Because off-chain is “cheap and messy”, validation is *probabilistic + policy-based*: * signature checks * schema checks * basic anti-replay: per-signer monotonic counter or “previous hash” * credit policy checks (local credit limits, pledge locks, etc.)
But you don’t need global consensus yet. You accept that: * some tx might be invalid later * disputes exist * finality comes from anchoring + governance attestation
So this layer behaves like a **pending mempool + audit trail**.