Lot-level verification
How CILM selects verification depth for a specific procurement lot. The four-level L0–L3 scale as progressively deeper evidence acquisition, what each level addresses and what it misses, how criticality class adjusts the required depth, and how laboratory evidence re-enters the evidence chain.
Not every procurement lot requires the same verification. A component sourced directly from an authorized distributor with complete manufacturer traceability, clean documentation, and a recent verification record presents a different evidence sufficiency position than the same part number offered by an open-market broker at a price below the market median with a certificate of conformance that cannot be cross-checked. Verification therefore becomes a property of the procurement lot rather than the component itself.
The objective is not to maximize verification depth but to apply only the depth that the available evidence and the consequences of failure justify. Applying the same verification depth to every lot is both expensive and poorly matched to the actual risk distribution: resources are consumed where they are not needed and may be insufficient where they are. CILM addresses this through risk-calibrated routing, using evidence sufficiency as the routing criterion. The evidence available for each lot is assessed before testing begins. The output of that assessment — the risk tier and the criticality class of the application — determines which verification depth is required. That depth is then applied, and the evidence re-enters the model as updated evidence rather than as a standalone verdict.
The four verification levels
CILM uses a four-level verification scale, L0 through L3. The levels describe progressively deeper evidence acquisition rather than four independent inspection methods. Each level addresses questions the previous level cannot answer, and each requires that the levels below it have already been completed and their findings understood before proceeding.
L0 — Documentary Evidence Review is verification without physical access to the lot. It addresses the supply story: whether the documentation is complete and internally consistent, whether the declared chain of custody can be traced, whether the lifecycle status of the part has been checked against known sources, and whether the supplier identity and the documents’ issuers can be independently verified. L0 can identify documentation gaps, inconsistencies between declared and known information, and channel characteristics that carry elevated risk. It cannot verify the physical condition of the parts, the accuracy of their markings, or what is inside them.
L1 — Visual, Package, and Marking Inspection is the first level of physical examination. It addresses whether the physical delivery is consistent with the claimed identity: the packaging condition, the marking of individual units, the lead or ball geometry, and surface characteristics that indicate remarking, cleaning, or prior use. L1 includes formal marking permanency and solvent resistance checks under an approved test plan. It can identify obvious signs of remarking, repackaging, and physical inconsistencies. It cannot determine internal construction, electrical grade, or the history of thermal and mechanical stresses the units have experienced.
L2 — Non-destructive Engineering Tests extends the physical examination to internal structure and material composition without destroying the sample. Methods include X-ray examination of internal construction, X-ray fluorescence analysis of surface material, and acoustic microscopy where applicable. L2 can identify wrong-die parts, internal construction inconsistent with the claimed type, and material anomalies not visible externally. It cannot confirm electrical performance, grade conformance, or the effects of prior use on internal bond wire integrity.
L3 — Destructive, Forensic, and Electrical Verification is the deepest level. It includes decapsulation and scanning electron microscopy to examine the die, electrical verification within the limits of the applicable datasheet and application, and destructive physical analysis. L3 answers the questions that non-destructive methods leave open: whether the die corresponds to the claimed device identity, whether electrical characteristics are consistent with the claimed grade, and whether internal construction reveals prior use or degradation not visible from outside. Destructive methods consume the samples tested and are applied selectively, not to the full lot.
Why no single level is sufficient
The progression from L0 to L3 is not arbitrary. Each level addresses questions that the previous level cannot answer.
The most common error in verification design is treating any single method as a complete screen. Electrical testing is the most frequently cited example. Among suspect counterfeit parts that underwent electrical testing in 2025, approximately one quarter passed that test and only 12 percent failed, according to ERAI’s 2025 annual report. This means the majority of electrically tested suspect parts produced an ambiguous or passing result on electrical testing alone.
Electrical testing answers a specific question: does this unit, at the time of test, perform within the declared limits for the tested parameters? It does not answer whether the die is the declared device, whether the unit has been previously used and refurbished, whether the marking reflects the actual grade, or whether the internal construction matches the datasheet. Those questions require other methods.
