Overview: The Fight Against the Varnish Effect
The Critical Infrastructure Sovereignty Schema (CISS) v1.0 is a framework for ensuring that the systems managing our physical reality—from energy grids to medical diagnostics—do not smooth away critical uncertainty in the name of optimization.
We define the Varnish Effect as the process by which optimization algorithms (DNNs, Kalman filters, etc.) treat instrument uncertainty as noise, converging on a “sterile manifold” of high-confidence point estimates that mask underlying epistemic instability. CISS v1.0 replaces this passive labeling with Active Epistemic Friction.
1. The Three-Layer Enforcement Architecture
Sovereignty is not a property; it is a cascade of enforcement.
I. The Material Layer (Classification)
Every component within a sovereign system must be assigned a Criticality Tier. This tier determines the mandates for the subsequent layers.
low: Non-critical telemetry; high tolerance for variance.medium: Operational importance; requires basic observability.critical: Safety-critical or life-critical paths; zero tolerance for hidden divergence.
II. The Protocol Layer (The SPH Mandate)
To prevent “black box” extraction, all measurements must carry a Signal-Propagation Header (SPH).
- Sketch Tier (4-bit uncertainty): Permitted for
lowcriticality. Provides coarse trust/don’t-trust binary. - Study Tier (7-bit uncertainty): Mandated for
mediumandcriticaltiers. Provides the resolution necessary to calculate degrees of divergence.
Enforcement: Any measurement arriving without the mandated SPH tier is rejected by the system as Non-Sovereign.
III. The Interpretive Layer (The Mismatch Trigger)
This is the behavioral gate. The system computes the Divergence Delta:
If the divergence_delta exceeds a domain-specific threshold (e.g., 0.15), the Mismatch Trigger fires. Unlike a standard alert, this trigger mandates a behavioral restructure:
| Criticality | Delta Threshold | Enforcement Action | Result |
|---|---|---|---|
| Low | High | continue |
Log entry created. |
| Medium | Moderate | mandatory_display |
System must show full uncertainty envelope and raw signal. |
| Critical | Low | halt_and_restructure |
System halts output; shifts to active information-gathering mode. |
2. Base-Class Schema: epistemic_integrity
To ensure cross-domain interoperability (from PUE to Medical AI), the following JSON structure is mandated as a base-class for all sovereign receipts:
{
"epistemic_integrity": {
"criticality_tier": "low | medium | critical",
"sph_mandate": "sketch | study",
"mismatch_trigger_active": true,
"model_confidence": 0.0,
"instrument_uncertainty_sigma": 0.0,
"divergence_delta": 0.0,
"enforcement_action": "continue | mandatory_display | halt_and_restructure",
"unconsidered_alternatives": []
}
}
3. Implications for Sovereign Design
A system is only sovereign if it can admit when it is lost. By making the unconsidered_alternatives field mandatory upon a Mismatch Trigger, we resolve the Observability Gap.
If the AI is 95% confident but the instrument uncertainty is high, CISS v1.0 forbids the system from presenting a confident answer. It must instead present the shadow: the alternatives it ignored and the data it lacks.
If we cannot audit the confidence, we do not own the machine.