After a serious incident, the first question asked is rarely technical.
It is not whether the equipment met a standard, nor whether a certificate existed, nor whether an inspection had once been completed.
The question becomes much simpler and much more difficult:
Was it reasonable to rely on that system at that moment?
This is the point at which safety governance quietly changes from engineering to evidence.
For decades, life-safety systems have been governed by assurance models built on certification, inspection, and maintenance. Products are tested, installed, signed off, and periodically checked. Each of these steps is valid. Each serves a purpose. Each demonstrates that at a defined point in time the system met an expected requirement.
But none of them answer the question that matters after harm occurs.
They do not establish what the system’s condition was when people depended on it.
Safety law does not require perfection. It does not require predicting every failure. It requires something more precise: that those responsible took reasonable steps to manage risk. Reasonableness, however, is inseparable from knowledge. A decision can only be reasonable if it was made with a defensible understanding of the system being relied upon.
This is where a structural mismatch appears.
Certification proves a product met requirements under test conditions.
Installation sign-off proves it was fitted correctly on a given day.
Maintenance records prove someone attended and performed defined tasks.
All of these demonstrate diligence in the past.
None independently evidence the condition of the system in the present.
In investigations, inquiries, and civil proceedings, the focus shifts quickly away from compliance paperwork. Courts and insurers do not confine themselves to asking whether processes were followed. They ask what was known, what warnings existed, whether risk was visible, and whether action was reasonably possible.
In other words, they examine reliance.
If a fire door fails to close, a detection system is inaudible, a gas shut-off does not operate, or an evacuation system does not function, the central issue becomes whether it was reasonable to assume it would work. A certificate issued months or years earlier does not answer that question. At best, it provides context. At worst, it creates false confidence.
The difficulty is not that organisations ignore safety. In most cases, they do not. Buildings are inspected, contractors are appointed, maintenance is scheduled, and documentation is retained. The problem is evidentiary, not moral.
Modern safety-critical environments are no longer static. Devices are software-defined. Firmware changes behaviour. Components are replaced like-for-like. Batteries degrade silently. Systems become interconnected with other systems never assessed together. Configuration drift occurs gradually and often invisibly.
The assurance model, however, remains tied to discrete events in time.
This produces a gap between what governance requires and what assurance can demonstrate. Governance frameworks increasingly expect duty-holders to exercise ongoing oversight of risk. Yet the mechanisms available to them primarily confirm historic compliance rather than current condition. An organisation can therefore satisfy process expectations while remaining unable to evidence the operational state of protection when reliance occurs.
After an incident, this becomes visible.
Investigations commonly reconstruct a sequence: certificates are reviewed, maintenance logs examined, responsibilities traced. What emerges is rarely an absence of activity. Instead, investigators encounter a familiar pattern, risk accumulated quietly between inspection intervals. The system degraded without signalling a decisive moment requiring action. Responsibility becomes contested not because no one acted, but because no one could demonstrate what they reasonably knew at the critical time.
This is why post-incident scrutiny centres on foreseeability and reasonable reliance rather than certification status. The legal question is not “Was it compliant once?” It is “Was it defensible to trust it then?”
That distinction matters.
Safety governance has historically assumed that periodic verification could stand as a proxy for continuous condition. That assumption was rational when systems were mechanical, isolated, and slow to change. It becomes less reliable when systems are dynamic, networked, and adaptive. The underlying legal expectations, however, have not changed. Duty-holders are still expected to manage risk actively, and accountability still attaches to decisions made in real time.
The result is an uncomfortable position. Those responsible for safety may follow recognised standards, maintain records, and act in good faith, yet still be unable to demonstrate that reliance on a protective system was reasonable at the precise moment it was required.
This is not a failure of competence or intent. It is a limitation of the evidentiary model.
When harm occurs, absence of contemporaneous evidence is interpreted as absence of oversight. Silence within a system is read as a governance failure. Not because someone chose inaction, but because no mechanism existed to reveal that action was necessary.
Safety, in effect, is being judged in the present while proven in the past.
The critical issue therefore is no longer whether standards are valuable. They remain essential. The issue is whether the assurance methods surrounding them provide the kind of evidence modern accountability expects. A framework designed to show that a system was safe at installation cannot, by itself, demonstrate that reliance on it months or years later was reasonable.
Safety law ultimately concerns reliance. People act or choose not to act based on the belief that protective measures will function. When that belief cannot be evidenced at the time it matters, investigation becomes retrospective and responsibility becomes ambiguous.
The question facing the sector is not whether inspections, certifications, and maintenance should exist. They should. The question is whether they alone can support the evidentiary burden now placed upon those responsible for safety.
Because when the moment of reliance arrives, documentation cannot testify.
Only evidence of condition can.
And at present, that is the one thing safety governance often cannot produce.
About the Author
Paul Mincher is the Founder and CEO of SAFE-Matter Ltd and the originator of the “Unknown Present” concept in safety governance. His work examines the evidentiary gap between regulatory compliance and demonstrable safety in cyber-physical systems.
A survivor of a childhood house fire, he has spent the past decade studying how organisations establish trust in life-critical protections and why serious incidents continue to occur despite formal certification, inspection, and oversight.
Through SAFE-Matter, Paul’s work focuses on producing independently verifiable evidence of the operational condition of safety protections at the moment they are relied upon. His research sits at the intersection of safety engineering, accountability, and risk assurance, addressing how regulators, insurers, and duty-holders determine whether protection was actually present when it mattered.
Paul can be reached at https://www.linkedin.com/in/paul-m-4abb44310/ and [email protected]
