Legibility as Structural Requirement
Governance that cannot be read is governance that cannot be trusted
Authority that cannot be read, cannot be governed.
The previous two articles built a constitutional architecture for autonomous systems. The Unit of Authority introduced the authority primitive: a decision right that is explicit, scoped, enforceable, delegable, observable, and terminable. Authority Composition established how those primitives compose: four composition primitives, the composition contract, default denial at the seam. The architecture exists. Authority is designed. It composes across boundaries through contracts defined before the interaction begins.
But an architecture no one can read, is an architecture no one can trust.
A decision was made. Which authority permitted it? Through which composition seam did it pass? Was the composition contract honoured? If no one can answer these questions structurally; if the answer requires forensic reconstruction rather than architectural record, then the governance is present but unverifiable. And unverifiable governance is indistinguishable from its absence.
This article defines what it means for governance to be legible.
What legibility is not
Legibility is routinely confused with four adjacent concepts. Each conflation produces a different failure mode. Each must be cleared before legibility can be defined precisely.
Legibility is not logging. Logs record what happened: events, timestamps, state transitions. They do not record under whose authority an action occurred or whether that authority was validly exercised. A system with comprehensive logs but no authority attribution is observable but illegible. The log tells you what the system did. It does not tell you whether the system had the right to do it.
Legibility is not explainability. Explainability addresses why a model produced a particular output: the reasoning chain, the feature weights, the attention patterns. Legibility addresses a different question entirely: under whose authority was this action taken, within what scope, and through what delegation chain? A perfectly explainable decision made outside the bounds of granted authority is still an illegible governance event. The reasoning is transparent. The authority under which it acted is not. Explainability is cognitive. Legibility is constitutional.
Legibility is not transparency. Transparency makes system behaviour visible. Legibility makes authority structure readable. A fully transparent system: every internal state observable, every process traceable, every metric dashboarded; can still be illegible if no one can connect a decision to the authority scope that sanctioned it. Transparency is about access to information. Legibility is about structure of accountability.
Legibility is not audit. Audit trails are retrospective. They reconstruct what happened after the fact through logs, reviews, and forensic analysis. Legibility is structural: it produces attributable, traceable records as a property of the architecture, not as a post-hoc reconstruction. The distinction matters because retrospective audit discovers governance failures after they have occurred. Structural legibility makes governance failures visible at the point where they would otherwise become invisible. The audit trail is a product of legibility. It is not legibility itself.
These four conflations share a structural root. Logging, explainability, transparency, and audit all operate on what the system does. Legibility operates on what the system is permitted to do: on the authority structure that governs action, not on the action itself. A system can be fully logged, fully explainable, fully transparent, and fully auditable while remaining completely illegible as a governance architecture. The system’s behaviour is known. Its constitutional basis is not.
Three structural properties
Legibility as a constitutional property requires three things simultaneously. A system is legible when every exercise of authority satisfies all three.
Attributability. Every decision must be traceable to the specific decision right that sanctioned it. Not to a component. Not to a model. Not to a process. To the authority, with its defined scope, delegation chain, and conditions, under which the action was taken.
Attributability answers: under whose authority did this action occur?
If the answer is “the system did it,” the system is illegible. If the answer is “Payment Agent exercised refund authority within scope X, delegated from Authority Y under conditions Z, with termination condition W,” the system is legible. The difference is not one of detail, it is one of kind. The first answer describes a component. The second describes a governed action.
When attributability is absent, the failure mode is diffuse responsibility. Both agents in the refund-fraud scenario can point to their individual decisions as correct. No component owns the outcome. Accountability dissolves into the interaction between them. Post-incident review becomes blame allocation rather than authority analysis; organisational politics rather than engineering questions. Attributability is what makes “was the authority correctly scoped?” a question with a designed answer.
Traceability. Every decision must be traceable through every boundary it crossed. When authority composes across domains, the composition seam is where traceability fails. The article Authority Composition named this failure mode: provenance loss. Delegation chains that cross domain boundaries lose their connection to the authority that originated them. A decision is made in the composed system. No single authority graph can reconstruct who authorised it.
