Adjacent industries already cross verification threshold — SEC, HIPAA, FDA Part 11

Every other industry that handles consequential data has already crossed the verification threshold:

• SEC Rule 17a-4 mandates 6 years of retention in tamper-proof format with audited disaster recovery. Over $3.5 billion in fines for records-related failures since 2021 across SEC, CFTC, and FINRA combined (S-0073, S-0074).
• HIPAA Security Rule mandates encrypted, redundant backups with tested restoration. Maximum penalties of $2.19 million per violation in the willful-neglect tier (S-0075).
• 21 CFR Part 11 requires complete audit trails for any electronic record submitted to the FDA. When Applied Therapeutics submitted a new drug application and the FDA discovered that a vendor had deleted audit trails two days after FDA preannounced its inspection, the application was rejected — unverifiable data was inadmissible regardless of what it showed (S-0076).
• Financial-sector cybersecurity budget allocation: Financial institutions typically allocate 10-20% of their information technology budgets to cybersecurity and recovery planning combined, per Deloitte and Gartner benchmarking. Financial services, government, and healthcare consistently spend the most of any sectors on disaster recovery (S-0077).

Each sector built audit infrastructure before enforcement matured, and each saw enforcement scale rapidly once infrastructure was in place. The historical pattern: SEC Rule 17a-4 preceded the off-channel-communications enforcement wave by more than two decades; HIPAA Security Rule preceded the systematic OCR audit program by approximately a decade; 21 CFR Part 11 was published in 1997 and reached the Applied Therapeutics-style enforcement posture only after FDA inspection capacity caught up.

Research data is at the equivalent point in its own arc: mandate regime in place, legal theory settled, precedent stack on adjacent fact patterns accumulated. The variable that determines when enforcement scales to the architectural fact pattern is institutional audit infrastructure — exactly what this paper argues institutions should build.