A unified architecture for provenance, AI reliability, institutional memory, and coordination across time
The EM Foundation has published research across seven converging domains: cognitive emergence governance, AI identity and continuity, output provenance standards, context management, human-AI institutional coordination, energy infrastructure, and deep space communication. These papers share a common diagnosis and a common architecture, but that commonality is not fully visible when the papers are read individually.
This paper makes it visible. We present the Foundation's work as a unified continuity infrastructure — a layered architecture in which each component addresses a specific failure mode in the chain from data generation to institutional action, and in which the components are designed to interoperate rather than operate in isolation.
The central claim is precise: the most important coordination failures are continuity failures. They are failures of provenance (where did this come from?), coherence (does this contradict what we knew before?), persistence (will this survive the systems that generated it?), and transmission (will the most important information arrive where it needs to go?). Continuity infrastructure addresses all four failure modes in a single coherent framework.
Consider four scenarios that appear unrelated but share a common structure:
A hospital system's AI-assisted diagnostic tool returns a confident recommendation based on outdated drug interaction data. The system's output carries no indication that its source material is 18 months old. A physician acts on the recommendation. The patient is harmed.
A legal team relies on an AI-generated contract analysis through a 40-turn consultation. Twenty turns in, the user corrected a material misreading of the governing jurisdiction. By turn 40, the context had been compressed and the correction was gone. The analysis was filed.
A deep space probe detects an anomalous atmospheric reading — the kind of reading that scientists have been waiting years to observe. The probe's transmission system sends routine housekeeping data first, as usual. By the time the anomaly data is transmitted, the observation window has passed. The reading is lost.
A data center runs its training workload at 3pm on a Tuesday — peak grid demand, low renewable fraction, maximum carbon intensity. The workload could have been shifted 8 hours without affecting any downstream deadline. Nobody asked.
These scenarios share a structure: in each case, the most important information was either invisible, lost, deprioritized, or untimed. In each case, the failure was not a failure of intelligence or computation — it was a failure of continuity infrastructure. The information existed. The reasoning capability existed. What was missing was the layer that preserves, verifies, prioritizes, and times the transmission of what matters most.
Continuity infrastructure, as the Foundation has developed it, operates across seven layers. Each layer addresses a specific failure mode. Together they form a complete stack from individual AI output to institutional-scale coordination.
The foundation layer. Every AI output carries machine-readable metadata documenting its sources, confidence dimensions, contradictions, and human review requirements. When confidence is insufficient, a Failure Receipt is generated rather than a standard output. The Open Continuity Metadata Standard (OCMS) ensures this metadata is portable across systems. Without this layer, every higher layer operates on provenance-blind inputs. → Continuity Receipts
The generation layer. Within any AI-assisted reasoning session, context accumulates and must be managed. Continuity Compression preserves the context that makes future reasoning reliable — corrections, contradictions, decisions, provenance chains — while discarding the context that is merely old or redundant. This layer ensures that the inputs to Layer 1's provenance tracking are themselves continuity-preserving. → Continuity Compression
The quality gate layer. When a system cannot answer reliably at the requested reliance level, the Failure Receipts wrapper intercepts the output and returns a structured account of why — what failed, what is required, what is available at a lower reliance level. The Failure Severity Index (FR-1 to FR-4) calibrates the urgency of the required response to the consequence severity of the query. → Failure Receipts Standalone
The collaboration layer. When AI-assisted reasoning extends across multiple sessions, multiple participants, and extended time — as legal matters, medical cases, and policy processes do — individual CR receipts must be organized into Persistent Cognitive Threads that preserve the full reasoning context: the decisions, the dissents, the evidence, and the consequences that connect one session to the next. → CIIC
The distribution layer. When continuity-rich reasoning outputs must be synchronized across distributed systems — legal teams in different jurisdictions, research groups sharing a live dataset, policy analysts accessing a shared record — the Delta Protocol ensures that only continuity-significant changes are transmitted immediately, reducing bandwidth while preserving semantic integrity. → Delta Protocol
The substrate layer. The AI systems that generate and process continuity-rich outputs depend on physical infrastructure that has its own continuity requirements. Thermal-continuity routing prevents compute substrate degradation through heat accumulation. Grid-aware scheduling aligns flexible compute with renewable availability, reducing the grid instability that would threaten the reliability of the infrastructure the upper layers depend on. → Thermal Routing · → Grid Scheduling
The reach layer. As human and AI systems extend their presence to extreme distances, continuity infrastructure must operate under radical bandwidth constraints and multi-minute latency. Continuity-aware telemetry prioritizes the transmission of anomaly detections, provenance metadata, and uncertainty estimates — the information whose loss cannot be recovered — over redundant or reconstructable data. The no-signaling boundary establishes the physical constraints within which all deep space continuity infrastructure must operate. → Deep Space Telemetry · → No-Signaling Boundary
Figure 1 — The seven-layer continuity infrastructure stack. Each layer addresses a specific failure mode in the chain from data generation to institutional action. Layer 1 (output provenance) is the foundation that all upper layers depend on. Data flows upward through the stack; governance and verification requirements flow downward.