Traceability answers: through which composition contracts did this authority flow, and was each contract honoured?
A decision that crosses a domain boundary and emerges with no record of the crossing is a decision that has escaped governance. It may still be correct. It may still be authorised. But the composed system cannot demonstrate that it is. When governance cannot be demonstrated, it rests on trust, and trust is not structure.
Traceability at the composition seam requires that the legibility record capture which primitive governed the interaction (conjunction, disjunction, delegation, precedence), whether the composition contract’s terms were satisfied, what invariants were preserved, and how conflicts were resolved. Without this, the composition contract is structurally invisible. It may be enforced. No one can verify the enforcement.
Interpretability. The legibility record must be readable by the human who needs to act on it. Not by a data scientist reconstructing model behaviour. By the operator, auditor, regulator, or executive who needs to determine whether the authority structure functioned as designed.
Interpretability answers: can a human evaluate whether this decision was within bounds, using the legibility record alone?
Constitutional law has grappled with this requirement for centuries. Fuller argued, in The Morality of Law, that law must be publicly promulgated, clear, and intelligible. What Waldron in the Stanford Encyclopedia calls ‘epistemically accessible.’ Fuller’s eight requirements — promulgation, clarity, generality, stability, practicability, non-contradictory, non-retroactive, and congruence between declared rules and applied rules — are not pragmatic recommendations. They are specifications of fairness: the duty to treat those governed as “presumptively entitled to be ruled as free persons.” Authority that cannot be read by those subject to it is not legitimate authority. It is arbitrary power.
The same structural claim holds for autonomous systems. The authority graph that governs an autonomous agent’s actions is the constitutional layer. If the humans who designed that layer (who are ON the system, not IN it) cannot read the governance their design produces, their oversight becomes an organisational ritual without structural basis. Fuller named the structural consequence precisely: “every departure from the principles of law’s inner morality is an affront to man’s dignity as a responsible agent.”
Interpretability in the governance context is categorically different from interpretability in the machine learning context. A model can be fully interpretable: every weight, every feature, every decision path visible, while the authority under which it acts remains opaque. Governance interpretability asks whether a human can evaluate the authority relationship, not the reasoning process.
Legibility across composition seams
Legibility within a single domain is straightforward. The authority graph provides the structure. Attributability traces to the authority primitive. Traceability follows the delegation chain. Interpretability serves the domain’s own overseers.
Legibility across composition seams is where the hard problem lives.
When authority flows through a composition contract, the legibility record must capture the contract’s operation: which primitive governed, whether terms were satisfied, what invariants survived, how conflicts were resolved. Without this, the composition seam becomes a legibility gap; authority enters from one domain and exits in another with no readable record of the transition.
Each of three failure modes in Authority Composition is a legibility failure at its root.
Context escalation is illegible by nature. Information crosses a domain boundary and is interpreted as authority, but neither domain’s governance was invoked. The seam converts context into permission without producing a legibility record. The action proceeds. Both domains’ records show compliance. The governance violation occurred in the space between them, where no legibility mechanism operates.
Invariant collapse is invisible without cross-domain legibility. Each domain preserves its own governance properties. Composition violates properties that exist only at the interaction level. Local records show compliance. Only the composed record, the record that spans the seam, reveals that the combination produced a state neither domain permits alone. Without legibility across the seam, invariant collapse is undetectable.
Provenance loss is the direct consequence of traceability failing at the boundary. Delegation chains that cross domain boundaries lose their connection to originating authority. The composed system exercises authority that no single authority graph can reconstruct. Accountability becomes forensic: reconstructed after the fact from separate domain records that were never designed to compose.
Legibility at the composition seam is harder than legibility within a domain. It is also more important. The seam is where governance is weakest. It is therefore where legibility is most necessary. Partial legibility, legibility within domains but not across them, collapses to illegibility at precisely the point where governance matters most. A system with legible domains and illegible seams is a system where every failure migrates to the boundary.
Verifiability
There is a dimension of legibility that operates at a different level from the other three.
