A record that requires the originating system to confirm its own integrity is not independently verifiable. Verification dependency is the structural property that determines this.

Retrievability confirms existence. It does not confirm integrity. The object permanence fallacy conflates these independent properties. Evidence debt accumulates silently.

The gap between security obligation and evidence obligation is structural. NIS2 and DORA secure systems. Neither makes records independently provable.

A cryptographic hash confirms that a content object is unmodified. It does not confirm who created it, how it was generated, or whether the stated origin is accurate.

Operational continuity and evidence integrity are distinct architectural properties. Satisfying one does not satisfy the other.

A record that cannot survive adversarial interrogation is not an evidence record. Defensibility is determined at point of creation, not at point of demand.

Zero-trust architecture governs access decisions. It does not govern file-level integrity or record provenance. The structural gap is an architectural condition, not a configuration failure.

Evidence debt is the deferred cost created when records are retained without provable integrity, provenance, or time anchoring.