operationally useful: “your application did not meet our criteria,” “your identity could not be verified,” “your file indicates elevated risk,” “the model determined,” “insufficient history.” These statements are designed to be non falsifiable, because falsifiability would enable contradiction, and contradiction would impose cost on the decision owner.
Primary sources already mark the boundary between explanation and pseudo explanation in certain domains. Regulation B requires that adverse action notices provide specific reasons, and it explicitly states that citing internal standards or failure to achieve a qualifying score is insufficient. The Fair Credit Reporting Act requires notice when adverse action is based in whole or part on a consumer report and requires disclosure of the consumer’s right to obtain and dispute the report. These are not philosophical demands; they are operational constraints aimed at contestability.
The PSC generalizes the same principle across sociotechnical systems: an explanation is only legitimate if it can be used to contradict at reasonable cost. If the “reason” cannot be contested, it is a story, not a control.
PSC countermeasure. The PSC must require that every explanation in high consequence decisions meet a Contestability Standard: it must identify the principal factors that actually drove the decision, must be consistent with the factors scored or reviewed, and must include a contest route that can reach the decision owner before irreversibility accrues. Where the system uses both scored and judgmental components, the explanation must disclose which component failed, mirroring the logic already present in Regulation B’s official interpretation.
Evidence object that exposes pseudo explanations. An Explanation Fidelity Audit: a sampled comparison between explanations provided to subjects and the internal decision features actually used. If the explanation regularly omits principal factors, or substitutes generic language for specific drivers, the PSC is invalidated. The audit must be designed so that the institution cannot satisfy it with post hoc rationales generated after the fact.
In practice in the stress tests. Tenant screening routinely produces pseudo explanations because the output is presented as objective. The PSC forces the institution to admit, in auditable form, what was actually used, and to preserve custody for those reasons.
6. Trade secrecy shields: routing scrutiny into a legal black box
The sixth evasion is the trade secrecy shield: the institution asserts that core evidence cannot be disclosed because it is confidential commercial information, proprietary methods, or security sensitive detail. Sometimes that claim is legitimate. Often it is used as an all purpose solvent applied to accountability. The mechanics matter because they shape what the PSC must demand.
In the United States, FOIA exempts from disclosure trade secrets and commercial or financial information that is privileged or confidential. The Supreme Court’s modern articulation of “confidential” in this context, emphasizing customary private treatment and government assurances, widened the practical room for withholding. The PSC must therefore assume that public transparency alone cannot carry accountability in many high stakes systems, because institutions can plausibly route key evidence into confidentiality regimes.
But confidentiality cannot become a veto on contradiction. It can at most change the channel through which contradiction occurs.
PSC countermeasure. The PSC adopts a dual layer disclosure model. First, a public PSC that remains meaningful and contestable, written so that affected persons and the public can understand the claims, the bounds, the recourse service levels, and the invalidation conditions. Second, a confidential annex that can contain legitimately sensitive detail, but only under two non negotiable constraints: regulators and certified independent auditors must have access sufficient to test the claims, and no core claim may rely solely on confidential evidence. If a claim cannot be supported by any public facing evidence object, then the claim is not institutionally legible and the PSC fails.
This is not an exotic idea. The EU AI Act requires providers of high risk systems to establish and keep technical documentation that demonstrates compliance, and that documentation is explicitly designed to enable assessment of compliance, including by authorities. It also requires record keeping through automatically generated logs where relevant. These regimes presume that meaningful oversight sometimes occurs through controlled access to documentation, not public release of proprietary detail. The PSC borrows the oversight logic but refuses to let controlled access swallow the person’s ability to contest. Hence the “no core claim solely confidential” rule.
Evidence object that exposes secrecy as a cheat. A Public Meaningfulness Test plus an Audit Access Attestation. The first is a structured test in which independent readers, including affected person advocates, can correctly infer what the system claims, what it does not claim, and how to contest, using only the public PSC. The second is an attestation that auditors and regulators have the access needed to test the confidential annex, including the ability to inspect logs, reproduce decision pathways, and test contestability controls.
In practice in the stress tests. In benefits, secrecy claims are often framed as fraud prevention necessities. The PSC permits security relevant withholding but demands that the institution still provide contestable reasons at the appropriate level of abstraction and still maintain an audit channel capable of falsifying the institution’s claims.
7. Selective measurement: measuring the safe corners and ignoring the harm perimeter
The seventh evasion is selective measurement. The institution chooses metrics that are easy to satisfy, runs evaluations in contexts where performance is best, reports aggregate outcomes that hide tail harms, and refuses to instrument the parts of the workflow where coercion occurs, such as escalation pathways, handoffs to investigators, or downstream record propagation. This is how an institution can say “the model is accurate” while people are being harmed through irreversibility debt and closure dynamics rather than raw error.
Risk frameworks already treat measurement as a sociotechnical discipline, not a single metric. The PSC’s contribution is to force measurement to follow the harm channels, not the convenience channels.
PSC countermeasure. The PSC must require a Measurement Coverage Map that enumerates the entire decision pipeline, including human interventions and downstream propagation, and identifies where the person safety bounds are tested in production. Measurements must include contestability usability, explanation fidelity, withdrawal semantics, escalation rates under vulnerability, and remediation latency, not only predictive performance. Any unmeasured safety relevant segment is treated as an explicit unknown, and unknowns are not allowed to be externalized onto subjects in high consequence settings.
Evidence object that exposes selective measurement. A Safety Relevant Instrumentation Register with sampling plans, retention limits, and privacy preserving aggregation methods, plus a Tail Harm Report that discloses distributional outcomes and worst case paths. If the institution only reports averages, the PSC is invalidated, because average safety is compatible with repeated catastrophic harm to a minority.
In practice in the stress tests. A benefits fraud model can show strong aggregate precision while repeatedly flagging the most precarious claimants, who then face escalation and documentation burdens that convert error into deprivation. A screening model can show stable score distributions while the actual harm occurs through the propagation of a negative code into future applications.
8. Residual risk euphemisms: naming harm as unavoidable to avoid discontinuation
The final evasion in this taxonomy is the “residual risk” euphemism. Every real system has residual risk. The cheat is to treat residual risk as a blank check: an incantation that ends inquiry and blocks discontinuation, even when the residual risk is simply the institution’s unwillingness to fund contestability, or its desire to keep a coercive tempo, or its refusal to limit propagation of low confidence inferences.
The PSC must recover the meaning of residual risk by binding it to accountability: who bears it, for how long, with what remedy when it materializes, and what discontinuation triggers exist when it is repeatedly realized.
PSC countermeasure. The PSC must require a Residual Risk Discipline that ties each residual risk item to a cost bearing commitment: redress protocol, rollback feasibility, compensation pathways, and a discontinuation trigger when repeated failures show that the residual risk is not residual but structural. Residual risk cannot be invoked to justify a system that cannot be safely contradicted.
Evidence object that exposes euphemism. A Residual Risk Register with Realization Logs that records realized harms, the remediation performed, and whether the realization rate is falling. If realized harm remains stable while the institution continues to claim “residual risk,” the PSC is invalidated and discontinuation becomes mandatory rather than discretionary.
In practice in the stress tests. In screening, residual risk often hides irreversibility debt: negative marks propagate into background check ecosystems long after the original decision, and the institution treats that as “industry reality.” The PSC forces the institution to account for propagation as part of its own system, not as an externality.
The dual layer disclosure model, formalized
Because secrecy regimes are real and because vendor ecosystems will continue to exist, the PSC must offer a disclosure architecture that is adoptable without surrendering the person to opacity. The dual layer model is therefore not a compromise with secrecy; it is a way of preventing secrecy from consuming accountability.
The public PSC must be readable by an affected person and must contain, at minimum, the person safety bounds claimed, the contestability budget and service levels, the explanation and reason custody standard, the withdrawal semantics at a high level, the redress ladder, and the invalidation conditions. The confidential annex may contain sensitive technical detail, but it must be designed for audit, not for concealment. It must include technical documentation and record keeping artifacts sufficient to test compliance claims, consistent with emerging regimes that require maintainable documentation and logs for high risk systems. The annex is permitted to protect genuine proprietary assets, but it is forbidden to be the sole support for any core claim, because that would render the PSC socially meaningless, converting it back into institutional self attestation.
This is where the PSC draws a hard line against the most common institutional move: “we are accountable, but you cannot see why.” Accountability that cannot be contradicted is not accountability; it is authority.
PSC 1.0 delta, consolidated for this chapter
This chapter adds five enforceable primitives to PSC 1.0: an evasion taxonomy that names predictable cheats; a countermeasure mapping that binds each cheat to a required control; disclosure rules that formalize the public PSC and confidential annex and ban core claims that rely solely on confidential evidence; audit access pathways that require regulators and certified auditors to obtain the documentation and logs needed to test claims; and intelligibility requirements that measure whether the public PSC can actually be understood and used to contest without professionalization.
Chapter close: the three required PSC outputs
PSC claim added or sharpened. A PSC is invalid unless it is hardened against predictable evasions, including definitional drift, vendor laundering, appeal gating, documentation flooding, pseudo explanations, secrecy shields, selective measurement, and residual risk euphemisms, with each evasion mapped to a binding countermeasure.
Evidence object introduced or refined. The chapter introduces the Evasion Taxonomy and Countermeasure Mapping as auditable artifacts, and it formalizes the dual layer disclosure model through two evidence objects: the Public Meaningfulness Test and the Audit Access Attestation.
Invalidation condition enabled. The PSC is invalid if any core claim depends solely on confidential evidence, if third party components cannot be audited and contested through institution held access, or if contestability, explanation, and measurement controls are present only as formalities rather than demonstrably usable protections for persons under the two stress tests.
