Chris June’s core framing is simple: the hardest part of AI in an SMB is not getting a model to respond—it’s keeping outputs reliable as workflows expand. AI operating architecture is the production layer that structures context, orchestration, memory, controls, and human review around AI work. The architectural question is therefore operational: *what decisions, routes, and controls make an AI system dependable for real business use?
- (nist.gov)
Separate architecture from implementation choices
A stable AI operating architecture distinguishes what the system must do reliably from which tools you use to do it. In practice, you specify operating responsibilities—risk identification, routing, oversight, monitoring, and escalation—then you can swap models, retrievers, or tool integrations without rebuilding governance logic. NIST’s AI RMF is structured as an ongoing risk management capability (Govern/Map/Measure/Manage), which is the same separation decision: risk functions are architectural; implementation details vary. (nist.gov)
Proof. NIST AI RMF describes governance as a structure that aligns AI risk management functions and supports activities across the AI lifecycle, and it explicitly positions the framework as guidance to improve incorporation of “trustworthiness considerations” into design, development, use, and evaluation. (nist.gov)Implication. If you treat governance and oversight as “implementation,” every migration (new model, new vendor, new prompt pattern) resets your controls. If you treat them as architecture, your teams scale across use cases while maintaining consistent decision routing, review rules, and audit trails. (nist.gov)
Can you route, review, and explain AI decisions reliably
When AI
becomes operational, decision quality depends on routing logic and review triggers, not on model cleverness. Decision architecture in an operating layer defines: (1) which requests are “in-scope” for automation, (2) which require human review, and (3) what evidence is captured to make the outcome auditable. Canada’s federal Directive on Automated Decision-Making is a concrete example of how decision governance is operationalized. It requires safeguards aligned with procedural fairness principles such as transparency and accountability, and it treats “automated decision systems” broadly to include systems that assist or replace human judgment. It also calls out impact assessments and ongoing updating of documentation when systems change. (canada.ca)
Proof. The Government of Canada’s guide on the scope of the Directive explains that safeguards can involve updating documentation such as privacy impact assessment and security assessment, and it emphasizes administrative law principles including transparency, accountability, legality, and procedural fairness. (canada.ca)Implication. For SMBs, the architectural translation is straightforward: treat “human review” as a routing decision with defined thresholds, not as a manual afterthought. If you cannot state your routing rules, you cannot reliably explain outcomes when incidents, bias complaints, or audit requests arrive. (canada.ca)
Orchestrate tools and handoffs as a controlled workflow
AI operating architecture
becomes real when the system coordinates tool use and multi-step workflows—then controls failures. Agent orchestration is the architectural layer that manages tool calling, intermediate state, handoffs between steps, and containment when tool outputs are unreliable. OpenAI’s function/tool calling documentation describes how function calling is used to connect a model to external tools and systems, including mechanisms to ensure structured arguments match a provided JSON schema when strict structured outputs are enabled. (help.openai.com)
Proof. Function calling “allows you to connect OpenAI models to external tools and systems,” and the documentation notes that with strict: true, Structured Outputs can guarantee that generated arguments exactly match the provided JSON schema. (help.openai.com)Implication. Without orchestration architecture, teams embed tool assumptions inside prompts and application code, which makes drift likely and failure handling inconsistent. With orchestration architecture, you can standardize tool schemas, validate inputs/outputs, log handoffs, and apply the same escalation and rollback rules across teams. (help.openai.com)
Scale across teams by keeping memory and context bounded
Scaling is
less about adding more prompts and more about keeping context bounded and decisions repeatable. In operating architecture, “memory and context” are not a model feature alone; they are a service responsibility: which documents, which fields, which retrieval rules, and which evidence objects are allowed into the decision. NIST AI RMF’s “Map” and “Measure” functions focus on understanding and evaluating risks and impacts with appropriate metrics and evidence. That creates an architectural requirement for context management: if you cannot map what information influenced an outcome, you cannot measure trustworthiness over time. (airc.nist.gov)
Proof. NIST AI RMF Playbook describes AI risk management as a set of functions (Govern/Map/Measure/Manage) and positions the playbook as neither a checklist nor a fixed sequence, reflecting that organizations must tailor the risk approach to context. (airc.nist.gov)Implication. When a first use case becomes core operations, you do not just scale volume—you change the operating expectations. You must formalize context sources (what is retrieved, what is excluded), evidence capture (what was used), and operational review (what gets escalated). Those are architectural changes, not only tuning changes. (nist.gov)
What breaks in production and how architecture prevents it
A common
failure mode is “mismatch between incident reliability practices and AI-specific workflows.” If your system fails, you need an incident process that captures what happened and updates the operating layer—especially the decision routing and governance controls. Google’s SRE incident management and postmortem guidance emphasizes incident documentation, retained records for analysis, and blameless postmortem culture to improve reliability learning. (sre.google)
Proof. Google’s SRE materials describe the importance of retaining documentation for postmortem analysis and the role of a blameless postmortem culture in improving reliability, including publishing postmortems so teams can learn. (sre.google)Implication. In AI operations, architecture must define failure containment: what happens when tool outputs conflict, when retrieval is stale, when confidence is low, and when a policy requires human review. If those controls are informal, you will respond to incidents with ad hoc prompt edits rather than consistent governance updates. (canada.ca)
View Operating Architecture as your next operating decision
For Canadian SMB
leaders comparing AI strategy options, the practical choice is to fund and design the operating layer—not only the model. The “View Operating Architecture” decision means you commit to four architectural artifacts: (1) decision architecture for routing and review, (2) agent orchestration for tool workflows and validation, (3) governance layer for risk management functions, and (4) bounded memory/context with evidence capture. ISO/IEC 42001 is useful here because it treats AI governance and risk management as an organizational management system with requirements for establishing, implementing, maintaining, and continually improving an AI management system. (iso.org)
Proof. ISO/IEC 42001 specifies requirements and guidance for establishing, implementing, maintaining, and continually improving an AI management system within an organization. (iso.org)Implication. The operating architecture is how you keep AI useful when the pilot becomes core operations: it clarifies ownership, speeds escalation, and makes reliability and governance measurable. (nist.gov)View Operating Architecture