Legal-Evidence Reconstruction for Autonomous Incidents

Regulatory Framework

The evidentiary regime governing autonomous-system litigation is layered across multiple authorities. In United States federal practice, Federal Rule of Evidence 901 establishes the general authentication requirement: a proponent must produce evidence sufficient to support a finding that the item is what the proponent claims. FRE 902(13) and 902(14), added in 2017, provide self-authenticating treatment for records generated by an electronic process and for data copied from electronic devices respectively, on the condition that a qualified person certifies the process under FRE 902(11) procedures. The Federal Rules of Civil Procedure complete the discovery-side framework: FRCP Rule 26 governs the scope of discovery and the duty to disclose, while FRCP Rule 34 governs the production of electronically stored information in the form ordinarily maintained or in a reasonably usable form. Daubert v. Merrell Dow Pharmaceuticals and its progeny supply the admissibility standard for expert testimony interpreting the technical evidence.

In European practice, the eIDAS Regulation (Regulation (EU) No 910/2014, as amended by Regulation (EU) 2024/1183) provides qualified electronic seals and qualified electronic timestamps with legal effect equivalent to handwritten signatures and notarized timestamps respectively, when issued by qualified trust service providers under supervisory-body audit. The General Data Protection Regulation (Articles 5 and 17 in particular) imposes data-minimization and erasure obligations that constrain how long evidence may be retained and in what form. The EU e-Evidence Regulation (Regulation (EU) 2023/1543) and its accompanying Directive establish cross-border production-order and preservation-order procedures for electronic evidence held by service providers, with an eighteen-month implementation runway that brings the regime into force in August 2026.

Underlying both regimes are technical-handling standards. ISO/IEC 27037:2012 prescribes guidelines for the identification, collection, acquisition, and preservation of digital evidence, including chain-of-custody documentation, integrity verification, and the role of the Digital Evidence First Responder. NIST Special Publication 800-86 provides corresponding United States federal guidance for integrating forensic techniques into incident response. The American Bar Association's e-discovery best practices, periodically refreshed, codify the legal community's expectations for how electronic records are preserved, produced, and challenged. Across all of these, the common architectural assumption is that evidence presented to a court arrives with verifiable authentication, integrity, and lineage; the regimes do not prescribe a primitive for producing that evidence — they prescribe the standards an evidentiary artifact must meet.

Architectural Requirement

An autonomous-system architecture that produces evidence admissible under these regimes must satisfy four properties that the regulatory documents specify in objective terms but do not implement. First, observation integrity: each input the system received must be preserved with cryptographic binding to its source, time, and conditions of receipt, in a form that survives challenge under FRE 901 authentication and 902(13) self-authentication. Second, decision lineage: each action the system took must be linked to the specific observations and intermediate computations that produced it, in a form that supports Daubert-grade expert reconstruction. Third, policy-version binding: the governance policy under which each decision was evaluated — the calibration, the operational design domain definition, the safety-envelope thresholds, the version of the planning model — must be preserved as a first-class evidentiary object, identified and credentialed at the time the decision was made rather than reconstructed post hoc from engineering documentation. Fourth, temporal coherence: the lineage must be navigable backwards from the incident time to any prior moment, so that a court asking what was in force at time T receives a structurally complete answer rather than a partial reconstruction.

Data-only logging architectures satisfy the first property and partially satisfy the second; they fail the third and fourth structurally. A log records what the system did; it does not credential the rules under which the system did it. When the rules in force at time T are reconstructed from change-management tickets, OTA update records, and engineering memoranda, the reconstruction is sworn to by a witness rather than authenticated by the architecture. The defense costs of producing that witness, and the impeachment opportunities that the witness creates, are the operational consequence of the architectural gap.

Why Procedural Compliance Fails

Procedural compliance with the surrounding regimes — ISO/IEC 27037 chain-of-custody documentation, NIST SP 800-86 acquisition procedures, FRE 902(11) certification — is necessary but architecturally insufficient. A litigant can satisfy every procedural step and still arrive at the courtroom with an evidentiary product that has reconstructed policy state from non-architectural sources. Defense counsel asserts that the system operated correctly given the rules in force; plaintiff counsel cross-examines the witness who reconstructed those rules; the cross-examination opens reasonable-doubt seams that the architectural absence created.

The contemporary autonomous-vehicle docket illustrates the pattern. The Cruise pedestrian-drag incident in San Francisco produced a regulatory and litigation record in which the policy version, sensor-fusion calibration, and intervention-suppression behavior were reconstructed under regulator subpoena rather than read out of a structured evidentiary lineage. Waymo near-miss reports, the emerging robotaxi-incident category in Phoenix, Austin, and Los Angeles, autonomous-trucking incidents on the I-10 corridor, and autonomous-medical-decision incidents under FDA Software-as-a-Medical-Device pathways each contribute to a growing case law in which reconstruction effort dominates discovery cost. Each of these reconstructions can succeed on the merits and still leave the procedural-compliance evidence and the architectural-compliance evidence as separate categories the court must reason across.

The cross-border dimension compounds the gap. A vehicle operating in the European Union under eIDAS-anchored evidentiary expectations, in the United States under FRE 902(13)-(14) self-authentication, and across borders under the EU e-Evidence Regulation 2023/1543 production-order regime must produce a single architectural artifact that satisfies all three. GDPR Article 17 erasure rights interact with the retention obligations: an evidentiary artifact that holds personal data must be capable of selective minimization without destroying the lineage that authenticates the remaining content. Procedural compliance handles each regime separately; architectural compliance handles them coherently.