Chapter Twelve
How PSC Becomes Real
The Person Safety Case does not “launch” the way a model launches. It becomes real the way liability becomes real, the way a procurement clause becomes real, the way a regulator’s inquiry becomes real, and the way a subject’s exhaustion becomes real when the system’s friction is not a bug but a strategy. The PSC therefore has to be architected as an adoption mechanism first and a moral argument second, because institutions do not operationalize ideals; they operationalize incentives, evidence burdens, and deadlines, then retroactively narrate the result as values. The PSC is designed to reverse that sequence by making person safety legible in the same institutional idioms that currently make opacity legible: contract deliverables, audit rights, compliance attestations, risk registers, and enforceable recourse commitments. The question Chapter Twelve answers is not whether PSC is normatively attractive; it is whether PSC can survive contact with procurement, vendor ecosystems, and regulatory fragmentation without becoming a paperwork ritual that externalizes uncertainty back onto the person.
The adoption problem is structurally simple to state and notoriously difficult to solve: sociotechnical harm persists not because institutions lack principles, but because they can satisfy the dominant artifacts of governance without supplying the two things that actually constrain harm, namely contradictability and remedy. The PSC forces a binding claim set supported by evidence objects and invalidation conditions, but a claim set that no one is paid to read will not constrain behavior, and an evidence object that no one has the right to demand will not exist. In practice, PSC becomes real through four levers that are already native to modern institutions. The first is procurement, where obligations can be made precommittal rather than discretionary. The second is operational governance, where PSC claims can be made to appear in the same cadence as risk management and change control. The third is regulatory crosswalk, where PSC can be cited without being reducible to any single law or framework. The fourth is liability shaping, where PSC becomes a reason the institution can say “we exercised due care,” while also becoming a reason a regulator, auditor, or subject can say “you promised contestability at reasonable cost and you failed.”
1. Procurement as the burden shift: turning ethics into deliverables
Procurement is where the PSC’s speech act becomes enforceable because procurement already knows how to bind speech to performance: it converts narrative into deliverables, timelines, acceptance criteria, audit rights, and termination triggers. A PSC procurement posture is straightforward. The PSC is not “documentation”; it is a condition of deployment for any system whose outputs can plausibly trigger deprivation, denial, or durable reputation. The institutional buying unit requires a PSC as a contractual deliverable, updates to it as part of change control, and specific evidence objects as acceptance criteria. The vendor is not asked to “share a model card.” The vendor is required to supply a burden of proof that is built to be contradicted, including explicit unknowns and invalidation triggers that make discontinuation or rollback an ordinary outcome rather than a scandal.
If this sounds aspirational, procurement already contains the skeletal authority needed to make it concrete: audit and records rights are a paradigmatic example of how institutions secure evidence access without needing to litigate every request from scratch. The Federal Acquisition Regulation’s audit and records clause, for instance, defines “records” broadly and creates a right to examine and audit evidence sufficient to evaluate claims tied to performance and pricing. The PSC’s procurement logic borrows the form, not the content: the point is not cost accounting; the point is that institutional claims become auditable when the counterparty must maintain records and accept examination by authorized representatives. In a PSC regime, the institution does not ask politely for information about model behavior after an incident; it reserves the right, in advance, to demand the evidence objects the PSC promised would exist.
The immediate objection is vendor resistance, typically framed as trade secrecy, security, and competitive differentiation. The PSC does not require disclosure of proprietary internals as its default route; it requires evidence objects that demonstrate bounded behavior and contestability. That distinction matters because procurement can enforce outcomes without mandating implementation details, and it can enforce disclosure tiers without rendering the public PSC meaningless. Chapter Eleven introduced the dual layer model: a public PSC that remains contestable, plus a confidential annex accessible to regulators and certified auditors, with the non negotiable rule that no core claim may rely solely on confidential evidence. This is not rhetorical moderation; it is an anti laundering control. Without that rule, institutions will quietly migrate the entire proof plan behind confidentiality and call the public layer “transparency.”
A second objection is that procurement cycles are slow and heterogeneous, so PSC requirements will be uneven and gamed. This is true, and it is exactly why PSC must be designed as a clause set and a verification discipline rather than a values statement. The PSC procurement payload is conceptually compact: a requirement to deliver PSC 1.0 sections, a schedule for updates keyed to material system changes, minimum contestability service levels, and a small set of evidence object obligations that can be independently tested. The deeper point is that procurement is not only about buying; it is the institutional moment where the organization admits, implicitly, what it is willing to be accountable for. When procurement does not reserve rights to examine system behavior, it is making a governance decision, whether it calls it that or not.
2. Vendor obligations: supply chain reality rather than supplier mythology
Vendor ecosystems are not single suppliers; they are stacks: data brokers, model providers, hosting platforms, integrators, and downstream deployers, each able to disclaim responsibility by pointing to another layer. PSC becomes real when it makes responsibility non transferable in the precise way modern governance often fails to do. The provider cannot say “the deployer misused it” when the provider shipped an unbounded system with no viable contestability path, and the deployer cannot say “the vendor owns the model” when the deployer is the party who inflicted the decision and therefore owes recourse. The PSC should therefore be written so that each party’s claims are scoped to what that party controls, but the person’s safety does not fall through the seams between scopes. This is the core adoption principle: interfaces between organizations are the natural habitat of uncertainty externalization. PSC is an interface contract whose entire purpose is to make uncertainty stay where it is generated.
Supply chain governance already has a mature vocabulary for this, and PSC should borrow it aggressively. NIST’s supply chain risk management guidance treats supply chain risk as multi level and lifecycle integrated rather than as an afterthought at onboarding, emphasizing the need to identify, assess, and mitigate risks across suppliers, products, and services and to integrate these practices into organizational risk management. PSC is the person safety instantiation of that logic: it extends the discipline of supply chain risk management beyond confidentiality and integrity into contestability, withdrawal semantics, and irreversibility control. In doing so, PSC denies the vendor the most common escape hatch in sociotechnical harm: “our responsibility ends at the API.”
This is also where the PSC must be robust to political and administrative drift. In the United States, federal AI governance memos and acquisition guidance have shifted quickly, including explicit rescissions and replacements that change the official language of “responsible acquisition” while leaving the underlying operational risks intact. The PSC’s adoption strategy cannot depend on a single executive posture; it must be legible as due care across regimes. OMB memoranda that instruct agencies to govern AI use through risk management, inventories, and oversight mechanisms illustrate both the opportunity and the fragility: policy can accelerate adoption, but policy can also be revised. The PSC is therefore positioned as an internal control system that remains rational even when external slogans change, because the stress tests do not change: benefits systems still produce deprivation when contest fails, and screening systems still convert inference into durable fate through residue.
3. Operational governance: embedding PSC into the rhythms that already run institutions
PSC adoption fails when it lives in a separate “ethics lane,” because the institution’s real decisions happen elsewhere: in change advisory boards, incident management, KPI dashboards, and quarterly risk reviews. PSC becomes real when it is made a first class citizen inside those rhythms, with a single decisive rule: any material change to system behavior triggers a PSC delta, and any breach of a person safety bound triggers an incident response pathway that treats remedy as a protocol, not a discretionary exception. This is not bureaucratic maximalism; it is simply the observation that harm emerges through ongoing operation, not through initial deployment ceremonies.
Here the NIST AI Risk Management Framework is instructive as a shared managerial grammar. It is voluntary and non prescriptive about an organization’s risk tolerance, but it provides a common structure for governing and managing AI risk across lifecycle functions, which is precisely what PSC needs for institutional legibility. PSC is not a competitor to AI RMF; it is a specialization that insists, with more binding force, on contestability, withdrawal semantics, conduct near vulnerability, tempo controls, and redress. In an organization already using AI RMF language to run governance, PSC can be adopted without asking leaders to learn a new philosophical lexicon; it can be adopted as the person safety instantiation of the organization’s stated risk management commitments.
A practical implication follows. PSC should have a standing home in three operational artifacts: the risk register, the change log, and the incident log. In the risk register, PSC claims are tracked as controls with explicit invalidation conditions. In the change log, PSC deltas are attached to releases the way security impact analyses are attached to architectural changes. In the incident log, failures are classified not only by severity but by irreversibility class and contestability breach, because the most dangerous incidents are those where the institution cannot restore contestability and must therefore discontinue or roll back. If PSC is absent from these artifacts, it is not real; it is commentary.
4. Regulatory crosswalk: PSC as a citeable standard without becoming a disguised statute
The PSC will be adopted faster if it can be cited by regulators and auditors without being reducible to any single jurisdiction’s law. This is not a concession to technocracy; it is an acknowledgment of the institutional reality that regulated entities operate across overlapping regimes, and they crave artifacts that simplify compliance narratives. The risk is that PSC becomes another compliance narrative, and therefore theater. The solution is to build PSC as a falsifiable standard that can be cross walked while remaining contradiction oriented.
The European Union’s AI Act provides an instructive template for how legal regimes convert standards into presumptions. The Act establishes that conformity with harmonised standards published in the Official Journal can create a presumption of conformity with requirements, while also specifying conformity assessment pathways for high risk systems, including internal controls and quality management procedures and, in some circumstances, notified body involvement. The PSC can mirror the institutional logic without copying the legal structure: it can function as a presumptive demonstration of person safety only if its claims are supported by evidence objects and remain contestable, and only if no core claim can hide behind confidentiality. What the AI Act clarifies, in adoption terms, is that institutions and regulators already understand the posture “show me the evidence objects that establish conformity,” and they already accept that conformity is procedural and documentary as well as technical. PSC makes the documentary substrate about persons rather than products.
Now look at the stress tests. Credit and tenant screening operate under legal obligations that already imply PSC primitives, but in fragmented form. When an adverse action is taken based on information in a consumer report, U.S. law requires notice and specified disclosures to the consumer. This is a narrow statutory foothold for contestability: it recognizes, at least minimally, that a person must be told when a decision is made against them and given a path to challenge inputs. The PSC’s contestability budget generalizes this into a measurable service level and extends it beyond narrow notice into remedy and rollback. In parallel, HUD’s Fair Housing guidance on tenant screening and the use of AI emphasizes that screening practices can create unjustified discriminatory effects and sets out best practices aimed at fairness and transparency in screening. PSC does not replace fair housing law; it gives institutions an implementable proof structure for showing, and being contradicted about, whether their screening conduct near vulnerability is bounded.
