Runtime Admissibility
Control Mechanism
This concept is part of the Decision Infrastructure category.
Decision Infrastructure asks
“Should it still happen now?”
An approval is a signal. An execution is the event. Runtime admissibility is the property that an approved decision remains permitted at the moment it acts.
Most enterprise systems evaluate policy at decision time.
Decision Infrastructure evaluates admissibility at execution time.
What Is Runtime Admissibility?
Runtime admissibility is the property that a proposed action is currently permitted, given the present state of conditions, authority, evidence, and risk — re-evaluated at the moment of execution, not at the moment of decision.
It is the architectural primitive that distinguishes governed execution from automated execution. A system that approves but does not re-evaluate at the commit cannot guarantee that the outcome was permitted at the time it occurred. A system that re-evaluates at the commit can.
The Decision-to-Execution Gap
Between the moment a decision is approved and the moment the action commits, state moves. Documents expire. Conditions fail. Sanctions lists update. Authority changes. Exposure shifts. Fraud signals emerge.
Every regulated outcome that fails between approval and the act lives in that gap. Most enterprise stacks have no architectural position from which to govern it — decision systems exit before execution, workflow tools route without re-validating, observability describes after the fact. Runtime admissibility is the property that closes the gap structurally rather than narratively.
Why Approved ≠ Executed
Approval is a signal that, at a moment in the past, a decision met policy under known state. Execution is the event in which that decision becomes real against the current state of the systems it will act upon. The two are not the same property — and treating them as the same is what produces the outcomes enterprises cannot explain.
Runtime admissibility makes this distinction architectural rather than aspirational. It is not a process improvement. It is a layer.
Runtime Validation
Runtime validation is the mechanism by which admissibility is evaluated. It checks the live state of conditions, authority, evidence, and risk against the policy that authorized the decision. If any dimension has changed in a way that invalidates the original authorization, admissibility fails.
Validation is performed at the commit boundary — the architectural location where intent attempts to become consequence. It is not a secondary review. It is the gate.
Continuous Admissibility Evaluation
A single check at the commit is not enough for actions that stay in flight over time. Admissibility must be evaluated continuously for the duration of the obligation — held positions, open commits, long-running disbursements — so that any state change between evaluations invalidates the action before it can act on stale assumptions.
Continuous admissibility is what makes Decision Infrastructure a runtime layer rather than a checkpoint.
ALLOW / HOLD / DENY Semantics
Every commit attempt produces one of four outcomes. The semantics are deliberately narrow — admissibility is a binary property with structured exceptions.
Action proceeds. Evidence is captured at the moment of binding.
Revalidation required before binding. Action is paused, not failed.
Action is blocked. Reason and current state are captured as evidence.
Higher authority review required. Decision and context are recorded.
Relationship to the Commit Boundary
The commit boundary is the architectural location where intent becomes consequence. Runtime admissibility is the evaluation that occurs at that location — the check that determines whether the action is permitted to bind. The boundary names the place; admissibility names the property; binding names the act.
Distinguishing these three is what makes execution governance architecturally coherent. Most platforms collapse them, and the collapse is what produces governance theater.
Evidence at Execution
Every admissibility outcome — allow, hold, deny, escalate — produces evidence at the moment it occurs. State, conditions, authority, and policy are recorded together, not reconstructed afterward. Reconstructed evidence is interpretation. Evidence created in-line at execution is fact.
This is what makes runtime admissibility defensible to regulators and to internal audit. A system that cannot produce in-line evidence cannot claim governed execution.
Where Runtime Admissibility Matters
The same architectural property applies wherever a state change between approval and execution could invalidate the action.
Scenario. A loan was approved at 9 AM. By 2 PM, a borrower document expired, a condition list updated, and exposure shifted. The funding wire is about to commit.
Admissibility. Runtime admissibility re-evaluates state at the commit. If conditions no longer hold, the wire is held or denied — with evidence captured at the moment.
Scenario. A wire transfer was authorized last week. Between authorization and settlement, an entity on the chain was added to a sanctions list.
Admissibility. The settlement attempt is denied at runtime. Authorization alone is not sufficient; the action must remain admissible against the current list at execution.
Scenario. A trader was authorized to approve commitments up to a limit. Their authority was reduced after a role change — but a pending commit is still in flight.
Admissibility. Runtime admissibility checks current authority at commit, not authority captured at decision time. If reduced, the commit is held or escalated.
Scenario. A payment was approved through normal review. Between approval and disbursement, a downstream fraud model flagged a related counterparty.
Admissibility. The disbursement is denied or held at the commit boundary. New fraud evidence invalidates the prior admissibility — the action must be re-validated.
Scenario. A funding decision was made against an exposure model that was accurate at decision time. Intraday, exposure crossed a threshold defined in policy.
Admissibility. Runtime admissibility evaluates against the current exposure state. The action is escalated, held, or denied — never silently executed against stale assumptions.
Decision Infrastructure is the category. System of Intelligence is how it operates. Runtime admissibility is the property that defines whether execution was governed at all.
Frequently Asked Questions
What is Runtime Admissibility?
Runtime admissibility is the property that a proposed action is currently permitted — given the present state of conditions, authority, evidence, and risk — re-evaluated at the moment of execution rather than the moment of decision. It is the architectural primitive that distinguishes governed execution from automated execution: a system that approves but does not re-evaluate at the commit cannot guarantee the outcome was permitted when it occurred; one that re-evaluates can.
Why is admissibility evaluated at runtime?
