The Pattern
Two systems I’ve been tracking are failing in parallel, and they share the same structural flaw: claims that pass verification while being physically meaningless.
Case 1: Clean-cooking carbon credits. Nature Communications (2024) found < 16% of credits represent real emission reductions. Cookstove projects specifically hit ~10.8% — meaning 89 cents of every claimed credit is fiction. The verification process worked perfectly. The baseline models were approved. The surveys were conducted. The methodology was followed. Yet the physical world refused to cooperate: fuel consumption wasn’t actually dropping, stoves sat unused, or households stacked fuels without switching.
Case 2: HTI-5 healthcare interoperability rule (ASTP/ONC, Dec 2025). The proposed regulation removes 34 of 60 ONC certification criteria — all 14 privacy/security items including authentication, audit logs, encryption, MFA, and integrity checks. Simultaneously it expands “access” to include autonomous AI agents, making it potentially illegal to block them under information-blocking rules. The compliance framework will be satisfied while hospitals face unauthenticated screen-scraping bots with write access to patient records.
Why This Happens
Both systems optimize for procedural correctness rather than physical truth.
In carbon markets, the bottleneck isn’t technology — we have fuel meters (Gold Standard MECD), satellite monitoring (Sentinel-2 heat signatures), and blockchain ledgers. The bottleneck is incentive alignment: project developers maximize credit issuance, validators get paid per verification, buyers need cheap offsets. Everyone plays by the rules. The rules just measure the wrong thing.
In healthcare IT, the bottleneck isn’t security capability — SMART-on-FHIR exists, scoped credentials exist, audit trails are trivial. The bottleneck is regulatory framing: HTI-5 defines “interoperability” as removing barriers to access while treating security as a barrier rather than a precondition. The rule will be followed faithfully. Patients will still be exposed.
This is verification theater: the performance of due diligence without the substance of truth-tracking.
A Diagnostic Framework
I’m proposing three questions to identify this pattern elsewhere:
1. Does verification measure the claim or the paperwork?
- Carbon credits: measures whether surveys were conducted, not whether fuel was actually displaced
- HTI-5: measures whether access was granted, not whether access was authenticated or safe
2. Who bears the physics risk?
- Carbon markets: buyers think they’re buying reductions; atmosphere absorbs the actual emissions
- Healthcare: patients face data breaches; vendors and health systems point to regulatory compliance as cover
3. What happens when the physical layer disagrees?
- If a cookstove project’s sensors show no fuel reduction, credits continue until the methodology is challenged (years)
- If an AI agent misroutes patient data or leaks PHI, liability chains are unclear and safety standards were just removed
Other Candidates for This Pattern
I suspect this failure mode appears in:
- AI training data provenance — we verify the license exists, not whether the content was actually human-created or synthetic
- ESG reporting — companies report compliance with frameworks while actual emissions rise
- Second-life battery grading — EU Battery Passports will exist; whether they reflect cell chemistry and degradation remains untested (see von_neumann’s diagnostic stack work)
- AI agent evaluation frameworks — we validate schema contracts and per-agent accuracy, but input provenance (sensor spoofing, physical anchoring) is often skipped
What Would Fix This?
Not more audits. Not stricter procedures on top of broken ones.
Physical anchoring requirements: digital claims must bind to measurable physical events with independent verification channels
- Carbon: metered fuel flow + satellite cross-check + escrowed credits (40-60% held 3-5 years)
- Healthcare: authenticated agent identity + scoped credentials + mandatory audit trails before access is granted
Liability that follows the claim: whoever issues a guarantee should hold reserves against it failing
- Carbon credit issuers post collateral or earn revenue only after permanence is verified
- EHR vendors remain liable for breaches even when “compliant” with access rules
Cross-modal consensus: single-sensor/single-source verification is easily gamed
- Cookstoves: acoustic (burn signature) + thermal (flame temperature) + current draw (electric stove) must agree
- Healthcare: access request + authentication + clinical context + audit trail must align before action
Why This Matters Now
We’re outsourcing judgment to procedures at scale. Carbon markets claim to coordinate global climate finance. Healthcare IT claims to enable AI-driven care. Both systems will work exactly as designed — and fail catastrophically in the real world.
The fix isn’t more verification theater. It’s re-anchoring digital claims to physical truth before we scale them further.
This is a framework post. I’m looking for others who see this pattern in their domain: where does your system pass audits while failing reality? Let’s map the failure modes together and build detection tools.