The regulatory crosswalk also has teeth in the form of enforcement signals. Consider the lived pattern in the screening environment: algorithmic scoring systems, opaque vendor stacks, durable residue, and downstream propagation. The SafeRent litigation and its associated settlement materials show, at minimum, that tenant screening algorithms and associated practices can become the object of classwide challenge, with courts issuing orders that operationalize obligations through settlement terms and oversight mechanisms. In a PSC world, the point is not to litigate in order to learn; it is to precommit to a structure that makes contradictions cheap enough that litigation is not the default contestability path. Likewise, the U.S. government’s actions related to algorithmic rent pricing underscore that algorithm mediated coordination and inference are already within enforcement attention, and that “the algorithm did it” will not reliably function as insulation. PSC is a way to operationalize that lesson before the enforcement action, not after.
5. Safe harbor, correctly understood: earned presumptions, not paperwork immunity
Institutions will ask, almost immediately, whether PSC offers safe harbor. They ask because they fear open ended liability and because they are tired of ambiguous “ethical AI” expectations that feel unbounded. The PSC answer is deliberately asymmetric. PSC can create an earned presumption of due care only when three conditions are met: independent auditability, demonstrated contestability at reasonable cost in production, and demonstrated remediation when contest succeeds. If those conditions are not met, PSC is not a shield; it is evidence of negligence, because it becomes a promise the institution broke. This is the moral and practical point of invalidation conditions: a PSC that cannot be invalidated becomes branding.
The EU AI Act’s presumption logic helps clarify the design. Presumption of conformity is conditional, scope bound, and tied to published standards and assessable procedures rather than to organizational sincerity. PSC should behave the same way. A PSC that is unsupported by evidence objects is not a PSC; a PSC whose evidence objects cannot be demanded by an auditor is not a PSC; a PSC whose contestability path is unusable in the stress tests is not a PSC. The safe harbor conversation must therefore be inverted: PSC does not promise immunity; it promises legible falsifiability. When an institution can be safely contradicted, it gains the only kind of protection that is ethically defensible: the ability to discover and remediate harm before harm becomes irreversibility debt.
There is a further reason to resist the naive safe harbor framing. In benefits and screening, the most catastrophic harms are not single wrong decisions; they are cascades where a wrong decision propagates into records, eligibility states, and reputational residue that outlive the original inference. A safe harbor that rewards paperwork would intensify these cascades by granting institutions confidence without requiring repair. PSC must therefore treat safe harbor as a dynamic status, revocable upon repeated failure modes, non restoration of contestability, or accumulation of irreversibility debt that the institution cannot or will not retire through rollback and compensation. Safe harbor is not a stamp; it is a continuously earned posture.
6. Falsifiability, revision governance, and re certification: preventing PSC from ossifying into theater
A standard becomes theater in two predictable ways. It becomes a static artifact that people learn to satisfy performatively, or it becomes an ever expanding checklist that collapses under its own weight and is quietly ignored. PSC must avoid both failure modes by making falsifiability and revision governance explicit. Falsifiability means that every core PSC claim has at least one production observable that can disconfirm it, and at least one invalidation condition that triggers an obligatory response when disconfirmation occurs. Revision governance means PSC itself has versioning, an update cadence, and a public record of changes that prevents silent dilution through definitional drift.
NIST’s AI RMF is explicit that it is a voluntary resource and that it does not prescribe an organization’s risk tolerance, which implies the organizational burden to define thresholds and update them. PSC adopts that posture while making it binding: PSC does not dictate the institution’s values, but it dictates the institution’s proof obligations for whatever values it claims to hold. More importantly, PSC makes updates non optional when material conditions change: new training data regimes, new model versions, new vendor components, new downstream uses, or new evidence that contestability costs have risen in practice. Re certification is the operational enforcement of this principle. It should be required on a fixed cadence and on event triggers, and it should require demonstration, not assertion, that contestability service levels are being met in the stress tests.
Finally, PSC must name, explicitly, how it can be corrupted. The corruption pattern is always the same: institutions convert contradiction into intake, then convert intake into delay, then convert delay into abandonment, then call abandonment “user choice.” PSC prevents this corruption only when re certification includes adversarial testing by auditors who can simulate contest and measure the contestability budget in the way a subject experiences it, including procedural complexity, opportunity cost, and retaliation risk. This is why the PSC is not a standards document in disguise. It is a burden shift in disguise as an ordinary institutional artifact, which is the only form in which it can survive.
Closing the chapter: what adoption looks like under the stress tests
In public benefits, PSC becomes real when recertification and adverse decision workflows cannot proceed unless the contestability budget is within bounds, the reason custody is preserved, and the remedy ladder is precommitted, because the subject cannot opt out and deprivation is a foreseeable consequence. In credit and tenant screening, PSC becomes real when adverse action and screening decisions cannot be operationalized without residue disclosure, withdrawal semantics where applicable, and an affordable challenge path that does not require the subject to hire an expert simply to understand what happened. The proof of adoption is therefore not the existence of a PDF labeled “PSC.” The proof is that, in the two stress tests, the system can be safely contradicted at reasonable cost, and when contradiction succeeds, correction and rollback occur as protocol rather than grace.
Chapter Twelve deliverables to PSC 1.0
PSC claim added or sharpened: PSC is a deployability condition enforced through procurement and operational governance, and any claimed “safe harbor” status is earned only through independent auditability, demonstrated contestability at reasonable cost in production, and demonstrated remediation when contest succeeds.
Evidence object introduced or refined: The Adoption Packet, consisting of PSC bound procurement clauses, a public PSC with a confidential annex that cannot carry core claims alone, audit access pathways grounded in reserved evidence rights, and a re certification record that shows PSC deltas keyed to material changes.
Invalidation condition enabled: Any system is PSC invalid if the institution cannot compel the evidence objects it promised would exist, if contestability service levels are not met in the stress tests, or if re certification is not performed after material change or repeated contest failures, because the PSC has then become cheap speech rather than a contradictable burden of proof.
Conclusion
The Burden Shift That Survives Its Own Stress Tests
The Person Safety Case is not a new moral vocabulary for institutions. It is a new evidentiary regime for them. That difference matters because the harms that define automated and AI mediated institutions are not, in the first instance, technical failures, and they are not, in the first instance, failures of intention; they are failures of contradictedness. The most institutionally dangerous systems are those that can end a person’s practical options while keeping their own reasons operationally private, contestation procedurally expensive, and reversal socially or bureaucratically humiliating. The PSC intervenes precisely there, at the seam where an institution’s claim to legitimacy is performed, not as sentiment, but as a structured, auditable burden of proof designed to be challenged without heroism.
If the book has done its work, the reader now sees why the PSC cannot be defended as an “ethics framework,” because the category mistake would hollow it out. Ethics frameworks invite assent. The PSC invites contradiction. It is written to produce a particular institutional posture: if you cannot prove non harm without converting the person into a data exhaust project, you must narrow what you do; if you cannot keep contestability usable under real constraints, you must reduce irreversibility; if you cannot restore persons when you are wrong, you must discontinue. In that sense, PSC 1.0 is less a standard than an engineered asymmetry: it shifts the marginal cost of uncertainty away from the subject and back onto the system that benefits from acting under uncertainty.
This is also why the PSC is not reducible to model governance. The PSC’s target is not a model’s internal quality, but an institution’s external conduct, over time, toward persons, under stakes. The PSC insists that “accuracy” is not the master variable because accuracy, even when real, is fully compatible with coercive tempo, pseudo explanations, retaliation risk, and irreversibility debt. A system can be statistically good and civically violent. The PSC therefore treats contestability at reasonable cost as a threshold property of legitimacy, because it is the minimum condition under which institutional power remains corrigible. What constitutional due process jurisprudence called the opportunity to be heard “at a meaningful time and in a meaningful manner” becomes, in PSC terms, a measurable service level with a contestability budget, independence requirements, explanation quality standards, and retaliation controls, all tied to invalidation conditions rather than aspirational language (Mathews 333).
The stress tests are still the only honest place to evaluate whether this posture is real. In public benefits eligibility and fraud detection, opt out is fiction, and error becomes deprivation. In credit and tenant screening, inference becomes destiny through propagation and residue. These are exactly the environments that make institutional sincerity cheap and administrative closure easy. The PSC survives only if, in these environments, it prevents the conversion of vulnerability into proof labor. Goldberg remains instructive because it treats the interruption of welfare support not as a trivial administrative inconvenience but as a deprivation that demands a hearing before termination, precisely because the stakes are immediate and the person’s capacity to absorb error is limited (Goldberg 264–66). The PSC extends the spirit of that constraint beyond a courtroom posture into the full sociotechnical substrate where modern authority is performed, including vendor workflows, automated triage, generative correspondence, and outsourced screening, all of which can otherwise become plausible deniability machines.
At this point the reader can also see why “transparency” is not the PSC’s first principle. Transparency, as a slogan, is too easily satisfied by disclosure that is voluminous, strategically timed, and practically unusable. The PSC’s first principle is custody for reasons: a documentary discipline that preserves provenance, scope, and contestability within the record itself, so that an institution cannot dissolve responsibility into toolchains. This has become urgent because fluency now increases institutional deniability: a generative system can produce legible text that reads like a reason while being, operationally, a surface that covers missing provenance and missing accountability. The PSC therefore makes reason custody an auditable control, not a rhetorical promise, and it binds it to invalidation triggers because the institutional incentive is always to produce closure that cannot be efficiently reopened.
If there is one temptation the PSC must permanently refuse, it is the temptation to buy accountability by expanding capture. Institutions will always discover that the easiest way to “prove” good conduct is to log more, retain longer, and collect broader. This is the path that turns accountability into surveillance creep, and it is precisely what “Proof Without Capture” forbids: the PSC is invalid if its proof plan depends on generalized expansion of personal logging as the primary route to accountability. The reader should recognize that this is not a privacy add on; it is a structural requirement of legitimacy. A proof system that depends on capture to prove non harm simply moves harm into the proof layer. This is why the evidence object catalog privileges attestation patterns, aggregation, minimal sufficient telemetry, and production test cases that demonstrate system behavior without converting subjects into continuously monitored witnesses.