The same principle applies throughout the scale. Visual inspection at L1 can identify an incorrect marking but cannot confirm what the correct marking should be without reference to the supply history established at L0. X-ray at L2 can show a wrong die but cannot tell whether the unit functions within limits. Each level produces answers that are useful, bounded, and incomplete without the context provided by the levels below it. No verification method is interpreted in isolation; every result is evaluated in the context established by the preceding evidence.
How criticality class modifies the required depth
The risk score is not the only input to the verification depth decision. The criticality class of the intended application — ranging from C0 for non-critical consumer use through C4 for regulated high-reliability applications in aerospace, medical, or similarly demanding environments — can increase the required verification depth independently of the risk score, because consequence and probability are treated as separate decision variables.
For a component in a C0 or C1 application, a moderate risk score might require L0 or L1 verification, and a low score might allow acceptance with documentary review only. For a component in a C3 or C4 application, the same moderate risk score may require L2 verification, and even a low risk score may require at least L0 and L1, because the consequence of an undetected failure at those criticality levels justifies a higher evidence standard regardless of the prior probability of nonconformance.
This reflects the basic asymmetry in risk management: when the cost of failure is high enough, it is rational to accept a higher verification cost even when the probability of failure is low. Criticality class is the mechanism through which that asymmetry enters the CILM routing decision.
The exact combination of risk tier and criticality class that triggers each verification depth is maintained in restricted technical documentation. The conceptual routing logic is that higher criticality consistently shifts the required depth upward: a tier-and-criticality combination that would result in L1 for a C1 application would result in L2 for a C3 application, and L3 for a C4 application in the most demanding tier.
How laboratory evidence re-enters the evidence chain
Laboratory evidence is not the end of the verification process in CILM — it is an input to the ongoing evidence record for the lot. They become additional evidence within the existing evidence chain, updating what was known before the verification was carried out.
When verification is completed, the evidence is recorded as a Lab Evidence Event. For the evidence record to be incorporated into the risk model at full weight, it must meet a specific standard: the evidence record must carry a hash that confirms it has not been altered, the laboratory must be identified and its credentials verifiable, the chain of custody from sample selection through return of results must be documented, and the timestamp and verifier identity must be recorded. A laboratory evidence record that cannot meet these requirements does not contribute to the evidence confidence score in the same way as a fully documented one.
The incorporated evidence is then used to update factor values based on the new evidence. A lot that passes L2 without findings has its verification quality factor updated to reflect that the non-destructive examination found no anomaly. A lot where L3 electrical verification identifies an anomaly triggers a different path: the finding may constitute a critical flag that overrides the calculated risk tier, a detection event that is recorded for future reference, and a supplier profile update that affects how subsequent deliveries from the same source are assessed.
The risk score calculated before verification — the prior score — and the score recalculated after — the posterior score — are stored separately. The routing decision made on the prior score remains in the audit record. This separation ensures that the decision to apply verification at a given depth can be reviewed against the information available at the time, rather than being evaluated in retrospect against what the verification subsequently found.
What verification establishes, and what it does not
Verification at any level establishes that specific tests, applied to specific samples under specific conditions, produced specific results. It does not establish that all units in the lot conform, because testing is almost always applied to a sample rather than the full population. It does not establish that the lot will perform correctly in the final application under all conditions, because testing conditions are defined by the test plan rather than by the application environment. And it does not establish authenticity in an absolute sense — the methodology does not use formulations such as zero percent fraud or confirmed genuine.
What verification does establish is an evidence position. After L3 verification is completed and documented, the lot has a substantially stronger evidence base than it had before. The posterior risk score reflects that stronger base. The evidence record — in the Digital Component Passport — contains the documented chain from the incoming evidence through the verification results to the final disposition.
The outcome is therefore not an authenticity verdict but an auditable evidence position: what was known, what was done, what was concluded — at every stage of the procurement decision.
