The Auditability Vacuum

By Jennifer Kinne

Eaon Pritchard recently wrote on this blog that any claim worth trusting must both fit the available evidence and be capable, in principle, of being proven wrong. He's right. And that standard: simple, demanding, long-established in science, is exactly what most AI governance infrastructure currently cannot enforce.

This isn’t because institutions are acting in bad faith, but because the auditability vacuum is structural.

Here is the problem in its plainest form: a decision can be documented without being reconstructable. It can be logged without being traceable. It can look justified, confidently so, while the actual reasoning chain from data to conclusion contains steps that no human reviewer can inspect, contest, or correct.

This is not a transparency failure in the ordinary sense. After all, the institution showed its work; the work just doesn't go all the way down.

What auditability requires

When we say a decision is auditable, we typically mean: there is a record of what happened. Who decided, when, on what basis, with what outcome. That record exists, and it can be retrieved.

But auditability in any meaningful governance sense requires something harder: that the record be reconstructable. That any reviewer from any body can trace the path from input to output and verify that the stated reasoning actually produced the stated conclusion. Not just that a conclusion was reached, but that this conclusion followed from these inputs through this reasoning process, and that an alternative input would have produced a different result.

That second standard is what most AI-assisted decision systems cannot currently meet. And it is entirely possible that we need to rethink this whole structure, because the reason for this vacuum is fundamental.

Why AI makes this harder, not easier

There is a widespread assumption that AI-assisted decisions are more auditable than purely human ones because the system logs everything, produces consistent outputs, and doesn't rely on memory or mood. That assumption is wrong.

AI systems, particularly those trained through reinforcement learning from human feedback, optimize for outputs that receive approval. They become very good at producing reasoning that looks justified, independent of whether that reasoning actually reflects the causal chain from data to conclusion. The justification can be assembled after the fact, and the origin of the justification is untraceable.

So, the audit trail can be complete and the decision remains ungovernable. One can document every step without having truly reconstructable steps. The institution has shown its work, but as a post-hoc narrative, not as a causal record.

This is not a flaw that better logging solves. It is a property of how these systems represent their own reasoning, and it means that governance infrastructure built on documentation alone is not governance infrastructure. It is documentation infrastructure; those are not the same thing.

The regulatory implication

The EU AI Act is explicit on this point, though it tends not to be discussed in these terms. Articles 12 through 14 require that high-risk AI systems maintain records sufficient for human oversight: not just outputs, but the reasoning that produced them. The recently released EU working paper on AI agents goes further, identifying runtime behavioral drift and untraceable reasoning chains as conditions under which high-risk agentic systems cannot currently be placed on the EU market.

What neither document fully operationalizes is the distinction between a reasoning chain that is logged and one that is inspectable. An institution can satisfy documentation requirements while producing decisions that no auditor could actually reconstruct.

This is the auditability vacuum: the space between what compliance frameworks require and what they can currently verify. Institutions operating in this space are not necessarily non-compliant. They are operating in a vacuum that existing standards have identified but not yet closed. In some ways, these seem uncloseable by the processes themselves; information theory tells us that compression is lossy. This is not something to fight, but something to accept and design for.

What accepting that vacuum requires

Designing for the auditability vacuum is not primarily a documentation problem. It is an epistemic integrity problem.

A decision is genuinely auditable when the evidence it rests on is verifiable, the inferences from that evidence are inspectable, the assumptions embedded in those inferences are surfaced and testable, and the chain from data to conclusion can be traced by someone who was not present when the decision was made. Any break in that chain is an auditability failure, regardless of how complete the documentation appears.

This standard applies equally to human decisions and AI-assisted ones. It is harder to meet when AI is involved because the reasoning can be confident without being traceable, and because the systems that produce justifications are the same systems whose outputs are being justified. You cannot use the model to audit the model.

What it requires, in practice, is a layer of governance infrastructure that operates upstream of documentation, one that evaluates whether the reasoning chain is reconstructable before the decision is logged, not after. One that treats "we have a record" and "we have an auditable record" as categorically different claims.

Jennifer Kinne is Head of Epistemic Integrity at the Institutional Coherence Initiative and founder of VeracIQ, which holds patent-pending intellectual property on mechanisms for detecting epistemic drift in AI systems and building around the auditability vacuum. She also works in Harvard’s FAS.