If intelligence can route itself, governance is already compromised. The Gated Substrate layer removes capability at the execution environment — not by policy, but by physical isolation.
If intelligence can route itself to a capability, governance is already compromised — restriction by policy only describes what the agent should not do. The Gated Substrate layer removes the capability at the execution environment instead, so the question of compliance never arises.
The difference is physical, not procedural. As long as the substrate exposes a route to forbidden capability, policy remains advisory and depends on the agent's cooperation. Runtime governance requires substrate-level removal: the agent cannot invoke the capability at all, because the path to it does not exist.