When something goes wrong, the first question asked is seldom a technical one.
People rarely ask whether the equipment satisfied a specific standard, whether a certificate existed, or whether an inspection had been carried out at some point.
Instead, the question turns out to be both simpler and tougher:
Was it sensible to trust that system at that particular moment?
This is where safety governance quietly shifts from being a matter of engineering to a matter of evidence.
For years, life-safety systems have been managed through assurance models built around certification, inspection, and maintenance. Products are tested, installed, approved, and reviewed periodically. Every one of these steps is worthwhile. Every one plays a role. Every one shows that the system satisfied a required standard at a specific point in time.
Yet none of them addresses the question that truly counts after an accident.
None of them confirm what condition the system was actually in at the moment people were counting on it.
Safety legislation does not demand perfection. It does not expect every malfunction to be foreseen. It calls for something more exact: that those in charge took sensible steps to control risk. Sensible action, however, is unimaginable without knowledge. A choice can only be considered sensible if it was grounded in a defensible understanding of the system being trusted.
This is where a fundamental mismatch reveals itself.
Certification shows a product met specified criteria under controlled test conditions.
An installation sign-off shows the equipment was fitted properly on a particular date.
Maintenance records show that someone showed up and carried out predetermined tasks.
Every one of these speaks to past diligence.
None of them, on their own, proves the state of the system right now.
In investigations, public inquiries, and civil litigation, consideration moves swiftly beyond mere compliance paperwork. Courts and insurers do not limit their scrutiny to whether procedures were followed. They ask what was actually known, what cautions had been issued, whether the hazard was apparent, and whether a reasonable response was available.
Put differently, they investigate trust.
If a fire door does not shut, a fire alarm goes unheard, a gas valve fails to close, or an evacuation system breaks down, the pivotal question becomes whether it was fair to assume it would work. A certificate issued months or years ago does not settle that. At most, it supplies background. At worst, it breeds unwarranted confidence.
The real difficulty is not that organisations neglect safety. In the vast majority of cases, they do not. Buildings get inspected, qualified contractors are hired, maintenance is booked, and paperwork is archived. The problem is one of proof, not of moral character.
Today’s safety-critical settings are no longer fixed and unchanging. Devices are driven by software. Firmware updates alter performance. Components are swapped in like-for-like fashion. Batteries dwindle quietly without warning. Systems grow interconnected with other systems that were never evaluated as a group. Configuration creeps out of alignment bit by bit, and the shift is usually invisible.
The assurance framework, however, still clings to isolated moments in time.
This creates a widening gap between what governance demands and what assurance can actually show. Governance structures increasingly expect those in charge to exercise continuous oversight of risk. Yet the tools at their disposal mostly verify past compliance rather than the present condition. An organisation can therefore tick every procedural box while still being unable to prove the operational state of its protective measures at the very instant they are depended on.
After a shortcoming comes to light, this gap becomes unmistakable.
Investigators frequently retrace the chain: certificates are examined, maintenance logs are combed through, lines of responsibility are followed. What they rarely uncover is a total lack of effort. Instead, a familiar picture takes shape — risk built up quietly between one inspection and the next. The system weakened without triggering any clear signal that something had to be done. Accountability becomes disputed not because nobody acted, but because nobody could show what they realistically knew at the decisive moment.
This is precisely why post-incident examination centres on what could have been foreseen and what reliance was reasonable, rather than on compliance status. The legal test is not “Was it up to standard at some earlier point?” It is “Was it defensible to trust it right then?”
That difference is significant.
Safety governance has long operated on the assumption that periodic checks could serve as a stand-in for continuous condition. That assumption made sense when systems were mechanical, self-contained, and slow to evolve. It grows less dependable when systems are fluid, linked together, and continually adapting. The legal duties placed on duty-holders, however, have not shifted. They are still expected to manage risk proactively, and responsibility still follows choices made in real time.
The outcome is an awkward position. People tasked with safety may observe recognised standards, keep thorough records, and act honestly, yet still be incapable of proving that trusting a protective system was reasonable at the exact moment it was called upon.
This is not a shortcoming of skill or of purpose. It is a shortcoming of the evidence model itself.
When injury or damage arises, the absence of time-of-incident evidence is treated as the absence of oversight. A system’s silence is interpreted as a governance breakdown. Not because a deliberate choice was made to ignore danger, but because no mechanism existed to show that intervention was warranted.
In practice, safety is being evaluated in the present using evidence gathered in the past.
The central question, therefore, is no longer whether standards hold value. They remain vital. The question is whether the assurance practices wrapped around them produce the sort of evidence that today’s accountability demands. A framework designed to prove that a system was safe at the point of installation cannot, by itself, show that trusting it months or more down the line was reasonable.
Safety law, at its core, concerns reliance. People act or hold back from acting based on the conviction that protective measures will perform. When that conviction cannot be substantiated at the time it counts, any subsequent inquiry becomes speculative and liability becomes uncertain.
The question confronting the safety sector is not whether inspections, certifications, and maintenance should continue. They must. The question is whether these measures alone can carry the evidentiary weight now imposed on those responsible for keeping people safe.
For when the moment of reliance arrives, documentation cannot speak for itself.
Only evidence of condition can.
And at present, that is precisely what safety governance so often fails to deliver.
About the Author
Paul Mincher is the Founder and CEO of SAFE-Matter Ltd and the originator of the “Unknown Present” concept in safety governance. His work investigates the compliance gap between regulatory adherence and demonstrable safety across cyber-physical systems.
As a survivor of a childhood house fire, he has spent the preceding decade analysing how organisations place trust in life-critical safeguards and why serious events persist in occurring despite formal certification, inspection, and supervision.
Through SAFE-Matter™, Paul concentrates on producing independently confirmable evidence of the operational state of safety protections at the instant they are called upon. His research bridges safety engineering, accountability, and risk assurance, tackling how regulators, insurers, and duty-holders determine whether protection was genuinely present when it counted.
Paul can be reached at his LinkedIn profile and [email protected]
