The same week that compliance startup Delve was accused of falsely convincing hundreds of customers they were privacy-compliant — essentially selling a green checkmark without the work behind it — The New Yorker published a sharp piece on how the first casualty of the U.S. war in Iran was the truth. These stories are not adjacent — they're the same story wearing different suits. Both describe systems designed to produce the signal of accountability while eliminating the substance of it.
Compliance Theater and the Trust Economy
Delve's alleged model — and it's worth noting these are accusations from an anonymous Substack, not adjudicated facts — reportedly involved convincing SaaS customers they had achieved GDPR and CCPA compliance without actually validating their data practices. This is compliance theater, a well-documented phenomenon in enterprise software. The incentive structure is perverse: customers want the badge, not the audit; vendors want the sale, not the liability. Fundraising dynamics in early-stage startups create similar distortions — founders learn quickly that the narrative of traction matters more than the metrics behind it, at least until due diligence arrives.