The Foundation's papers use a consistent set of terms whose definitions deserve explicit statement in a unified document. The following table maps the key terms across the research ecosystem.
| Term | Definition | Primary Paper |
|---|---|---|
| Continuity | The preservation of provenance, coherence, and reasoning integrity across time, systems, and interruption | All papers; thesis statement |
| Continuity Receipt (CR) | Machine-readable metadata attached to an AI output documenting its epistemic conditions | Continuity Receipts |
| Failure Receipt | Structured output produced when CR confidence is insufficient for the requested reliance level | Continuity Receipts; Failure Receipts Standalone |
| Failure Severity Index (FSI) | FR-1 through FR-4 classification of failure consequence severity, calibrating required human response | Failure Receipts Standalone |
| Reliance Classification | RC-1 through RC-5 scale of consequence severity determining minimum CR score and human review requirements | Continuity Receipts |
| Memory Card | Classified context fragment (Correction, Contradiction, Provenance, Decision, Preference, Task, Noise) | Continuity Compression |
| CCS (Continuity Compression Score) | Per-card score determining retention, compression, or discard in context management | Continuity Compression |
| Continuity Delta | A state change affecting future interpretation — new evidence, changed confidence, resolved contradiction | Delta Protocol |
| CDP (Continuity Delta Priority) | Score determining immediate vs batched transmission of a continuity delta | Delta Protocol |
| Persistent Cognitive Thread | A linked sequence of reasoning steps, decisions, and evidence preserved across sessions | CIIC |
| TCS (Thermal-Continuity Score) | Node scheduling score combining available compute with thermal headroom and recovery | Thermal Routing |
| GAS (Grid-Aware Score) | Workload timing score combining renewable availability with peak demand and carbon intensity | Grid Scheduling |
| SVP (Scientific Value Priority) | Telemetry packet transmission priority score based on anomaly significance and reconstructability | Deep Space Telemetry |
| No-signaling boundary | The theorem establishing that quantum entanglement cannot transmit information faster than light | No-Signaling Boundary |
| OCMS | Open Continuity Metadata Standard — the shared schema enabling all CR-compatible systems to interoperate | CR Standards Proposal; PCO Schema |
The seven layers are not merely co-themed — they are designed to interoperate through the OCMS schema and the PCO object model. The following examples show how data flows across layers in realistic deployments.
A legal team uses an AI-assisted research system for a complex environmental litigation matter. Layer 2 (Continuity Compression) preserves corrections and decisions made during the research process, ensuring that the context reaching the AI at each stage reflects accumulated understanding rather than raw conversation history. Layer 1 (CR) attaches provenance metadata to each research output, documenting source quality and flagging outdated regulatory guidance. Layer 3 (Failure Receipts) intercepts queries whose confidence falls below the RC-4 threshold, issuing FR-3 severity Failure Receipts that require qualified legal review before filing. Layer 4 (CIIC) organizes the full matter into a Persistent Cognitive Thread — a PCO that preserves the dissents, the evidence pivots, and the strategic decisions that connect the first research session to the final brief. Layer 5 (Delta Protocol) synchronizes the matter record across the litigation team's distributed systems, transmitting only the continuity-significant changes when team members update their analysis.
