In March 2026, a federal judge in Minnesota ordered a health insurer to turn over the inner workings of the algorithm it used to deny elderly patients the post-acute care their doctors had ordered. The question the case turns on is blunt. Was the system built to override treating physicians? The plaintiffs allege it was wrong roughly nine times out of ten, and that almost no one appealed.

Around the same time, a few states over, an age-discrimination suit against a hiring-software vendor survived the vendor’s last attempt to get it thrown out. The number that stays with you came from the vendor’s own filing. Its tools had screened and rejected roughly 1.1 billion job applications.

Different industries, different statutes, the same reckoning. Notice what the judges are asking for. Not a philosophy of fairness. Not a model card. The record. What the system decided, on what basis, and whether a human was meaningfully involved when it mattered.

Here is the uncomfortable part. If that order arrived tomorrow, most enterprises could not produce it.

Two clocks are running, and most companies are watching the wrong one

When I talk to risk and legal leaders about AI accountability, the reflex is to reach for the regulatory calendar. We will know what is required once the rules land. That instinct is understandable, and it is the wrong clock.

The regulatory clock is slow and getting slower. The EU AI Act’s high-risk obligations are now set to slip to December 2027. In the United States the picture is contested. State AI laws have been paused, repealed, and replaced, and Washington is fighting over whether to preempt them at all. Tie your strategy to a statute taking effect on a specific date, and you have tied it to a date that keeps moving.

The other clock, the litigation clock, is already running, and it does not care about any of that. The cases above are not being argued under some new AI law. They are being argued under statutes that have existed for decades. The Age Discrimination in Employment Act. Title VII. The Fair Housing Act. ERISA. Plaintiffs do not need a novel AI statute to sue. They need a harmed person and a decision they can put on trial.

So the risk is here now, whatever any legislature does. Even if every AI-specific rule is delayed or preempted, the exposure does not go away. It simply arrives by subpoena instead of by audit.

The thread that runs through every one of these cases

Look across the cluster of AI-decision cases moving through the courts, and one thread runs through all of them.

A housing-screening vendor settled for more than $2.2 million and agreed to stop issuing approve-or-decline scores for certain applicants. The first AI-hiring case the EEOC ever settled involved software that auto-rejected women 55 and older and men 60 and older. A health insurer’s claims system reportedly denied more than 300,000 requests in two months, about 1.2 seconds each. A hiring vendor is being pursued as the employer’s agent, so liability for the decision flows back to the company that built the tool.

Strip away the industries and the thread is the same. Each case turns on whether the decision can be proven, and discovery is the battleground. Was a human in the loop, or was the review a rubber stamp measured in seconds? What did the system rely on? Can any of it be reconstructed and trusted after the fact? The party that can answer with a credible record is in a completely different position than the party reciting its intentions from memory.

The harm is not hypothetical, and we can measure it

It would be easy to wave this off as a handful of bad actors. The evidence says otherwise.

This year, Stanford researchers published the first large-scale independent study of algorithmic hiring. They examined roughly 3.4 million applicants and 4 million applications across 156 employers, all run through one vendor’s system. In that data, the failures were not isolated. They were correlated and systemic. The same candidates were shut out again and again, across employers, by the same logic. The pattern was invisible in the aggregate. It surfaced only when the data was read position by position.

The most important part of the paper is not a statistic. It is the researchers’ account of why this kind of study is so rare. They could examine the harm only because they could reach the data, and most of the time no one can. That is the problem underneath all of it. You cannot hold a system accountable for what you cannot independently verify.

The study validates the problem, not any one company’s product. But it makes the gap impossible to ignore.

The missing layer is a chain of custody for AI decisions

Put the three forces side by side, and they point at the same empty space.

Regulators say oversee it. Courts say prove it. Researchers say we cannot even see it. Underneath all three is one missing capability. There is no trustworthy, independently verifiable record of what an AI decided and whether a human meaningfully reviewed it.

There is already a name for this in law, and it is not “audit log.” It is chain of custody, the discipline of evidence handling that decides whether a record can be trusted and used as evidence at all. We treat it as obvious that physical evidence must be collected, sealed, and tracked by someone with no stake in the outcome. AI decisions now sit between people and their jobs, their homes, and their medical care, and they carry no such discipline.

A record is only credible if its keeper has no stake in the verdict. A log the deciding system writes about its own behavior, and can quietly revise, is not evidence. It is a marketing claim about evidence. A real chain of custody seals the record the moment it is made, keeps it apart from the system that produced it, and lets an outside party verify it. Not even the company that paid for it can quietly change it later.

Where Tzun fits, and where it does not

This is the layer Tzun is built for. We capture the decision at the moment a human approves or overrides it, and we seal a tamper-evident record outside the system that made the call. When the decision is challenged later, there is something credible to produce, and an outside party can verify it without taking our word or the company’s.

Tzun does not detect bias. It does not run adverse-impact math or tell you whether your model discriminates. It is not a model-governance suite. It is not insurance, because it transfers no risk and indemnifies no one. It is evidentiary infrastructure. The neutral recorder, not the judge.

The record does not take sides. It captures what actually happened at the point of review. What the AI recommended, who signed off, when, what they decided, and the reason they gave. If a reviewer worked through the call, their reasoning is on the record. If they waved it through with a one-line “looks fine,” that is on the record too. A log built to make you look good is worth nothing when it counts. One that simply records what happened is the kind a court or a regulator will trust.

The firms that win will not be the ones that waited

The enterprises that come through the next five years in the strongest position will not be the ones that waited for the rules to settle. The rules will keep moving. The lawsuits will not wait for them.

The strong position is simpler than the regulatory debate makes it sound. Be the company that intended to do it right, and can prove what actually happened. That is what defensible AI means. Everything else is a story you will be telling a judge from memory.