Axis I · D1
AI systems architecture at scale
Thesis. Architecture at scale is not measured by model performance but by the system's capacity to remain governable, observable and reversible once exposed to operational conditions.
The distinction that cuts
Model architecture vs system architecture. The first produces an AUC; the second produces a deployable apparatus. Conflating the two is the dominant structural error of AI projects in regulated environments.
Typical market error
Treating scale as an infrastructure problem (GPU, throughput, latency) when it is first an integration problem: coupling to business IT, effective human oversight, fallback plans, decisional traceability separated from model computation. A system that scales in MLOps terms can be structurally non-deployable in MDR or EU AI Act terms.
Failure signals
No documented procedure to deactivate the system in under 24 h without disrupting business operations. Tight coupling between model runtime and downstream IT, with no isolation port. Audit log conflating inference and decision, therefore impossible to produce in a litigation context. Single SLO on availability, no separate SLO on decisional reliability. No explicit withhold policy at exit of applicability domain.
References
ISO/IEC 42001 (AI management system); NIST AI RMF 1.0; ISO/IEC 5469 (functional safety, AI elements); for medical, IEC 62304 and IEC 82304-1; EU AI Act art. 9 (risk management) and art. 15 (accuracy, robustness, cybersecurity).
Ground of implementation
TweenMe was hexagonally refactored to make explicit four reliability ports (calibration, applicability domain, traceability, decision policy) alongside three functional ports. The decision_policy port withholds the result when is_in_domain returns false, rather than emitting a degraded output. This instance illustrates the inference/decision separation; it does not prove every AI system must adopt this architecture, but it demonstrates that a publishable AUC and a governable system are not the same engineering object.
Articulation
See the article Hexagonal architecture for inference (Twingital Institute, March 2026) for the doctrine, and domain D3 Lifecycle and degradation for its temporal counterpart. An architecture governable at deployment must remain governable through every drift, otherwise it never was.