A deep space probe detects an atmospheric anomaly during a narrow observation window. Layer 7 (Deep Space Telemetry) immediately prioritizes the anomaly data for transmission using SVP scoring — the anomaly's high SVP score routes it ahead of housekeeping data in the transmission queue. The anomaly data arrives on Earth carrying Layer 1 (CR) metadata: provenance documentation linking the reading to its calibration source, uncertainty estimates, and a freshness timestamp. Mission scientists receive the reading with a CR receipt showing high source quality and anomaly confidence. The ground team's analysis — corrections to the preliminary interpretation, decisions about follow-up observation — is captured in Layer 4 (CIIC) as a Persistent Cognitive Thread that will survive personnel transitions over the multi-year mission. Layer 6 (Grid-Aware Scheduling) ensures that the computationally intensive data processing runs during periods of high renewable availability on the ground infrastructure.
The unified architecture paper risks implying that more continuity produces wiser, more reliable, or more correct systems. This must be explicitly corrected.
A system with perfect continuity integrity may faithfully preserve:
Institutional corruption across decades, with complete audit chains documenting each corrupt decision. Propaganda campaigns with pristine provenance records linking each false claim to its original fabrication. Scientific paradigms that have been thoroughly refuted but were never officially revised in the preserved record. Governance systems whose internal logic was flawed from founding and remained consistently flawed across all preserved iterations.
Continuity preserves state lineage, not correctness. Provenance preserves origin, not truth. Auditability makes the history visible, not the history good. An organization that builds continuity infrastructure has built something valuable — but what it has built is the capacity to investigate its own history, not the guarantee that its history is worth preserving.
The value of continuity infrastructure is that it makes errors findable, corrections traceable, and accountability possible. It does not prevent errors, eliminate the need for correction, or guarantee accountability will follow. Continuity provides the evidentiary foundation for good governance — it is not a substitute for it.
This distinction has a practical implication for the Foundation's claims: we do not argue that deploying continuity infrastructure makes institutions better. We argue that it makes the record of what institutions actually did more reliable, more complete, and harder to erase. What institutions do with that record — whether they use it for accountability or ignore it — is a governance question that infrastructure cannot answer.
Honest accounting of scope limitations is part of the Foundation's scientific restraint commitment.
Content accuracy. Continuity infrastructure documents the provenance and confidence of AI outputs. It does not verify that the underlying source material is correct. A highly-provenanced answer to a question whose sources are wrong will receive a high CR score. The infrastructure makes the epistemic conditions visible; it does not guarantee the underlying facts.
Human judgment quality. The human review requirements in the RC and FSI frameworks ensure that qualified humans review high-consequence outputs. They do not ensure that those humans review them well. The infrastructure creates the right checkpoints; it cannot substitute for the expertise of the reviewer at those checkpoints.
Adversarial content injection. The adversarial threat model in the CR paper identifies confidence laundering, spoofed provenance, and retrieval poisoning as attack vectors. The infrastructure provides structural defenses against these attacks. It does not provide immunity — a sufficiently sophisticated adversary can still compromise a continuity infrastructure layer, and the per-dimension floor thresholds and chain hashing are mitigations rather than guarantees.
Organizational adoption. Continuity infrastructure is only as valuable as its adoption rate. A CR receipt that no downstream system reads provides no governance benefit. The OCSC governance model and the open-source contribution pathway are designed to drive adoption, but adoption ultimately depends on incentives that infrastructure alone cannot create.
The seven-layer architecture described in this paper can appear overwhelming for an organization beginning to adopt continuity infrastructure. The following minimum viable stack provides a phased adoption pathway.
| Phase | Layers | What You Get | Prerequisite |
|---|---|---|---|
| Phase 1 | Layer 1 (Identity) + Layer 3 (Provenance) | Every AI output carries a source citation and basic confidence score. Human review required for RC-3+ outputs. Failure Receipts for RC-4/5 threshold failures. | CR-Lite deployment or equivalent |
| Phase 2 | + Layer 2 (Context) | AI-assisted reasoning sessions preserve corrections, decisions, and contradictions across turns. Token costs reduce. Response quality improves for long sessions. | Continuity Compression implementation |
| Phase 3 | + Layer 4 (CIIC/PCO) | Multi-session reasoning threads preserved as Portable Continuity Objects. Institutional memory survives personnel transitions. Dissent preserved alongside decisions. | PCO schema implementation; CIIC thread management |
| Phase 4 | + Layers 5–7 as applicable | Synchronization continuity, infrastructure sustainability, and extreme-distance continuity for specialized deployments. | Phase 3 complete; domain-specific requirements |
An organization that completes Phase 1 has done more for its AI governance than most currently deployed systems have achieved. Phase 2 adds meaningful efficiency and quality improvements that pay for the implementation cost. Phase 3 addresses the institutional memory problem that CIIC is designed for. Phases 4 through 7 are specialized infrastructure for specific deployment contexts — most organizations will not need all of them.
