What Happens When Nothing Is Signed

A startup we know was three weeks from closing a $40M acquisition. The buyer's diligence team asked for the data dictionary that defined every field in the customer database. The startup's data lead pulled it from a shared drive. The buyer's team pulled the same file from an earlier email thread. The two files were not identical. Nobody could say which version was authoritative. The buyer paused diligence. By the time the dictionary was reconstructed, the buyer's quarter had ended and the offer was withdrawn.

A regional hospital lost a malpractice case in 2024 because their EHR vendor's audit log had been "rebuilt for performance" eight months earlier. The plaintiff's attorney asked for the precise sequence of orders the attending physician entered the night of the incident. The hospital produced a summary; the summary did not satisfy the discovery rule. The judge instructed the jury to assume the missing log was unfavorable. The hospital settled for an amount that would have been a footnote in their annual report — if it had stayed a footnote.

A freelance designer in Tel Aviv delivered a brand identity for a Berlin client. The contract said €18,000 for the package. Six months in, the client claimed the contract said €12,000 and produced a PDF that, in fact, said €12,000. The designer produced her own PDF; hers said €18,000. Neither file carried any timestamp or signature. The dispute went to mediation; the mediator could not determine which version was real; the designer settled for €5,500 to avoid a multi-jurisdictional small-claims fight that would have cost more than the difference. Thirty cents on the dollar, because nobody had signed anything.

Three different industries, three different stakes, one identical pattern: at the moment the artifact was created, signing it would have cost zero. Reconstructing it later cost a deal, a courtroom verdict, and most of a freelancer's invoice. The math is brutal because it is asymmetric — a few hundred bytes of signature at the moment, or weeks of legal fees later. People do not sign because at the moment, nothing is wrong. People wish they had signed when the question is no longer hypothetical.

The pattern has a name in operations research: it is a deferred cost. The cost exists; the timing of the cost is what's negotiable. Software has been getting better at deferring costs for fifty years — we ship features now, fix bugs later, refactor when it hurts. That trade has worked because the deferred cost was usually still recoverable. Unsigned digital artifacts break the pattern. The cost is not recoverable. Once the artifact exists without provenance, no later effort restores the provenance — only a re-creation, which the original counterparty has every reason to refuse.

What does "signed at the moment" actually look like? It looks like the same workflow you already have, plus one button. Drag the file. The browser computes a fingerprint, asks your local key to sign it, stamps the time. Forty milliseconds. A small JSON record drops into your downloads. That record verifies for as long as the file exists, against any party, on any continent, without needing us, the original sender, or the original platform to be online. The cost was nothing. The protection is permanent.

The startup founders we know would still have closed their acquisition if every version of every internal artifact had been signed at creation. The hospital's audit log would have been admissible. The designer would have been paid in full. The signature is not a complication — it is the absence of one specific class of catastrophe. You only notice it the day the catastrophe doesn't happen, and by then you have stopped paying attention to why. That is what infrastructure looks like when it works.