Domain-specific Tier 2 carries hidden fragility — bespoke = smaller community = SPOF in resilience disguise

Tier 2 systems built for a single discipline tend to look more resilient than they are. The more bespoke a system, the smaller the community maintaining it, the harder it is to replace, and the more likely it becomes a single point of failure wrapped in the appearance of resilience.

The mechanism is structural rather than operational. A bespoke Tier 2 system is sustained by the people who built and use it, often a small consortium with idiosyncratic governance. Members outsource preservation, integrity verification, and operational continuity to that consortium because no equivalent alternative exists. When the consortium changes — a single founder consolidates control (GISAID, E-0025), a coordinator dissolves (DPN, E-0054), or a small operator's silent automation fails (MetaArchive, E-0055) — there is no second instance of the same system to fail over to. The same property that makes the system fit its discipline (specialization) also bounds the community of people who could rebuild it.

The visible architecture is multi-site replication; the invisible architecture is single-organization governance, single-vendor automation, or single-coordinator integrity. Both architectures must hold for the preservation contract to hold, and only the first is visible from outside the consortium.

This is the structural argument for moving the resilience properties below domain-specific governance to a protocol-level substrate (C-0029). A protocol-level substrate is not bound to any one community's continued capacity to maintain a particular instance of it; the resilience lives in the protocol rather than in the consortium.