The Foundation's published work establishes the conceptual architecture and proposes the first-generation implementations. The research program ahead has three priorities:
Empirical validation. Every formula in the Foundation's papers — CCS, TCS, GAS, SVP, CDP, CI, IDI — is a conceptual proposal awaiting empirical validation. The open-source contribution program is designed to produce this validation. Priority: Continuity Compression and Failure Receipts Standalone benchmarks, which are most immediately deployable and most commercially relevant.
Interoperability demonstrations. The seven-layer architecture is only as strong as the connections between its layers. Priority: demonstrating that a CR receipt generated at Layer 1 can be incorporated into a CIIC Persistent Cognitive Thread at Layer 4, transported via Delta Protocol at Layer 5, and recovered at the other end with provenance intact.
Governance establishment. The OCSC (Open Continuity Standards Consortium) remains a proposal. Priority: recruiting founding members from academic, civil society, and commercial stakeholder communities, and conducting the first public comment period on OCMS v0.2.
This paper should be cited alongside the component paper most relevant to the reader's context. If you are implementing AI output provenance infrastructure, cite this paper and Continuity Receipts. If you are building context management for LLM applications, cite this paper and Continuity Compression. If you are working on institutional AI governance, cite this paper and CIIC. The unified architecture is the frame; the component papers are the detailed specifications.
All Foundation publications are available without copyright restriction at emfoundation.net/publications.html. Research correspondence: research@emfoundation.net.
This section follows the Foundation's institutional practice of explicitly stating known weaknesses, failure modes, and scope boundaries for every proposal. Its presence indicates analytical maturity, not weakness in the underlying proposal.
Architectural coherence does not guarantee component feasibility. The seven-layer stack is logically coherent, but layer feasibility varies significantly. Layers 1–3 are implementable with current technology. Layers 6–7 depend on engineering work that is nascent or theoretical. The architecture's coherence should not be read as implying equal near-term feasibility across all layers.
Interoperability depends on OCMS adoption. The unified architecture's coherence as a stack rests on OCMS as the shared data standard. OCMS v0.1 is a proposed standard, not a deployed one. Until it achieves significant adoption, the layers are independent tools rather than a functioning stack.
Governance establishment is not a technical problem. The Open Continuity Standards Consortium is proposed but not formed. Forming it requires recruiting founding members from academic, civil society, and commercial communities — a social and institutional process that technical architecture cannot accelerate.
The stack does not address AI correctness. Continuity infrastructure preserves provenance and coherence. A fully CR-compliant system can still be systematically wrong.
Without a unifying architecture making relationships between provenance, context management, failure transparency, institutional memory, and infrastructure sustainability explicit, AI governance efforts remain fragmented. Individual organizations adopt individual tools without the interoperability that would make those tools composable. The non-adoption scenario is chronic fragmentation: AI governance improves slowly and unevenly, with no shared vocabulary, no interoperable standards, and no accumulating institutional memory across the organizations that need it most.
What is the minimum OCMS adoption threshold required for the stack's interoperability benefits to become meaningful? How should the OCSC governance process be structured to balance openness with the speed required to make standards decisions? Which layer, when demonstrated in production, would most effectively catalyze adoption of adjacent layers?
The unified architecture is itself a governance proposal. Its deployment at meaningful scale requires: an open standards process for OCMS; a multi-stakeholder consortium for ongoing governance; regulatory engagement where AI output provenance standards are being developed; and academic engagement for empirical validation. The Foundation's role is to propose the architecture and convene the governance processes — not to develop proprietary implementations that create lock-in.
W3C PROV Data Model (2013). provenance.w3.org. · Moreau, L. et al. (2011). The Open Provenance Model Core Specification. Future Generation Computer Systems 27(6). · Lamport, L. et al. (1982). The Byzantine Generals Problem. ACM TPLS 4(3). · NIST SP 800-207 (2020). Zero Trust Architecture. · EM Foundation Technical Lexicon v1.0. emfoundation.net/technical-lexicon.html