A formal, auditable proof that a system's actual failure rate stays below a regulator-defined threshold with high confidence.