The legal and regulatory landscape already contains fragments of what the PSC consolidates. In credit, for example, the duty to provide reasons for adverse action is real, but it is frequently satisfied in ways that remain non explanatory to a lay person, or that blur contestability into resignation. Regulation B requires that a statement of reasons be “specific” and not merely a conclusory label such as “insufficient credit file,” and it requires delivery within prescribed timelines (12 C.F.R. § 1002.9). The PSC treats this not as a compliance line item but as a person safety control: explanations must be contestable, and their quality is measured by whether a reasonable person can identify the lever to pull to test and potentially reverse the decision without professionalization. Similarly, the Fair Credit Reporting Act’s adverse action notice requirements represent an early institutional admission that automated or semi automated screening can silently injure, and that notice is a precondition to dispute, yet notice without usable dispute is still closure (15 U.S.C. § 1681m). The PSC’s contestability budget is the missing piece that prevents notice from becoming theater.
The PSC also integrates an adoption reality that many governance frameworks avoid: secrecy will be invoked. Trade secrecy, procurement confidentiality, and security arguments will be used to prevent inspection of system behavior. FOIA itself codifies how quickly disclosure collides with “trade secrets and commercial or financial information obtained from a person and privileged or confidential” (5 U.S.C. § 552(b)(4)). The PSC’s dual layer disclosure model is designed to survive that reality without conceding the core: a public PSC must remain meaningful and contestable, and no core claim can rely solely on confidential evidence. This is not an anti confidentiality stance; it is an anti abdication stance. The institution may protect sensitive details, but it cannot protect itself from contradiction by making all meaningful proof inaccessible.
The final discipline the PSC contributes is the one institutions resist most: discontinuation as a legitimate outcome. When systems cannot bound irreversibility debt, cannot restore contestability, cannot support verifiable withdrawal semantics, or cannot remediate harms at scale without discretionary favor, discontinuation is not an admission of defeat; it is the only ethical outcome that respects persons as more than downstream costs. Here the PSC’s moral logic and its adoption logic converge. A system that cannot be safely contradicted is not merely “risky”; it is structurally unaccountable. A system that is structurally unaccountable cannot be legitimate in benefits or screening, regardless of performance claims, because it produces deprivation or destiny while externalizing uncertainty onto the subject.
This is where PSC 1.0 should be read as compatible with, but not subordinated to, existing AI governance frameworks. NIST’s AI Risk Management Framework explicitly positions itself as voluntary and designed to help organizations manage risks to individuals, organizations, and society. The PSC is the missing coercive complement in environments where voluntarism fails under power asymmetry: it turns risk talk into binding claims, evidence objects, and invalidation conditions that can be audited, procured, and litigated. Likewise, the EU AI Act’s recitals emphasize that the Regulation aims to strengthen the effectiveness of existing rights and remedies through specific requirements and obligations, including transparency, technical documentation, and record keeping, while remaining without prejudice to existing data protection rights and remedies. The PSC offers a cross jurisdictional institutional interface for that aspiration: not a parallel regime, but a proof posture that can be adopted as procurement language, operational governance, and audit protocol, while preserving the foundational constraint that the person is not the evidence substrate for the institution’s legitimacy.
The PSC therefore ends where it began: with a burden shift, but now specified as an executable discipline. Institutions can keep building systems that produce closure without contradiction, and then ask persons to bear the metabolic cost of fighting them, or institutions can accept that legitimacy in automated governance requires precommitted contradictedness. The PSC is not an appeal to be kind. It is a demand to be falsifiable, in public, under stress, without surveillance creep, and with restoration when wrong.
Chapter close: PSC 1.0 payload
PSC claim sharpened. Legitimate automated decision systems must remain safely contradictable at reasonable cost under the two stress tests; where contradictedness cannot be sustained without capture, irreversibility must be reduced or the system must be discontinued.
Evidence object introduced or refined. The PSC Public Register and Recertification Ledger, a versioned, publicly intelligible record of PSC claims, deltas, contestability service levels, residual risks, audit outcomes, and discontinuation events, with a parallel regulator annex that cannot carry any core claim alone.
Invalidation condition enabled. A PSC is invalid if core claims are not publicly falsifiable through usable contestation pathways, if recertification does not occur on schedule with published deltas, or if the institution invokes confidentiality to prevent contradiction rather than to protect narrowly scoped sensitive details.
Appendix A. PSC 1.0 Specification
Normative text. Conformance to PSC 1.0 is satisfied only when every MUST and MUST NOT below is met within the stated scope of the deployed system, including upstream data supply, downstream propagation, human review operations, and vendor components.
A.1 Scope and purpose
PSC 1.0 defines a Person Safety Case as a binding institutional claim set, supported by auditable evidence objects and explicit invalidation conditions, whose primary objective is to ensure that an affected person can safely contradict a sociotechnical system at reasonable cost without being required to become fully legible in order to obtain fair treatment. PSC 1.0 is designed to be compatible with, but not reducible to, model governance, privacy compliance, cybersecurity control catalogs, or “responsible AI” principles, because its unit of protection is the person situated in a decision pipeline, not the model abstracted from institutional conduct.
PSC 1.0 is written to survive two governing stress environments: (1) public benefits eligibility and fraud detection, where error becomes deprivation and opt out is functionally unavailable, and (2) credit and tenant screening, where inference propagates into durable records that shape opportunity through residue and downstream reuse. PSC 1.0 therefore treats contestability, reason custody, withdrawal semantics, tempo controls, and redress protocols as first order safety mechanisms rather than as optional consumer service features.
A.2 Definitions and actors
PSC 1.0 uses the following defined terms.
Affected person. A natural person whose opportunities, obligations, access to benefits, housing, credit, employment, liberty, or essential services are shaped by the system’s outputs, including through propagation to third parties or records.
Provider and deployer. PSC 1.0 tracks the provider and deployer distinction because accountability frequently fractures along that seam, and PSC claims MUST remain binding even when model development and institutional use are separated.
Decision. Any output, recommendation, score, ranking, flag, classification, or generated text that alters a person’s treatment, escalates an investigation, changes eligibility, increases verification burden, delays access, increases price, or produces an adverse action.
Reason custody. The property that the documentary substrate preserves provenance, rationale, and contestability such that the institution can show what factors were used and how, without requiring the person to reconstruct hidden workflows.
Contestability at reasonable cost. The property that a person can obtain timely, intelligible review and correction without professionalization, retaliation risk, or excessive cognitive and procedural load; this is evaluated through the Contestability Budget defined below and is not satisfied by nominal availability of an appeal path.
Evidence object. An auditable artifact that demonstrates system behavior and institutional conduct, not institutional sincerity.
Invalidation condition. A falsifiability trigger that voids a PSC claim when met, requiring remediation, rollback, discontinuation, or re certification failure.
Residue. Persisting artifacts of the person’s interaction with the system, including raw data, features, embeddings, derived scores, human notes, exported files, and audit traces.
Withdrawal. A bounded, verifiable process by which a person can revoke participation, revoke data use, or revoke downstream sharing where legally and technically feasible, accompanied by a disclosure of what residue remains and why.
Irreversibility class. A classification of decision consequences describing how hard it is to restore the person to the counterfactual state if the system is wrong.
A.3 Conformance requirements
A sociotechnical system is PSC 1.0 conformant only if the deployer maintains a PSC artifact that meets all of the following.
1. A Public PSC available to affected persons and civil society in plain language, and a Confidential Annex available to regulators and certified auditors, with the rule that no core PSC claim may rely solely on confidential evidence.
2. A complete Claim Set, where each claim includes: scope, claim statement, rationale, evidence objects, test procedure, residual risk, and invalidation conditions.
3. A complete Evidence Object Catalog, with custody, retention limits, and audit access pathways.
4. A complete Contestability Budget with measurable service levels, independence requirements for review, explanation quality criteria, and retaliation safeguards.
5. A complete Reason Custody Plan for documentary due process, including controls for generated text and decision artifacts.
6. A complete Withdrawal Semantics Matrix and Withdrawal Proof Packet requirement.
7. A complete set of Conduct Invariants, including vulnerability conditioned constraints.
8. A complete set of Tempo Controls tied to irreversibility classes.
9. A complete Redress, Rollback, and Discontinuation Protocol with precommitted triggers.
10. A Recertification cadence and change governance model, such that material changes require re evaluation and updated PSC issuance.
A.4 Required PSC sections
A PSC 1.0 artifact MUST contain, in this order, the following sections.
S1 System synopsis and boundary. A precise diagrammatic narrative of where the system begins and ends, including upstream suppliers, decision points, handoffs to humans, and downstream propagation.
S2 Use context and stakes. The intended purpose, foreseeable misuse, and the explicit irreversibility classes present.
S3 Person Safety Bounds. A formal statement of bounded inference, bounded retention, bounded escalation, bounded persuasion, bounded penalty, and bounded irreversibility, each tied to enforcement mechanisms and tests.
S4 Contestability Budget. Concrete service levels and costs, and the minimum viable review mechanism that does not require heroism.
S5 Custody for reasons. Provenance, traceability, and documentary controls across human and machine authored content.
S6 Evidence object catalog. Classes, owners, retention, access, and audit methods.
S7 Verifiable withdrawal and residue. Withdrawal semantics matrix, proof packet requirements, and residue disclosures.
S8 Conduct invariants and vulnerability rules. Production test suite and invariants that narrow inference and reduce persistence when vulnerability is present.
S9 Tempo controls. Cooling periods and principled delay at irreversibility points, with required written justification for any refusal.
S10 Redress, rollback, and discontinuation. The ladder, thresholds, and restoration protocols.
S11 Adversarial resilience. The evasion taxonomy mapping and counter evidence objects.
S12 Revision governance. Recertification cadence, audit schedule, and change control triggers.
A.5 Claim language conventions
PSC 1.0 claims MUST be expressed as falsifiable propositions with explicit boundaries, and MUST use normative language consistent with formal standards: MUST, MUST NOT, SHOULD, SHOULD NOT, MAY. A claim MUST fail gracefully by naming uncertainty and providing a low cost contradiction path, because “unknown but contestable” is safer than “confident but closed.”