[DIAGRAM: vertical flow showing the full canonical sequence — box “Available evidence” at top with downward arrow to “L0 Documentary Evidence Review” with arrow to “L1 Visual, Package, Marking” with arrow to “L2 Non-destructive Engineering Tests” with arrow to “L3 Destructive / Forensic / Electrical Verification” with arrow to “Lab Evidence Event (hash, chain-of-custody, timestamp, lab identity)” with arrow to “Posterior CIRS update (factor values updated based on new evidence)” with arrow at bottom to “DCP Update (evidence appended to Digital Component Passport)”. To the right of the L0–L3 ladder, a bracket labels “Progressively deeper evidence acquisition — each level requires completion of the level(s) below”. A horizontal dotted line between the L3 box and the Lab Evidence Event box is labeled “Physical verification boundary — CILM routes; accredited laboratory executes”. Caption: “Exact trigger thresholds by risk tier × criticality class are maintained in restricted technical documentation. Author-developed.”]
Information gain
The L0–L3 verification scale is explained as a risk-calibrated routing instrument for evidence sufficiency rather than a universal inspection checklist, with the specific limitation that electrical testing alone passes approximately one quarter of electrically tested suspect parts — making multi-level sequencing a structural requirement within an evidence-driven procurement decision process.
Author contribution
The application of the four-level L0–L3 verification scale as the operational output of CILM risk assessment, the illustration of how criticality class modifies the required verification depth independently of the risk score, and the framing of laboratory evidence as posterior updates that return to the risk model rather than as standalone pass/fail verdicts within a reproducible evidence chain.
Claims and sources
-
Among suspect counterfeit parts that underwent electrical testing in 2025, approximately 24 percent passed that test and only 12 percent failed, according to ERAI's 2025 annual report — meaning electrical testing alone would have cleared approximately one quarter of suspect parts without detecting the nonconformance.
-
According to ERAI's 2025 annual report, parts with an obsolete or end-of-life lifecycle status represented 60.02 percent of all parts reported to ERAI in 2025, compared with 36.15 percent for parts with an active lifecycle status — a distribution that reflects the concentration of verification demand on the parts for which authorized supply is most constrained.
-
The author examines verification errors that occur during component procurement and their consequences for production in 'Manufacturing Component Verification Errors', published in Supply Chain Management Review on 7 July 2026.
-
The empirical basis for the methodology, including the procurement communication corpus used to study evidence-seeking behaviour at the moment of procurement decision, is published as an open dataset on IEEE DataPort (DOI 10.21227/34y3-zj88).
FAQ
Does CILM perform laboratory testing?
No. CILM selects verification depth and routes lots to the appropriate level. Physical testing is performed by partner laboratories, whose competence is established independently — including through accreditation under ISO/IEC 17025. CILM structures the triage and the evidence intake; it does not replace the laboratory.
Does passing L3 verification establish that a component is genuine?
No. It means the component passed the specific tests applied at the specific methods and coverage used. ERAI's 2025 data shows approximately one quarter of electrically tested suspect parts passed electrical testing. L3 reduces risk significantly; it does not eliminate it. The methodology does not use formulations such as zero percent fraud or confirmed genuine.
Why start with documentation rather than X-ray or electrical verification?
Because the supply history and documentation provide the interpretive context for everything that follows. An anomaly in a marking or lead condition means something different depending on whether the supply chain is traceable or opaque. Starting with the physical test before establishing the story of the lot produces observations without context and can produce misleading results.
What changes when a component has a high criticality class?
The criticality class can increase the required verification depth independently of the risk score, because consequence and probability are treated as separate decision variables. A component in a safety-critical or regulated application may require deeper verification even when the risk score is moderate — because the consequence of an undetected failure justifies a higher evidence standard regardless of the prior probability of nonconformance.
What happens to laboratory evidence in the CILM model?
Laboratory evidence is recorded as a Lab Evidence Event and incorporated into the risk model as updated evidence, producing a posterior risk score. The prior score and the posterior score are stored separately, with a record of which events caused each update. Laboratory evidence also becomes part of the Digital Component Passport for the lot.
What if the laboratory evidence record lacks chain-of-custody documentation?
An evidence record without documented chain of custody, a hash of the report file, and verifiable laboratory identification does not count toward the verification quality factor in the CILM model. The evidence is not rejected for purposes of decision-making, but it cannot improve the evidence confidence score in the way that a fully documented result would.