What the AQ Primitive Provides

The Adaptive Query integrity-coherence primitive supplies cryptographically-bound evidence as a first-class architectural product. Each observation entering the autonomous system is admitted as a credentialed event: source identity, sensor calibration version, time-source attestation, and content hash are bound together at admission. Each decision the system reaches is recorded with explicit reference to the observations consumed, the intermediate computations performed, and the policy version under which the decision was evaluated. Each policy update is itself a credentialed event: a new policy version is admitted with the credential of the issuing authority, the supersession relationship to the prior version, and the effective interval during which it governs. The evidentiary product is a coherent lineage rather than a collection of logs.

The court receives evidence that has structural integrity. Rather than 'the engineering team believes this was the policy in force,' the record shows 'policy version X was admitted under credential C at time T1, took effect at T2, and was superseded by policy version Y under credential C′ at time T3; decision D at time T_D references policy version X as the governing version and observation set O_D as the inputs.' The credential chain is auditable independent of the litigant's representation, satisfying FRE 901 authentication and supporting FRE 902(13)-(14) self-authentication where the certifying process is itself documented. eIDAS qualified electronic seals can anchor the credential roots for European admissibility; ISO/IEC 27037 chain-of-custody documentation describes the architectural lineage rather than reconstructing it. Daubert challenges to expert testimony narrow because the underlying data structure is reproducible, with the reasoning method exposed in the lineage rather than inferred by the expert.

GDPR Article 17 erasure obligations are satisfied through scoped redaction: a personal-data field can be removed from the credentialed event without invalidating the lineage's hash structure, provided the redaction is itself a credentialed event recorded under the data-protection authority's policy. The EU e-Evidence Regulation 2023/1543 production-order regime is supported by selective extraction: a production order for a specified time interval and event class extracts the relevant lineage subgraph with its credential chain intact, without producing the surrounding personal data of unrelated subjects. The architectural primitive answers the court's question structurally rather than through reconstruction.

Compliance Mapping

The primitive maps onto each regulatory layer additively. FRE 901 authentication is satisfied by the credentialed event structure: a witness can certify the process by which observations are admitted under FRE 902(11), and the resulting records qualify for FRE 902(13) and 902(14) self-authentication treatment. FRCP Rule 26 disclosure obligations are supported by lineage-aware production: the producible scope is defined by event class and time interval, with the credential chain intact in the produced subgraph. FRCP Rule 34 production-format requirements are satisfied because the lineage is preserved in its native form and is also reasonably usable in conventional case-management software through standard export formats. Daubert standard expert-testimony admissibility is supported because the reasoning method underlying the system's decisions is exposed in the lineage rather than concealed in unreviewable engineering artifacts.

eIDAS qualified electronic seals anchor the credential roots for European jurisdictions; qualified electronic timestamps, issued by qualified trust service providers, anchor the temporal claims. ISO/IEC 27037 evidence-handling guidelines describe the architectural lineage as the evidence; the Digital Evidence First Responder role becomes a verification function over an existing structure rather than an acquisition function over loose data. NIST SP 800-86 forensic procedures map similarly. ABA e-discovery best practices align with the primitive's selective-extraction capability. GDPR Article 5 data-minimization and Article 17 erasure obligations are honored through scoped redaction. The EU e-Evidence Regulation 2023/1543 cross-border production-order procedures are honored through selective extraction. The compliance evidence the litigant must produce becomes a reportable property of the architecture rather than a project the litigant assembles for each matter.

Adoption Pathway

Adoption proceeds along three concurrent tracks. The first is operator adoption: an autonomous-vehicle, autonomous-medical-device, or autonomous-industrial-equipment operator integrates the primitive at the architecture stage of a new platform, producing evidence-grade lineage as a structural property of the platform rather than a logging add-on. Operators that adopt the primitive reduce their litigation exposure across the entire deployment lifetime: each incident that reaches discovery produces a structurally-supported reconstruction rather than a witness-mediated one. The second is regulator adoption: highway-safety authorities, medical-device regulators, and industrial-safety regulators reference the primitive in their post-incident-report data-format expectations, on the same regulatory basis that current cybersecurity disclosure rules reference Common Vulnerability Scoring System scores. The third is judicial adoption: courts that handle autonomous-incident dockets — particularly the federal multi-district-litigation panels that consolidate AV and medical-device cases — develop expectations of structurally-supported reconstruction that procedural-compliance-only architectures cannot meet.

The cross-border adoption pathway runs in parallel. EU operators integrating with eIDAS qualified trust service providers anchor the credential chain in qualified electronic seals; United States operators integrating with NIST-aligned trust roots anchor it accordingly; multinational operators bridge the trust roots through cross-recognition rules that the primitive admits. The EU e-Evidence Regulation 2023/1543 implementation period through August 2026 provides a regulatory anchor for adoption: operators preparing for cross-border production-order obligations adopt the primitive as the architectural answer to a regime whose procedural compliance alone is unaffordably labor-intensive. The cumulative effect is to retire the per-matter reconstruction burden in favor of an architectural primitive that produces evidence-grade lineage as a structural property, leaving the legal teams free to litigate on substance and the engineering teams free to engineer.