Jason Reeder

Posted on Mar 15 • Edited on Mar 29

The Camera Saw Something. How Do You Prove It Decided Correctly?

#deterministic #api #compliance #security

March 15, 2026

Every day, millions of automated decisions are made by physical security systems.

A camera detects motion after hours. An analytics platform identifies a person in a restricted area. An alarm system decides whether to dispatch police, alert security, or log the event and ignore it.

These decisions happen continuously. They affect safety, privacy, and liability. And right now, almost none of them leave an audit trail.

That’s about to change.

— -

The Coming Wave of Accountability

On January 1, 2026, California became the first state to regulate AI companion chatbots. SB 243 requires safety protocols, transparency reporting, and legal accountability when AI systems fail to meet standards.

This is not an isolated event. It’s the opening wedge.

What applies to chatbots today will apply to AI-powered surveillance decisions tomorrow. Regulators are coming for all automated decision systems — especially those that affect safety, privacy, and civil liberties.

The 2026 security industry trends are explicit: privacy and regulation are no longer afterthoughts — they’re foundational business realities . Companies face increasing scrutiny over how they handle surveillance data, particularly where video data can identify individuals .

Cloud systems are being positioned as the route to tighter control and more structured governance, with encryption, access controls, and automated logging as core requirements .

But here’s the gap: the logging exists for access and configuration. It doesn’t exist for decisions.

— -

What a Security Decision Actually Looks Like

Consider a typical after-hours security scenario:

Input:

Motion detected in restricted area
No authorized personnel on site
Time: 2:34 AM
Location: Server room
Policy: “After-hours access requires immediate security alert”

The system must decide: dispatch police? alert on-site security? log and ignore?

That decision is made by software — rules, thresholds, confidence scores. But where is the record of why it decided what it decided?

Most systems don’t have one.

— -

What an Audit Trail for Security Decisions Looks Like

Here’s a real example from our API, applied to this scenario:

Input:

{
“scenario_summary”: “After-hours motion detection”,
“observed_signals”: [“person detected”, “restricted area”, “no authorized personnel”],
“known_context”: [“time: 02:34”, “policy: immediate alert”]
}

Output (simplified):

{
“decision_posture”: “proceed”,
“confidence”: 87,
“compliance_references”: [
“SOC2 CC7.2 — System Monitoring”,
“SOC2 CC6.1 — Logical Access Security”
],
“decision_rationale”: “Motion detected in restricted area after hours with no authorized personnel present. Policy requires immediate alert. CC7.2 monitoring satisfied; CC6.1 access violation indicated. Alert dispatched.”,
“clarifying_question”: null
}

This is not just a log. This is proof.

Proof that the decision followed policy
Proof that specific controls were considered
Proof that the same input would produce the same output tomorrow
Proof that regulators can verify

— -

Why This Matters for Physical Security

The global surveillance technology market is projected to grow from $173.57 billion in 2025 to $289.13 billion by 2030 . That’s cameras, analytics, alarms, and the cloud platforms that connect them.

On May 1, 2026 — less than two months from now — multiple new national standards for video surveillance take effect :

| Standard | What It Covers |
| — — — — — | — — — — — — — — |
| GB/T 12345–2026 | Video image content analysis & description |
| GB/T 12346–2026 | Video image enhancement |
| GB/T 12347–2026 | Video image retrieval |
| GB/T 12348–2026 | Testing specifications |

Download the Medium App
The working groups developing these standards include every major player: Hikvision, Dahua, Huawei, Megvii, SenseTime, CloudWalk, and dozens of others.

These companies are building the cameras and analytics. They will all need the audit layer that makes those systems compliant with emerging regulations.

— -

What Exists Today vs. What’s Missing

No one is connecting these dots.

— -

What We Built

Our API is a deterministic decision engine originally built for SOC2 compliance. Same input → identical output, every time. Full audit trail with compliance references. No training data, no privacy risk, no black box.

It works for any automated decision system. Including physical security.

The same API that maps access control signals to SOC2 CC6.1 can map motion detection to CC7.2. The same logic that logs change management decisions can log alarm dispatch decisions. The same output that satisfies auditors can satisfy regulators.

One API. Multiple domains. One truth layer.

— -

What This Means for the Industry

The cameras capture data. The analytics generate insights. The security systems make decisions.

We make those decisions auditable.

Not as an afterthought. As the foundation.

When regulators ask: “How do you know your automated security decisions are consistent?” — you have an answer.

When insurers ask: “Can you prove your system follows policy?” — you have proof.

When courts ask: “Why did your system decide to dispatch police?” — you have a record.

— -

The Opportunity

The industry is building smarter cameras, better analytics, faster alerts. All of that is table stakes.

The next layer is trust. The ability to prove that automated decisions were made consistently, following policy, with complete transparency.

That’s what we built. That’s what this API does.

And it’s ready for physical security right now.

— -

What’s Next

The API is live. Free tier: 100 decisions/month. Documentation at the link below.

If you’re building security cameras, alarm systems, or surveillance platforms — and you’re wondering how you’ll prove your automated decisions are consistent when regulators come calling — now you know.

It’s not a feature you add later. It’s the layer you build on.

— -

Founder & CEO, Decision Security Layer
decseclayer@gmail.com
API Docs

— -

DEV Community