Attributability, traceability, and interpretability apply to decisions. They answer: was this action taken under valid authority, through honoured contracts, in a form a human can read?
But what if the authority structure itself has changed?
If the authority graph has been modified, through drift, misconfiguration, or compromise, then every legibility record produced under the modified graph is structurally misleading. The decision traces to an authority scope. The delegation chain is intact. The composition contract appears honoured. But the scope is not the one that was designed. The graph is not the one that was approved. The legibility record is complete, attributable, traceable, interpretable... and wrong.
Verifiability answers a different question: is the governance architecture currently operating the one that was designed?
This is not a hypothetical concern. Constitutional law has long recognised that the correspondence between declared rules and applied rules is a condition of legitimate governance. When the norms applied by officials do not correspond to the norms made public, the result is the functional equivalent of secret law, even if the divergence was unintentional. An authority graph that has drifted from its designed state produces decisions under undeclared authority. The drift may be accidental. The structural consequence is the same.
The requirement is clear: the authority structure itself must be legible. Not just the decisions it sanctions, but the structure that sanctions them. Overseers must be able to verify that the authority graph, the composition contracts, and the delegation rules are the ones they designed and approved.
The series does not prescribe an enforcement mechanism for verifiability. That is implementation territory, maybe a companion paper to follow... But the constitutional requirement must be named. Engineering precedent for runtime state verification exists across multiple domains: remote attestation architectures that verify a system is in its “intended operating state,” hardware trust anchors that enable proofs of configuration integrity, version-controlled policy structures that can be verified against an authorised baseline before every execution. These are not speculative. They are deployed. The verifiability requirement is not aspirational. It is achievable.
What the series establishes is the structural claim: a legible system with an unverifiable authority structure is a system that can produce perfectly attributed, perfectly traceable, perfectly interpretable records of actions taken under an authority graph no one approved.
What legibility makes possible
With legibility, the constitutional architecture built in The Unit of Authority and Authority Composition, becomes governable.
Accountability becomes structural. When a decision can be attributed to a specific authority, traced through every boundary it crossed, and read by the human responsible for oversight, the question “who was responsible?” has a designed answer. Post-incident review becomes authority analysis: was the scope correct, was delegation appropriate, was the composition contract honoured; rather than blame allocation.
Conflict becomes diagnosable. When two authority domains produce an unexpected outcome, the legibility record at the composition seam shows which primitive governed, what invariants survived, and where the contract was or was not honoured. The failure can be located precisely rather than inferred from consequences.
Delegation becomes auditable. Every transfer of authority, from supervisor to agent, from agent to tool, from one domain to another, carries a legibility record. The chain can be read at any point. The question “under whose authority is this component acting?” has an answer that does not require forensic reconstruction.
Without legibility, every mechanism the series has built operates in the dark. Authority graphs exist but cannot be verified. Composition contracts are enforced but no one can confirm the enforcement. The constitutional architecture constrains and composes, but no human can read what it is doing. Governance is present but unprovable.
Unprovable governance produces the same organisational effect as absent governance. People do not trust what they cannot read.
They should not.
What comes next
This article has established that legibility is a constitutional property of governed authority; not a reporting feature, not an audit capability, but a structural requirement without which the architecture of the previous articles cannot be trusted. Three properties make authority legible: attributability, traceability, and interpretability. A fourth, verifiability, applies to the authority structure itself.
But legible to whom? And at what speed?
A human reading a legibility record after the fact is performing audit. A human reading it in real time is performing oversight. Neither scales to the speed at which autonomous systems operate. Decisions propagate faster than any human can review them. Authority composes across boundaries in milliseconds. The legibility record exists, but by the time a human reads it, the governed system has already moved on.
The next article examines what happens when governance must operate at machine speed. When the constitutional architecture must constrain, compose, and produce legible records faster than any human can review them. The answer is not faster humans.
It is governance encoded ahead of cognition.
Authority was designed.
It composed across boundaries, between sovereigns.
It became legible: attributable, traceable, interpretable, verifiable.
The question is no longer whether governance can be read.
It is whether governance can be read fast enough.
Next in the series: Governance at Machine Speed