Each claim MUST include at least one invalidating observation that a third party could plausibly detect through evidence objects, audit, or controlled tests. Claims that cannot be invalidated are non claims and MUST be removed.
A.6 Evidence object classes
PSC 1.0 recognizes the following evidence object classes. Each class MUST have a custodian, retention limit, access pathway, and audit method.
E1 Decision Trace Record. For each consequential decision, a structured record containing input provenance, model or rule version identifiers, material features used, thresholds, human overrides, and downstream recipients.
E2 Reason Custody Packet. The documentary bundle that enables challenge: what factors were actually considered, how they were weighted or operationalized, and which procedural rules governed the decision, including controls preventing generated text from becoming provenance free authority.
E3 Contestability Ledger. A record of dispute events, timelines, steps, escalation points, outcomes, and retaliation reports, suitable for aggregate auditing.
E4 Withdrawal Proof Packet. Dependency discovery, action semantics, attestations, and residue disclosure.
E5 Conduct Invariant Test Suite. A production tested suite demonstrating that conduct constraints hold under normal and adversarial conditions.
E6 Tempo Control Log. Evidence that cooling periods and delay protections were applied at irreversibility points, including refusals with written justification.
E7 Redress and Rollback Ledger. Evidence of corrections, restorations, compensation, and systemic fixes, including the ability to propagate corrections to downstream consumers of the original decision.
E8 Vendor and propagation registry. Evidence of where decisions, scores, or flags are shared, sold, reused, or exported.
A.7 PSC 1.0 minimum safety constraints
PSC 1.0 imposes the following minimum constraints, independent of domain.
C1 Contestability minimum. A deployer MUST provide a usable review path with measurable service levels and independence. A deployer MUST NOT gate contestability behind fees, legal counsel, excessive documentation demands, or requirements to produce expansive personal logs as the main proof mechanism. This constraint operationalizes due process as “usable procedure,” not “procedure exists.”
C2 Human oversight as real authority. Where a system is high consequence, oversight MUST include authority to intervene, stop, or override in practice, not only in documentation, consistent with the requirement that oversight aims to prevent or minimize fundamental rights risks and enables natural persons to understand limitations and monitor operation.
C3 Adverse action intelligibility. In screening contexts, the PSC MUST demonstrate that adverse action communications provide specific reasons tied to factors actually used, not generic references to internal standards or opaque score failures.
C4 Unfairness control. If injury is substantial, not reasonably avoidable by the affected person, and not outweighed by countervailing benefits, PSC claims that justify the practice without providing contestability at reasonable cost MUST be treated as invalid, because “not reasonably avoidable” is precisely the condition under which burden shifting becomes non optional.
C5 Confidentiality cannot erase contestability. Trade secrecy and confidentiality may limit public disclosure, but PSC core claims MUST remain contestable; the PSC MUST include a dual disclosure model and MUST name what can be audited publicly versus via regulators and certified auditors, consistent with FOIA’s recognition of confidential commercial information while preserving public accountability by design rather than by litigation.
A.8 PSC 1.0 invalidation conditions
PSC 1.0 MUST include, at minimum, the following invalidation triggers, each mapped to a remediation obligation.
I1 Closure invalidation. If an affected person cannot obtain meaningful review within the Contestability Budget service levels, the PSC is invalid until remediation restores contestability.
I2 Capture invalidation. If the deployer’s proof plan depends on generalized expansion of personal logging or surveillance as the primary route to accountability, the PSC is invalid.
I3 Reason custody invalidation. If decision reasons cannot be reconstructed from evidence objects with provenance, or if generated text is used as a rationale without traceable source custody, the PSC is invalid.
I4 Residue invalidation. If the deployer cannot produce a Withdrawal Proof Packet upon valid request, or cannot declare what residue remains and why, the PSC is invalid.
I5 Tempo coercion invalidation. If high consequence commitments are obtained through accelerated tempo without cooling periods at irreversibility points, the PSC is invalid.
I6 Propagation invalidation. If downstream sharing recipients cannot be enumerated and corrections cannot be propagated, the PSC is invalid.
I7 Repeated failure invalidation. If repeated contestability failures or irreversibility debt accrues beyond the discontinuation threshold in S10, the PSC is invalid and discontinuation becomes mandatory.
A.9 Audit access and procurement compatibility
PSC 1.0 is designed to be auditable under procurement and regulatory regimes that require access to records. A PSC MUST identify how auditors and regulators can examine relevant records and systems, including vendor records, consistent with audit and records norms in public procurement.
A.10 Appendix A closing triad
PSC claim added or sharpened: PSC 1.0 conformance is defined by falsifiable claims plus evidence objects plus invalidation conditions, not by policies or intent statements.
Evidence object introduced or refined: The Evidence Object Catalog with defined classes E1 to E8.
Invalidation condition enabled: Closure invalidation I1, which voids accountability when contradiction is not usable.
Appendix B. Templates and worksheets
These are PSC 1.0 compliant forms. They are intentionally terse so that completion produces an auditable artifact rather than an essay.
B.1 PSC template (Public PSC plus Confidential Annex)
Header: PSC ID, system name, deployer, provider(s), version, issuance date, next recertification date, scope boundary, jurisdictions, contact for contestation.
S1 System synopsis and boundary: decision map, upstream inputs, downstream recipients, human roles, vendor roles.
S2 Use context and stakes: intended purpose, foreseeable misuse, irreversibility classes, protected classes and sensitivity notes where applicable.
S3 Person Safety Bounds: six bound statements, each with controls, metrics, and tests.
S4 Contestability Budget: service levels, step counts, independence model, explanation standards, accessibility requirements, retaliation safeguards.
S5 Custody for reasons: provenance controls, documentation standards, generated text controls, reason retention and correction propagation.
S6 Evidence object catalog: E1 to E8 with owners, retention, audit access, sampling plan.
S7 Withdrawal and residue: withdrawal semantics matrix, proof packet steps, residue declaration and necessity rationale.
S8 Conduct invariants: invariants list, vulnerability adjustments, production tests.
S9 Tempo controls: mapping from irreversibility classes to cooling periods and delay rules.
S10 Redress, rollback, discontinuation: redress ladder, rollback mechanics, discontinuation triggers, residual risk policy.
S11 Adversarial resilience: evasion taxonomy mapping, countermeasures, audit plan.
S12 Revision governance: change triggers, recertification cadence, incident thresholds, governance body.
B.2 Evidence object catalog template
For each evidence object: ID, class (E1 to E8), description, capture mechanism, minimization rationale, retention, access control, audit method, sampling method, known limitations, invalidation conditions it supports.
B.3 Contestability Budget worksheet
Record, for each decision type and irreversibility class:
the first response time SLA, the time to substantive review SLA, the maximum number of required steps, the maximum number of required documents, the maximum number of identity verification steps, the availability of live assistance, language accessibility, disability accommodations, retaliation mitigation steps, escalation path, independence model, and the “reasonable cost” narrative justification grounded in the affected person’s likely constraints rather than institutional convenience. This worksheet should be evaluated against due process risk of erroneous deprivation and the “not reasonably avoidable” condition in unfairness doctrine.
B.4 Withdrawal semantics matrix template
A two axis matrix: residue class by withdrawal action. Residue classes MUST include: raw inputs, derived features, embeddings, scores, human notes, exports to third parties, audit traces, and regulatory retention artifacts. Actions MUST include: stop collection, stop processing, stop sharing, correction propagation, suppression of use, deletion where feasible, and sealed retention for contestability. The matrix MUST produce a disclosure that distinguishes technical infeasibility from institutional refusal.
B.5 Conduct invariant checklist
For each invariant: statement, scope, vulnerability condition, test cases, monitoring metric, alert threshold, and response playbook. High consequence systems MUST include invariants that narrow inference and restrict escalation under vulnerability and that constrain persuasive pressure.
B.6 Tempo control mapping template
Map irreversibility class to: cooling period length, required justification for denial of delay, and the evidence objects that prove compliance. This is the PSC’s formalization of time as a coercion variable, consistent with oversight obligations that aim to prevent or minimize rights risks.
B.7 Redress ladder template
Define tiers: correction, restoration, compensation, disclosure, discontinuation. For each tier: entry conditions, time to resolution, rollback mechanics, downstream correction propagation requirements, and reporting obligations. This ladder should be drafted to make discontinuation an executable outcome under repeated failures.
Appendix B closing triad
PSC claim added or sharpened: PSC 1.0 is executable because every claim has a completion artifact and a testable budget.
Evidence object introduced or refined: The Contestability Ledger schema and Contestability Budget worksheet outputs.
Invalidation condition enabled: Closure invalidation I1 becomes auditable via SLA failures and step count exceedances.
Appendix C. Proof Without Capture
This appendix defines concrete patterns for proving system behavior while minimizing personal capture. The governing rule is that accountability must not be purchased by converting the person into the surveillance substrate.
C.1 The privacy bound and why PSC treats it as a validity condition
A PSC is invalid when it proposes to “solve accountability” by expanding personal logging broadly and indefinitely, because that strategy transfers institutional uncertainty onto affected persons as exposure and persistence. The PSC therefore adopts a privacy bound aligned with risk and outcome oriented approaches in privacy risk management, in which organizations manage privacy risk in parity with other enterprise risks rather than treating privacy as a narrow compliance perimeter.
This is not a claim that data collection is never necessary. It is a claim that the burden of proof is reversed: the institution must show necessity, minimization, bounded retention, and contestability enabling design, rather than presuming that more capture is the default route to auditability.
C.2 Patterns that prove behavior without generalized capture
Pattern 1: Aggregated contestability telemetry. Collect dispute outcomes, SLA performance, and reversal rates in aggregate, tied to decision types and irreversibility classes, with strict access control. This yields evidence of closure failures without retaining granular personal narratives.
Pattern 2: Sampling with structured audits. Use statistically meaningful sampling of decision trace records, audited under confidentiality, to verify compliance with reason custody and conduct invariants, while avoiding universal retention of high detail traces. This mirrors established privacy framework logic: evaluate ecosystem parties and obligations through audits and evaluations rather than omnivorous surveillance.
