exceptions

This article rules that Zero Trust fails at the architectural tier when it is treated as a security initiative rather than an accountability system. It explains how policy catalogs and control rollouts can look complete while exceptions become the real operating model. It clarifies why optional enforcement transfers liability upward by deferring the decision of who owns residual risk. It ties the category error to concrete authority artifacts such as access approvals, exception records, and audit packages. It closes by making the governing boundary binary: either exception ownership is provable or accountability defaults to executive arbitration.