Founder memo · May 2026 · edited web version

An Open Memo on Action-Level Assurance

Addressed first to Canada's AI policy community. The point is broader: when AI does something real, people should be able to see the rule, the yes, and the receipt.

See a sample receipt Read the boundaries

By Vincent Nijjar

High-impact AI systems should leave proof when they do something real.

AI is starting to do real things. It can change files, call tools, move data, run commands, start workflows, and affect people.

That means governance cannot stop at asking whether an AI system should exist. It also has to ask what happens when that system tries to act.

For action surfaces routed through it, ZLAR is the doorway for the AI action before it does something real. The doorway checks a signed rule. The rule can allow, block, or ask a person to say yes. The receipt records what counted as authorized effect.

ZLAR is Canadian-built and operator-held. The deploying institution holds the rules, decisions, and records.

The Policy Gap

Most AI governance asks system questions: should this system be deployed, was it tested, and who is responsible for it?

Those questions matter. They do not answer the runtime question: should this action happen now?

When AI updates a record, sends a notice, moves data, or calls a tool, people need a record of that action. They need to know what rule was used, whether it was allowed or blocked, whether a person said yes, and whether the proof still verifies.

What ZLAR Asks For

ZLAR asks for a simple shape around high-impact AI action:

  • A defined doorway before the action happens.
  • Signed rules that the AI cannot rewrite while it is trying to act.
  • A real person when the rule says a person must decide.
  • Enough time and room for that person to say no.
  • A receipt after the decision.
  • A coverage report that says what passed through ZLAR and what did not.

A fast no can be real. A fast yes can be dangerous. The policy question is not just whether a human was technically in the loop. It is whether the yes was meaningful.

Where The Doorway Sits

ZLAR sits before action, not inside the AI's explanation of itself. The AI may plan, write, reason, and request. Before a routed action takes effect, ZLAR checks the rule.

This matters because another AI judging the action is still AI in the enforcement path. A classifier, trust score, model-grounded check, or content scanner may be useful, but it is not the same as a signed rule outside the AI's reach.

ZLAR's bet is plain: the rule should not be made up by the same system trying to act.

Where ZLAR Is Today

Working today in bounded routed paths:

  • Deterministic rule checks for governed actions.
  • Signed rule evaluation.
  • Allow, block, or human-approval decisions for routed actions.
  • Human approval over a configured channel outside the AI's runtime when policy requires a person; no live approval-channel health is claimed here.
  • Tamper-evident audit chain.
  • Signed receipts that can be verified locally.
  • Trust Lane attention checks in a supported local deployment path.
  • Software-rooted signing authority for rules and constitution.

Future work, not current public authority:

  • Packaged verifier kit for outside-party validation.
  • External witnessing and attestation only when a real non-operator verifier produces bounded evidence.
  • Worker-facing receipts and a clear contestability path for affected people.

The Evidence Bundle

The evidence bundle is the record produced by a governed AI run. It answers plain questions: what did ZLAR govern, what did the AI try to do, what rule applied, was the action allowed or blocked, did a person say yes, and can the record still be verified?

AI governance is also concrete evidence. Ask for the record.

The Bounded Claim

ZLAR's claim is precise. For actions routed through ZLAR, the system applies deterministic rules and produces evidence of the decision.

ZLAR does not claim to govern every AI action everywhere. It governs routed or intercepted action surfaces. Model intent, bias evaluation, privacy law, safety analysis, and legal authority still need their own work.

ZLAR's strength depends on deployment quality: the action is routed through ZLAR, bypass paths are closed, the rule is signed and appropriate, approval flows are configured correctly, the audit chain is preserved, and any external verifier claim is backed by a real bounded verifier result.

A Policy Proposal

Minimum action-level assurance for high-impact AI deployments should include:

  • A defined doorway before action.
  • Deny-first rules for high-risk actions.
  • Human authorization for important actions, outside the AI's runtime.
  • Tamper-evident audit records.
  • Decision receipts.
  • Coverage reports showing what passed through the doorway and what did not.
  • A contestability path for affected people.

This does not replace model evaluation or system-level AI governance. It carries those commitments into the moment when AI tries to act.

To Canada's AI Policy Community

This memo is a request for engagement.

The question for policy is simple: when high-impact AI does something real, should the organization be expected to show the rule, the decision, the person if there was one, the receipt, and the coverage boundary?

Test that question against ZLAR. Test it against any vendor or framework. Ask where the doorway sits. Ask whether the AI can route around it. Ask whether the record can still be verified after the run.

Run the AI. Export the proof. Show what happened.

Disclosure

This memo is policy argument and founder voice. ZLAR's public claim remains bounded to actions that pass through routed or intercepted ZLAR gate surfaces.