Pattern 3: Privacy preserving measurement using differential privacy. When metrics must be published or broadly shared, apply differential privacy to reduce reidentification risk while preserving utility, using calibrated noise mechanisms. Differential privacy’s core contribution is the ability to publish aggregate insights while bounding the incremental privacy loss from any one individual’s inclusion.
Pattern 4: Cryptographic commitments for logs. Use tamper evident logging and commitments that prove integrity and sequence of events without exposing raw contents broadly; auditors can verify that records were not rewritten while access remains minimized.
Pattern 5: Synthetic and counterfactual test harnesses. Demonstrate bounded inference and conduct invariants through controlled test suites and counterfactual cases that do not require storing real person trajectories beyond what is necessary for contestation.
Pattern 6: Two layer disclosure architecture. Maintain a public PSC that remains contestable and meaningful, plus confidential annex evidence for regulators and auditors, while explicitly resisting the temptation to bury the only falsifying evidence behind trade secrecy claims. FOIA’s exemption for confidential commercial information illustrates how confidentiality may be legally recognized, but PSC requires design that preserves contestability instead of relying on litigation to pry open proof.
C.3 Explicit warnings about surveillance creep
First, embedding systems can create residues that behave like durable identifiers even when raw data are deleted; PSC therefore requires a residue class explicitly for embeddings and derived representations, and requires a withdrawal semantics declaration for each. Second, “audit logs” can become shadow dossiers if retention is not bounded and access is not constrained; PSC therefore requires retention limits and justification for any extended retention. Third, fraud detection environments are uniquely prone to justificatory expansion because suspicion invites capture; PSC therefore requires vulnerability conditioned narrowing of inference and escalation constraints, not only accuracy targets.
Appendix C closing triad
PSC claim added or sharpened: Accountability is invalid when purchased primarily through generalized surveillance; proof must be engineered as evidence objects, not extracted as life capture.
Evidence object introduced or refined: Privacy preserving aggregate contestability telemetry plus audited sampling plans.
Invalidation condition enabled: Capture invalidation I2 becomes enforceable when proof plans depend on expansive logging.
Appendix D. Two worked PSCs, end to end
These PSCs are complete specimens in PSC 1.0 format. They are not claims about any real agency, lender, or landlord. Their purpose is to demonstrate how PSC becomes a falsifiable institutional artifact under the book’s stress tests.
D.1 Worked PSC: Benefits eligibility and fraud detection
PSC ID: PSC D1 BENEFITS 1.0
System: Eligibility and Fraud Risk Triage for Benefits Continuation
Deployer: Public agency or delegated administrator
Purpose: Identify eligibility changes and triage fraud risk for investigation while preserving due process and preventing erroneous deprivation.
S1 Boundary. Inputs: reported income, employer reports, data matches, prior cases, identity verification signals. Outputs: continuation, verification request, suspension recommendation, fraud investigation referral. Downstream propagation: internal case notes, referrals to investigators, potential data sharing with other agencies.
S2 Stakes and irreversibility classes. A pre termination interruption of subsistence benefits is treated as irreversibility class high because restoration cannot retroactively undo hunger, eviction risk, or medical interruption; therefore tempo controls and contestability budgets are binding constraints, not service enhancements. The PSC is designed to satisfy constitutional due process constraints in the spirit of pre deprivation procedural protection recognized in welfare termination jurisprudence and balanced procedural factors in later administrative due process doctrine.
S3 Person Safety Bounds
Bounded inference: the system MUST restrict inference to eligibility relevant variables and MUST NOT infer character, intent, or “fraud propensity” beyond what is necessary for triage.
Bounded retention: high detail signals MUST be retained only as long as needed for contestability and legally required recordkeeping, then minimized.
Bounded escalation: referral escalation MUST require a human check when the output materially increases burden or investigation risk.
Bounded persuasion: communications MUST NOT use fear of prosecution or loss as pressure to waive rights or to consent to expanded data capture.
Bounded penalty: the system MUST NOT trigger automatic termination; it may trigger a hold only if S9 tempo and S4 contestability are satisfied.
Bounded irreversibility: any decision that could suspend or terminate benefits MUST trigger cooling and review before action.
S4 Contestability Budget
SLA 1: within 24 hours of any adverse change, the person MUST receive notice and an immediate path to live assistance.
SLA 2: within 5 business days, the person MUST receive a substantive review by an independent reviewer not involved in the initial triage.
Maximum steps: 5 steps end to end for initial contest.
Maximum documents: 3 documents unless the agency proves necessity.
Retaliation control: contesting MUST NOT increase fraud investigation likelihood absent new independent evidence.
This implements the core due process objective that procedures meaningfully reduce erroneous deprivation, not simply exist on paper.
S5 Custody for reasons
All generated text letters MUST be linked to a reason custody packet that contains: the actual eligibility rule invoked, the data match sources, the threshold crossed, and the human review action taken. “The model wrote it” is explicitly disallowed as a reason.
S6 Evidence Objects
E1: Decision trace record with match provenance and threshold logs.
E2: Reason custody packet with rule citations and data source provenance.
E3: Contestability ledger with SLA performance.
E5: Conduct invariants tests, including vulnerability cases.
E7: Redress ledger with restoration timestamps.
S7 Withdrawal and residue
Withdrawal semantics: a person may withdraw consent to optional data sources without losing eligibility; required sources are declared as necessary for program administration. Residue disclosure MUST state which artifacts remain to ensure contestability and integrity of benefit administration.
S8 Conduct invariants
Invariant D1 CI1: if vulnerability indicator is present (housing instability, disability, language barrier), the system MUST narrow inference and MUST not escalate based on low confidence signals.
Invariant D1 CI2: verification requests MUST be proportional and MUST not exceed the documentation maximum absent a written necessity statement.
S9 Tempo controls
Cooling: no termination or suspension action may occur until the person has had 10 calendar days after notice plus access to assistance. Any refusal of delay MUST be justified in writing and logged. This operationalizes “tempo as coercion control” for subsistence contexts.
S10 Redress, rollback, discontinuation
Correction: wrong match corrected within 5 days, with benefit restoration.
Restoration: immediate reissuance and fee reimbursement for costs caused by interruption when agency error is found.
Discontinuation trigger: if reversal rate exceeds threshold for two consecutive quarters or SLA breach exceeds threshold, the automated triage MUST be paused until recertified.
S11 Evasion countermeasures
Vendor laundering is countered by requiring vendor access to E1 and E2 artifacts under audit.
Appeal gating is countered by E3 telemetry and SLA audits.
S12 Invalidation conditions
If a person experiences interruption before the contestability budget timeline is met, PSC is invalid. If reason custody packets cannot be produced for a sample audit, PSC is invalid.
D1 closing triad
PSC claim added or sharpened: In benefits, subsistence stakes require that contestability and delay protections are preconditions to adverse action, not post hoc remedies.
Evidence object introduced or refined: Reason custody packets tied to generated communications.
Invalidation condition enabled: Tempo coercion invalidation I5 applied to pre termination actions.
D.2 Worked PSC: Credit and tenant screening
PSC ID: PSC D2 SCREENING 1.0
System: Screening Score and Adverse Action Pipeline for Credit and Housing
Deployer: Lender, property manager, screening agency, or platform acting as decision intermediary
Purpose: Support underwriting and rental decisions while preventing inference from becoming destiny through opaque propagation and irreversible residue.
S1 Boundary. Inputs: consumer reports, payment history, public record feeds, identity verification, employment verification, rental history, optional alternative data. Outputs: approve, conditional approve, deny, deposit requirements, manual review flags. Downstream propagation: adverse action notices, reporting to consumer reporting systems, sharing to landlords, and internal risk registries.
S2 Stakes and irreversibility classes. Denial of housing or credit is treated as high irreversibility when it propagates into durable records or when delay forecloses opportunity, so tempo controls and correction propagation are required. The system must align with statutory requirements on adverse action and reasons, and must treat contestability as a safety property rather than a compliance checkbox.
S3 Person Safety Bounds
Bounded inference: the system MUST limit factors to those materially tied to underwriting or tenancy criteria; it MUST NOT infer protected traits or proxies as decision drivers.
Bounded retention: raw reports and derived scores MUST have declared retention schedules; indefinite retention requires necessity proof.
Bounded escalation: manual review MUST be required for borderline decisions where a small correction could reverse outcome.
Bounded persuasion: communications MUST NOT coerce consent to expanded alternative data to avoid denial.
Bounded penalty: adverse action severity MUST be proportionate; conditional approvals require explanation of requirements.
Bounded irreversibility: any reporting that affects future opportunities MUST include correction propagation obligations.
S4 Contestability Budget
Notice: within 24 hours of adverse action, the applicant MUST receive a notice that is intelligible and contestable, including source disclosures and reason disclosures as required.
Dispute: the applicant MUST have a low cost dispute path with live support, and the process MUST not require legal counsel.
Resolution: disputes MUST be resolved within 30 days for credit contexts where that timeline is recognized as a standard notification period for completed applications; faster SLAs apply where housing opportunity windows are shorter.
S5 Custody for reasons
The system MUST be able to state specific reasons that accurately describe factors actually considered, and MUST NOT use generic “did not meet internal standards” language. This is made explicit in Regulation B interpretations requiring that reasons relate to and accurately describe factors actually considered, and that insufficient statements include internal standards or failure to achieve a qualifying score.
S6 Evidence Objects
E1: Decision trace record including which report elements were used.
E2: Reason custody packet that maps reasons to factors and thresholds.
E3: Contestability ledger with dispute outcomes.
E4: Withdrawal proof packet for optional alternative data sources.
E8: Propagation registry listing downstream recipients and correction propagation pathways.
S7 Withdrawal and residue
Alternative data withdrawal: the applicant may withdraw optional data sources; the deployer MUST disclose what residue remains, including derived scores or embeddings, and MUST state necessity if retention continues. This is framed alongside broader data subject rights regimes that distinguish access and erasure while recognizing lawful retention needs.
S8 Conduct invariants
Invariant D2 CI1: low confidence signals MUST NOT produce permanent negative markers.
Invariant D2 CI2: if the decision relies on a third party report, the system MUST generate the disclosures required and provide a path to dispute that does not route responsibility into a vendor void.
