Standard Context: ARCS v1.0 Published by: Vega Commons Project, Inc.

Custody Surface Topology

1. Compelled Production and Record Existence

Legal process compels production of records that exist. A subpoena, a civil discovery demand, a regulatory investigation, or an administrative inquiry can require any entity to identify, preserve, collect, review, and produce records within its custody, control, or practical possession.

The cost of responding to compelled production is driven by the volume and complexity of responsive material, the number of systems and custodians that must be searched, the privilege and responsiveness review required before production, and the vendor coordination necessary when records reside on third-party infrastructure. These costs arise before any determination of whether the underlying claim has merit. They are defense costs in the technical insurance sense: costs incurred in responding to a legal proceeding regardless of outcome.

Retention converts a theoretical discovery request into an operational obligation. If the records do not exist, the obligation is to certify their nonexistence. If the records do exist, the obligation is to produce them or to litigate the scope of production. The second path is materially more expensive than the first.

These conditions define the relationship between custody and exposure in automated systems. These systems generate records. Those records persist. Persistence creates discovery exposure. The governance question is where the records are, who holds them, and how many layers of the system architecture generate them.

2. Record Generation in Automated Systems

Automated systems generate operational artifacts as a consequence of their architecture, not as a consequence of any policy decision by the operator.

A user submits a prompt. The prompt travels through application infrastructure before reaching a model. The model generates a response. That response passes back through application infrastructure before reaching the user. Along the way, multiple system components may log, process, buffer, or retain artifacts of the interaction.

The model's content policy governs none of this. Content policy governs what the model generates. It does not govern what happens to that output or what records are created around it by application servers, orchestration layers, telemetry pipelines, safety monitoring systems, or analytics infrastructure.

The records generated by automated systems include interaction artifacts (prompts, outputs, session context, message histories), telemetry artifacts (usage logs, performance metrics, debugging traces, reliability records), monitoring and safety artifacts (moderation records, flagged samples, evaluation datasets, policy enforcement decisions), orchestration artifacts (routing logs, coordination metadata, service state records, audit trails), and update and training artifacts (distribution records, weight revision histories, experiment logs, feedback records).

These artifact categories are generated automatically by standard deployment architectures. An operator who has not made deliberate decisions about what to log and what to suppress inherits the default retention behavior of every component in the stack. In most deployments, the default is to retain.

3. Record Persistence Across System Layers

Interaction artifacts do not exist in a single location. A typical enterprise deployment generates and retains records across six or more architectural layers.

The user interaction layer captures prompts, inputs, generated outputs, and session metadata at the point of interaction between the user and the application.

The application layer captures usage logs, interaction metadata, performance metrics, and debugging traces within the operator's application infrastructure.

The telemetry and observability layer captures operational metrics, error traces, reliability records, and performance data, often centralized in monitoring platforms that retain data for weeks or months.

The orchestration layer captures routing logs, tool invocation records, multi-step workflow state, coordination metadata, and service event logs in systems that manage complex task execution.

The safety and monitoring layer captures moderation review records, flagged interaction samples, policy enforcement decisions, evaluation datasets, and incident investigation records in systems designed to ensure responsible operation.

The vendor and model developer layer captures training pipeline records, model evaluation telemetry, update distribution logs, and weight revision histories on the model provider's infrastructure.

Each layer is a custody surface: a system component that generates, processes, stores, or can reconstruct an artifact of an interaction. Each operates under its own retention policy, its own contractual terms, and its own response protocols for legal process.

The full set of custody surfaces across all layers constitutes the custody surface topology of the deployment. Most organizations deploying automated systems have not mapped this topology. The custody surface is therefore larger, and less governable, than decision-makers typically assume.

4. Architectural Change and Record Redistribution

A structurally important development is the emergence of local-first and hybrid inference architectures, in which model inference runs on the operator's own hardware or the user's device rather than on a cloud API. This shift is accelerating as open-weight models approach parity with cloud API models on a growing range of tasks.

Organizations examining local-first deployment often assume that removing vendor-side inference eliminates custody exposure. The architectural reality is different. Local inference eliminates the vendor-layer custody surface for the inference call itself. It creates or expands the operator-layer custody surface, because the operator's own infrastructure now processes the full interaction. Application logs, telemetry, orchestration metadata, and safety records are generated on infrastructure the operator controls and must govern. The custody surface is not eliminated; it is redistributed from the vendor's infrastructure to the operator's infrastructure, where it is subject to the operator's retention policies, legal process directed at the operator, and the operator's breach exposure.

The same principle applies to vendor non-retention commitments. A vendor that commits to zero data retention eliminates the vendor-layer custody surface for its own infrastructure. It does not eliminate the operator-layer custody surface. The operator's application, telemetry, orchestration, and safety systems continue to generate and retain artifacts regardless of what the vendor does or does not retain. Vendor non-retention governs the vendor's layer. It does not propagate to adjacent layers.

5. Governance Infrastructure and Record Generation

A related condition affects organizations that deploy automated systems with appropriate governance discipline.

Responsible deployment requires observability: the ability to monitor interactions for safety, performance, and compliance. Organizations implement logging to support debugging. They implement audit trails to demonstrate regulatory compliance. They implement content review systems to detect misuse. They implement evaluation pipelines to measure model performance. These are legitimate, often legally required, risk management practices.