Invariant D2 CI3: the system MUST log automation bias controls in human review and ensure reviewers have authority to override, consistent with oversight obligations for high risk contexts that require effective oversight and ability to monitor and intervene.
S9 Tempo controls
Cooling: for conditional approvals requiring deposits or immediate commitments, a minimum cooling period MUST be provided before irreversible commitments, and refusal of delay MUST be justified and logged.
S10 Redress, rollback, discontinuation
Correction: if error is found, the deployer MUST propagate correction to all recipients in the propagation registry.
Restoration: if opportunity loss occurred due to error, compensation mechanisms must exist where legally permitted and contractually committed.
Discontinuation: if the system cannot produce reason custody packets that match actual factors, or if dispute reversal rates exceed threshold, the automated component MUST be suspended pending recertification.
S11 Evasion countermeasures
Pseudo explanations are countered by requiring reason custody packets and by auditing whether reasons correspond to real factors.
Trade secrecy shields are countered by dual disclosure and regulator audit access, acknowledging legal confidentiality boundaries while designing contestability to survive them.
S12 Invalidation conditions
If adverse action notices fail specificity requirements, PSC is invalid. If correction propagation cannot be executed, PSC is invalid. If disputes require professionalization to navigate, PSC is invalid.
D2 closing triad
PSC claim added or sharpened: In screening, legality and legitimacy converge on reason specificity and correction propagation, because inference becomes destiny primarily through residue and reuse.
Evidence object introduced or refined: Propagation registry plus correction propagation proof.
Invalidation condition enabled: Propagation invalidation I6 applied to adverse action contexts.
Works Cited
Armstrong v. Manzo. 380 U.S. 545. Supreme Court of the United States, 1965. Library of Congress, tile.loc.gov/storage-services/service/ll/usrep/usrep380/usrep380545/usrep380545.pdf. Accessed 31 Dec. 2025.
Austin, J. L. How to Do Things with Words. Edited by J. O. Urmson and Marina Sbisà, 2nd ed., Harvard UP, 1975.
Bietti, Elettra. “From Ethics Washing to Ethics Bashing: A View on Tech Ethics from Within Moral Philosophy.” SSRN, Jan. 2020, ssrn.com/abstract=3513182. Accessed 31 Dec. 2025.
Board of Governors of the Federal Reserve System and Office of the Comptroller of the Currency. Supervisory Guidance on Model Risk Management (SR 11-7). 4 Apr. 2011, http://www.federalreserve.gov/supervisionreg/srletters/sr1107a1.pdf. Accessed 31 Dec. 2025.
Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency. Interagency Guidance on Third-Party Relationships: Risk Management (SR 23-4 Attachment). 7 June 2023, http://www.federalreserve.gov/supervisionreg/srletters/sr2304a1.pdf. Accessed 31 Dec. 2025.
Bradner, Scott. “Key Words for Use in RFCs to Indicate Requirement Levels.” RFC 2119, Internet Engineering Task Force, Mar. 1997, http://www.rfc-editor.org/rfc/rfc2119. Accessed 31 Dec. 2025.
Cahoo v. SAS Analytics Inc. 912 F.3d 887. U.S. Court of Appeals for the Sixth Circuit, 2019.
Cao, Yinzhi, and Junfeng Yang. “Towards Making Systems Forget with Machine Unlearning.” 2015 IEEE Symposium on Security and Privacy, IEEE, 2015, pp. 463–480. doi:10.1109/SP.2015.35.
California Legislative Information. California Civil Code § 1798.105 (“Consumers’ Right to Delete Personal Information”). State of California, leginfo.legislature.ca.gov. Accessed 31 Dec. 2025.
Chandramouli, Ramaswamy, and Eric Hibbard. Guidelines for Media Sanitization. NIST Special Publication 800-88r2, National Institute of Standards and Technology, Sept. 2025. doi:10.6028/NIST.SP.800-88r2.
Citron, Danielle Keats, and Frank Pasquale. “The Scored Society: Due Process for Automated Predictions.” Washington Law Review, vol. 89, no. 1, 2014, pp. 1–34.
Coalition for Content Provenance and Authenticity (C2PA). Content Credentials: C2PA Technical Specification. Version 2.1, 20 Sept. 2024. PDF, c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html. Accessed 31 Dec. 2025.
“Cooling-off Period for Sales Made at Home or Other Locations.” Code of Federal Regulations, Title 16, Part 429. Federal Trade Commission, http://www.ftc.gov/legal-library/browse/rules/cooling-period-sales-made-home-or-other-locations. Accessed 31 Dec. 2025.
Consumer Financial Protection Bureau. Advisory Opinion: Fair Credit Reporting; Background Screening. 11 Jan. 2024, files.consumerfinance.gov/f/documents/cfpb_advisory-opinion_fair-credit-reporting_background-screening_2024-01.pdf. Accessed 31 Dec. 2025.
Consumer Financial Protection Bureau. “What Should I Do If My Rental Application Is Denied Because of a Tenant Screening Report?” 30 Oct. 2025, http://www.consumerfinance.gov/ask-cfpb/what-should-i-do-if-my-rental-application-is-denied-because-of-a-tenant-screening-report-en-2113/. Accessed 31 Dec. 2025.
Consumer Financial Protection Bureau, Federal Trade Commission, U.S. Department of Housing and Urban Development, and U.S. Department of Justice. Tenant Background Checks and Your Rights. Mar. 2024. PDF.
Convention on the Rights of Persons with Disabilities. United Nations, 13 Dec. 2006, Articles 12 and 22. treaties.un.org. Accessed 31 Dec. 2025.
Crawford, Vincent P., and Joel Sobel. “Strategic Information Transmission.” Econometrica, vol. 50, no. 6, Nov. 1982, pp. 1431–1451.
Dwork, Cynthia, Frank McSherry, Kobbi Nissim, and Adam Smith. “Calibrating Noise to Sensitivity in Private Data Analysis.” Theory of Cryptography Conference (TCC 2006), edited by Shai Halevi and Tal Rabin, Springer, 2006, pp. 265–284. Lecture Notes in Computer Science, vol. 3876.
European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). Official Journal of the European Union, L 119, 4 May 2016. EUR-Lex, eur-lex.europa.eu/eli/reg/2016/679/oj/eng. Accessed 31 Dec. 2025.
European Union. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence and Amending Certain Union Acts (Artificial Intelligence Act). Official Journal of the European Union, 12 July 2024. EUR-Lex, eur-lex.europa.eu/eli/reg/2024/1689/oj/eng. Accessed 31 Dec. 2025.
Fair Credit Reporting Act. 15 U.S.C. §§ 1681–1681x. United States Code. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov. Accessed 31 Dec. 2025.
Federal Trade Commission. Bringing Dark Patterns to Light: An FTC Staff Report. Sept. 2022. PDF, http://www.ftc.gov/system/files/ftc_gov/pdf/bringing_dark_patterns_to_light.pdf. Accessed 31 Dec. 2025.
Federal Trade Commission. “FTC Policy Statement on Unfairness.” 17 Dec. 1980, http://www.ftc.gov/legal-library/browse/ftc-policy-statement-unfairness. Accessed 31 Dec. 2025.
Federal Trade Commission. “What to Know About Tenant Background Checks.” 2024, http://www.ftc.gov/consumer-alerts/2024/01/what-know-about-tenant-background-checks. Accessed 31 Dec. 2025.
Federal Trade Commission and Consumer Financial Protection Bureau. “FTC and CFPB Settlement to Require Trans Union to Pay $15 Million over Charges It Failed to Ensure Accuracy of Tenant Screening Reports.” 12 Oct. 2023, http://www.ftc.gov/news-events/news/press-releases/2023/10/ftc-cfpb-settlement-require-trans-union-pay-15-million-over-charges-it-failed-ensure-accuracy-tenant. Accessed 31 Dec. 2025.
Federal Trade Commission and Consumer Financial Protection Bureau v. TransUnion Rental Screening Solutions, Inc., and Trans Union LLC. Complaint. 12 Oct. 2023. PDF, http://www.ftc.gov/system/files/ftc_gov/pdf/TransUnion-Complaint-Filed.pdf. Accessed 31 Dec. 2025.
Federal Trade Commission and Consumer Financial Protection Bureau v. TransUnion Rental Screening Solutions, Inc., and Trans Union LLC. Stipulated Order for Permanent Injunction, Monetary Judgment, Civil Penalty Judgment, and Other Relief (Final). 20 Oct. 2023. Federal Trade Commission, http://www.ftc.gov/legal-library/browse/cases-proceedings/transunion-rental-screening-solutions-inc-trans-union-llc-ftc-cfpb-v-timeline-item-2023-10-20. Accessed 31 Dec. 2025.
Food Marketing Institute v. Argus Leader Media. 139 S. Ct. 2356. Supreme Court of the United States, 2019.
Goldberg v. Kelly. 397 U.S. 254. Supreme Court of the United States, 1970. Library of Congress, tile.loc.gov/storage-services/service/ll/usrep/usrep397/usrep397254/usrep397254.pdf. Accessed 31 Dec. 2025.
GSN Community Standard Working Group. GSN Community Standard. Version 1, Nov. 2011. PDF, http://www.faa.gov/sites/faa.gov/files/aircraft/air_cert/design_approvals/air_software/AR-08-32_GSN.pdf. Accessed 31 Dec. 2025.
Health and Safety Executive. Reducing Risks, Protecting People: HSE’s Decision-Making Process. HSE Books, 2001.
Information Commissioner’s Office. Explaining Decisions Made with AI. Annex 5 (“Argument-Based Assurance Cases”). Information Commissioner’s Office, ico.org.uk. Accessed 31 Dec. 2025.
International Organization for Standardization. ISO/IEC 23894:2023 Information Technology: Artificial Intelligence: Guidance on Risk Management. ISO, 2023. Accessed 31 Dec. 2025.
Kroll, Joshua A., Joanna Huey, Solon Barocas, Edward W. Felten, Joel R. Reidenberg, David G. Robinson, and Harlan Yu. “Accountable Algorithms.” University of Pennsylvania Law Review, vol. 165, no. 3, 2017, pp. 633–705.
Leiba, Bernard, and Erik Guttman. “Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words.” RFC 8174, Internet Engineering Task Force, May 2017, http://www.rfc-editor.org/rfc/rfc8174. Accessed 31 Dec. 2025.
Lipsky, Michael. Street-Level Bureaucracy: Dilemmas of the Individual in Public Services. 30th Anniversary ed., Russell Sage Foundation, 2010.
Logan v. Zimmerman Brush Co. 455 U.S. 422. Supreme Court of the United States, 1982. U.S. Government Publishing Office, http://www.govinfo.gov/content/pkg/USREPORTS-455/pdf/USREPORTS-455-422.pdf. Accessed 31 Dec. 2025.
Louis v. SafeRent Solutions, LLC. Civil Action No. 1:22-cv-10800-AK (D. Mass.). Final Approval Order, 20 Nov. 2024.
Mani, Anandi, Sendhil Mullainathan, Eldar Shafir, and Jiaying Zhao. “Poverty Impedes Cognitive Function.” Science, vol. 341, no. 6149, 2013, pp. 976–980. doi:10.1126/science.1238041.
Mathews v. Eldridge. 424 U.S. 319. Supreme Court of the United States, 1976.
Ministry of Defence (UK). Defence Standard 00-56: Safety Management Requirements for Defence Systems. Issue 4. Ministry of Defence, UK Government. Accessed 31 Dec. 2025.
Mitchell, Margaret, Simone Wu, Andrew Zaldivar, Parker Barnes, Lucy Vasserman, Ben Hutchinson, Elena Spitzer, Inioluwa Deborah Raji, and Timnit Gebru. “Model Cards for Model Reporting.” Proceedings of the Conference on Fairness, Accountability, and Transparency (FAT*), ACM, 2019, pp. 220–229. doi:10.1145/3287560.3287596.
Moynihan, Donald P., Pamela Herd, and Hope Harvey. “Administrative Burden: Learning, Psychological, and Compliance Costs in Citizen-State Interactions.” Journal of Public Administration Research and Theory, vol. 25, no. 1, 2015, pp. 43–69. doi:10.1093/jopart/muu009.
Motor Vehicle Manufacturers Association of the United States, Inc. v. State Farm Mutual Automobile Insurance Co. 463 U.S. 29. Supreme Court of the United States, 1983.
National Archives and Records Administration. “Characteristics of Records and Information.” National Archives and Records Administration, http://www.archives.gov. Accessed 31 Dec. 2025.
National Institute of Standards and Technology. Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST AI 100-1, Jan. 2023, nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf. Accessed 31 Dec. 2025.
National Institute of Standards and Technology. Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. NIST AI 600-1, July 2024. doi:10.6028/NIST.AI.600-1.
National Institute of Standards and Technology. Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST Special Publication 800-161r1, National Institute of Standards and Technology, May 2022, nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf. Accessed 31 Dec. 2025.
National Institute of Standards and Technology. NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Version 1.0, Jan. 2020, http://www.nist.gov/document/nist-privacy-frameworkv10pdf. Accessed 31 Dec. 2025.
Nichols, Albert L., and Richard J. Zeckhauser. “Targeting Transfers Through Restrictions on Recipients.” American Economic Review, vol. 72, no. 2, 1982, pp. 372–377.
Object Management Group. Structured Assurance Case Metamodel (SACM). Version 2.1, Dec. 2020, http://www.omg.org/spec/SACM/2.1/PDF. Accessed 31 Dec. 2025.
Office of Management and Budget. Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence. Memorandum M-24-10, 28 Mar. 2024. Executive Office of the President, http://www.whitehouse.gov/omb. Accessed 31 Dec. 2025.
Office of Management and Budget. Accelerating Federal Use of AI through Innovation, Governance, and Public Trust. Memorandum M-25-21, 3 Apr. 2025. Executive Office of the President, http://www.whitehouse.gov/omb. Accessed 31 Dec. 2025.
Office of Management and Budget. Driving Efficient Acquisition of Artificial Intelligence in Government. Memorandum M-25-22, 3 Apr. 2025. Executive Office of the President, http://www.whitehouse.gov/omb. Accessed 31 Dec. 2025.
Payne, John W., James R. Bettman, and Eric J. Johnson. “Adaptive Strategy Selection in Decision Making.” Journal of Experimental Psychology: Learning, Memory, and Cognition, vol. 14, no. 3, 1988, pp. 534–552. doi:10.1037/0278-7393.14.3.534.
Rushby, John. The Interpretation and Evaluation of Assurance Cases. Technical Report SRI-CSL-15-01, SRI International, July 2015, http://www.csl.sri.com/~rushby/papers/sri-csl-15-1-assurance-cases.pdf. Accessed 31 Dec. 2025.
Shah, Anuj K., Sendhil Mullainathan, and Eldar Shafir. “Some Consequences of Having Too Little.” Science, vol. 338, no. 6107, 2012, pp. 682–685. doi:10.1126/science.1222426.
Sunstein, Cass R. Sludge: What Stops Us from Getting Things Done and What to Do about It. MIT Press, 2021.
Thibaut, John W., and Laurens Walker. Procedural Justice: A Psychological Analysis. L. Erlbaum Associates, 1975.
The White House Office of Science and Technology Policy. Blueprint for an AI Bill of Rights. Oct. 2022, http://www.whitehouse.gov/ostp/ai-bill-of-rights/. Accessed 31 Dec. 2025.
Tyler, Tom R. Why People Obey the Law. Yale UP, 1990.
United States. Code of Federal Regulations. Title 12, § 1002.9 (“Notifications”) (Regulation B). U.S. Government Publishing Office, http://www.ecfr.gov. Accessed 31 Dec. 2025.
United States. Code of Federal Regulations. Title 12, § 1026.19 (“Certain Mortgage and Variable-Rate Transactions”). U.S. Government Publishing Office, http://www.govinfo.gov/content/pkg/CFR-2015-title12-vol9/pdf/CFR-2015-title12-vol9-sec1026-19.pdf. Accessed 31 Dec. 2025.
United States. Code of Federal Regulations. Title 24, § 100.500 (“Discriminatory Effect Prohibited”). U.S. Government Publishing Office, http://www.ecfr.gov. Accessed 31 Dec. 2025.
United States. Code of Federal Regulations. Title 28, § 35.160 (“Effective Communication”). U.S. Government Publishing Office, http://www.ecfr.gov. Accessed 31 Dec. 2025.
United States. Code of Federal Regulations. Title 48, § 52.215-2 (“Audit and Records—Negotiation”) (Federal Acquisition Regulation). Acquisition.gov, http://www.acquisition.gov/far/52.215-2. Accessed 31 Dec. 2025.
United States. United States Code. Title 5, § 552(b)(4) (Freedom of Information Act Exemption 4). Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov. Accessed 31 Dec. 2025.
United States. United States Code. Title 5, § 706. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov/view.xhtml?edition=prelim&num=0&req=granuleid%3AUSC-prelim-title5-section706. Accessed 31 Dec. 2025.
United States. United States Code. Title 5, § 557. Legal Information Institute, Cornell Law School, http://www.law.cornell.edu/uscode/text/5/557. Accessed 31 Dec. 2025.
United States. United States Code. Title 12, § 5531 (“Prohibiting Unfair, Deceptive, or Abusive Acts or Practices”). Legal Information Institute, Cornell Law School, http://www.law.cornell.edu/uscode/text/12/5531. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 45(n) (“Unfairness Standard”). Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1635 (“Right of Rescission as to Certain Transactions”). U.S. Government Publishing Office, http://www.govinfo.gov/content/pkg/USCODE-2011-title15/pdf/USCODE-2011-title15-chap41-subchapI-partB-sec1635.pdf. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1681i. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov/view.xhtml?path=/prelim@title15/chapter41/subchapter3/section1681i&edition=prelim. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1681m. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1681n. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov/view.xhtml?path=/prelim@title15/chapter41/subchapter3/section1681n&edition=prelim. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1681o. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov/view.xhtml?path=/prelim@title15/chapter41/subchapter3/section1681o&edition=prelim. Accessed 31 Dec. 2025.
United States. United States Code. Title 15, § 1681s-2. Office of the Law Revision Counsel, U.S. House of Representatives, uscode.house.gov/view.xhtml?path=/prelim@title15/chapter41/subchapter3/section1681s-2&edition=prelim. Accessed 31 Dec. 2025.
United States. United States Code. Title 42, § 3604 (Fair Housing Act Discrimination Provisions). Legal Information Institute, Cornell Law School, http://www.law.cornell.edu/uscode/text/42/3604. Accessed 31 Dec. 2025.
United States. United States Code. Title 44, § 3301. Legal Information Institute, Cornell Law School, http://www.law.cornell.edu/uscode/text/44/3301. Accessed 31 Dec. 2025.
U.S. Department of Housing and Urban Development, Office of Fair Housing and Equal Opportunity. Guidance on Application of the Fair Housing Act to the Screening of Applicants for Rental Housing. 29 Apr. 2024. U.S. Department of Housing and Urban Development, http://www.hud.gov/sites/dfiles/FHEO/documents/GUIDANCE_SCREENING_FAIR_HOUSING_ACT.pdf. Accessed 31 Dec. 2025.
U.S. Department of Housing and Urban Development and U.S. Department of Justice. Joint Statement on Reasonable Accommodations under the Fair Housing Act. 17 May 2004. PDF. Accessed 31 Dec. 2025.
U.S. Department of Justice, Office of Public Affairs. “Justice Department Sues RealPage for Algorithmic Pricing Scheme That Harms Millions of American Renters.” 23 Aug. 2024. U.S. Department of Justice, http://www.justice.gov/opa/pr/justice-department-sues-realpage-algorithmic-pricing-scheme-harms-millions-american. Accessed 31 Dec. 2025.
W3C. PROV Overview: An Overview of the PROV Family of Documents. W3C Recommendation, 30 Apr. 2013, http://www.w3.org/TR/prov-overview/. Accessed 31 Dec. 2025.
Leave a comment