These same governance mechanisms are frequently the primary source of discoverable records in related legal proceedings. Safety review queues contain flagged interaction samples. Moderation systems contain decision logs. Evaluation pipelines contain representative datasets. Incident investigation systems contain detailed records of concerning interactions.

These records are often retained longer than ordinary operational telemetry. They are frequently demanded in litigation because they appear probative of knowledge, foreseeability, and reasonableness of safeguards.

The organization that deploys automated systems carelessly, without logging or monitoring, generates fewer discoverable records than the organization that deploys responsibly. The implication is not that organizations should abandon governance. It is that governance infrastructure must be designed with retention discipline as an explicit architectural parameter, not as an afterthought. What is logged, for how long, at what granularity, and under what deletion policy should be specified before deployment, as part of the governance architecture. Organizations that treat these as operational details inherit a custody surface shaped by default settings rather than by deliberate institutional choices.

6. Summary of Structural Conditions

The preceding sections describe a consistent pattern in automated system deployments.

Custody is architectural. It describes where interaction artifacts persist within system infrastructure: across which layers, on whose infrastructure, under what retention policies. Compellability is procedural. It describes the mechanisms through which legal authority reaches those artifacts: subpoena, civil discovery, regulatory demand, administrative investigation. Exposure follows the intersection of the two: where persistent artifacts exist on infrastructure reachable by legal process, defense costs follow regardless of the proceeding's ultimate outcome.

Three conditions compound this exposure. First, architectural changes such as local inference and vendor non-retention redistribute artifacts rather than eliminating them. Second, safety and compliance infrastructure frequently generates the most persistent and most discoverable records in the deployment. Third, custody surfaces are distributed across the entire stack, not concentrated in any single component.

7. Implications for Defense Cost Exposure

The custody surface topology of a deployment is the primary determinant of an organization's compelled-production exposure. An organization that receives a subpoena, civil investigative demand, or formal discovery request for interaction records faces costs driven by the volume of responsive material across all custody surfaces, the complexity of the privilege review required, the number of vendors and third-party systems that must be coordinated, and the forensic work required to reconstruct or exclude records from systems not designed for production.

An organization with a large, ungoverned custody surface faces these costs whenever it is served with process that implicates automated interactions. An organization that has mapped and governed its custody surface faces materially lower costs for the same proceeding, because the scope of responsive material is defined and bounded, the retention architecture is documented, and the production process is supported by records of governance decisions.

The distinction between a governed and ungoverned custody surface is not primarily a matter of what records exist. It is a matter of whether the organization has made deliberate, documentable decisions about what records to create and retain, and whether those decisions can be produced as part of a defensible response to legal process.

8. What Governance Addresses and What It Does Not

Custody governance addresses the operator-side retention surface. It determines what the operator's own infrastructure creates and holds. It does not address vendor-side retention, which is governed by the operator's contract with the vendor. It does not address third-party data that flows through automated systems but originates elsewhere. It does not eliminate the obligation to respond to valid legal process.

A governance standard operating at the operator layer provides the following: a defined scope of what categories of interaction artifacts the operator creates and retains, documented retention schedules specifying duration and deletion semantics, verifiable attestation that sessions were processed under defined retention constraints, and a production response that includes governance documentation alongside any records produced.

This documentation does not immunize an organization from discovery obligations. It does allow the organization to respond to those obligations with a bounded, defensible production rather than an open-ended forensic exercise. The practical effect on defense costs is material even when the underlying legal exposure is unchanged.

Without verifiable non-retention controls, a claim of non-retention functions as a bare assertion in litigation. Opposing counsel may test the assertion through deposition testimony regarding system architecture and logging practices, subpoenas directed to vendors and infrastructure providers, requests for retention policies and audit documentation, and challenges to deletion procedures and their exceptions. Each testing mechanism generates defense costs. Verifiable non-retention controls convert the bare assertion into an attestation backed by architectural evidence, reducing the cost and duration of these procedural challenges.

9. Emerging Custody Surfaces

Two developments in system architecture are expanding the custody surface topology in ways that existing governance frameworks do not yet address.

Weight-encoded persistence. When interaction data is used to fine-tune model weights through techniques such as LoRA or full-parameter adaptation, the resulting record is distributed across model parameters and cannot be separated from the inference engine. The record cannot be enumerated, cannot be selectively deleted (current machine unlearning techniques do not reliably remove specific data contributions from trained weights), and may be partially reconstructable under certain prompting conditions. On-device fine-tuning is now technically feasible on consumer hardware, meaning this custody surface category may emerge at scale in the near term.

Agentic orchestration artifacts. Systems that execute multi-step tasks with tool access, persistent memory, and cross-agent coordination generate records at every step of the orchestration chain: tool invocation metadata, permission grants, intermediate work product, action confirmations, outcome logs, and self-assessment records. These artifacts are richer and more voluminous than standard session logs and create custody surfaces across both the agent's runtime environment and any external systems the agent interacts with.

Both categories represent record classes that standard data retention policies may not capture and that standard deletion controls may not reach.

This primer is prepared for informational purposes and does not constitute legal advice.

Vega Commons Project, Inc. | Custody Surface Topology Primer | v4 | April 2026