Because state changes between approval and execution. Documents expire, sanctions lists update, authority lapses, conditions fail, exposure shifts, and fraud signals emerge. A decision approved earlier may no longer be permitted when the action attempts to commit. Design-time policy checks cannot see runtime state — only an evaluation at the moment of action can determine whether the action is still admissible against current reality.
What inputs are evaluated?
Four dimensions are checked against the policy that authorized the decision: current state (has reality changed since approval), policy (do the rules still permit it), authority (does the actor still hold the right to act), and context (have risk signals, timing windows, or dependencies changed). Supporting evidence — documents, signals, conditions — is checked for whether it is still intact at the moment of action.
What causes admissibility failure?
Admissibility fails when any dimension has changed in a way that invalidates the original authorization: an expired or missing document, a policy or sanctions update, lapsed or reduced authority, a failed condition, a crossed exposure threshold, or a new fraud signal. The decision was correct under the state known at approval; it is inadmissible because the state it would now act upon is different.
Can admissibility change after approval?
Yes — that is the entire point. Approval captures admissibility at a moment in the past; runtime admissibility tracks whether it still holds now. An action admissible at 9 AM can become inadmissible by 2 PM. For actions that stay in flight, admissibility is evaluated continuously, so a change at any point before the act invalidates it before it can commit on stale assumptions.
How often is admissibility checked?
At minimum at the commit boundary, before the action binds. For actions that remain in flight over time — held positions, open commits, long-running disbursements — admissibility is re-evaluated continuously for the duration of the obligation, so any state change between evaluations invalidates the action. Continuous evaluation is what makes Decision Infrastructure a runtime layer rather than a one-time checkpoint.
Is admissibility explainable?
Yes. Every admissibility outcome — ALLOW, HOLD, DENY, ESCALATE — is produced deterministically and recorded with the state, conditions, authority, and policy that produced it. Because the evaluation is captured in-line, you can see exactly why an action was permitted, paused, blocked, or escalated. Admissibility is not a model's opinion; it is a deterministic, explainable verdict against current reality.
Can auditors review admissibility decisions?
Yes. Each admissibility evaluation produces evidence at the moment it occurs — the inputs, the checks, the policy version, the authority, the timing, and the verdict — as an immutable, reconstructable record. Because outcomes are deterministically replayable, the same inputs reproduce the same result, so auditors and regulators can review not just that an action happened but whether it was permitted when it happened.
How does admissibility differ from policy checks?
Policy enforcement checks whether a decision was made under acceptable rules — a design-time check. Runtime admissibility checks whether that decision is still permitted right now, against the live state of the systems it will act upon — an execution-time check. Policy is necessary but not sufficient: a decision can satisfy policy at approval and still be inadmissible at execution because reality has moved.
How does admissibility reduce operational risk?
It eliminates the failure mode where approved actions execute against state that has drifted — the stale approval, the post-authorization sanctions hit, the expired condition, the lapsed authority. By holding, denying, or escalating no-longer-admissible actions before they bind, and evidencing each outcome, it converts silent, accumulating risk into governed, explainable events — and prevents the auditable failures that survive every after-the-fact control.
What outcomes does runtime admissibility produce?
Every commit attempt produces one of four outcomes: ALLOW (the action proceeds and evidence is captured at binding), HOLD (revalidation is required before binding — the action is paused, not failed), DENY (the action is blocked, with reason and current state recorded), or ESCALATE (higher-authority review is required). The semantics are deliberately narrow: admissibility is a binary property with structured exceptions.
How does runtime admissibility relate to the commit boundary?
The commit boundary is the architectural location where intent becomes consequence; runtime admissibility is the evaluation performed at that location — the check that determines whether the action is permitted to bind. The boundary names the place, admissibility names the property, and binding names the act. Distinguishing the three is what keeps execution governance architecturally coherent.
Relationship Reading Tree
Relationship to Other Concepts
Decision Infrastructure is part of a connected ontology. Use this relationship tree to understand where this concept fits.
- System of Intelligence
- Decision Infrastructure
- Decision-to-Execution Gap
- Commit Boundary
- Execution Governance
- Runtime AdmissibilityYou are here
- Governed Execution
- Evidence at Execution
- Operational Legitimacy (Result)
- Consequence Intelligence (Output)
Reference Surfaces
Reference Surfaces
Reference Surfaces
Understanding a category requires more than comparisons. These reference surfaces explain the core concepts, architecture, vocabulary, and placement of Decision Infrastructure within the enterprise stack.
Definition
What Is Decision Infrastructure?
The canonical introduction to the category. Defines Decision Infrastructure, execution governance, runtime admissibility, and governed execution.
- Category definition
- Execution governance
- Runtime admissibility
- Governed execution
Placement
Where Decision Infrastructure Fits
Where Decision Infrastructure sits between Decision Systems and Consequence Intelligence in the enterprise stack.
- L4 Decisioning
- L5 Decision Systems
- L6 Decision Infrastructure
- L7 Consequence Intelligence
Architecture
Decision Infrastructure Architecture
The architecture that enables execution governance — how Decision Infrastructure operates across enterprise systems.
- Commit boundaries
- Runtime validation
- Execution control
- Evidence generation
Vocabulary
Decision Infrastructure Glossary
The canonical vocabulary of the category — the lexicon analysts can quote precisely.
- Runtime admissibility
- Commit boundary
- Execution governance
- Governed execution
- Evidence at action
Related Concepts
Architectural primitives adjacent to runtime admissibility
The architectural primitives that compose Decision Infrastructure — each governs one facet of how execution remains admissible.
Commit Boundary
The structural point where intent crosses into consequence — where admissibility is checked.
Execution Governance
The discipline of controlling execution at the moment decisions become consequences.
Governed Execution
Execution that occurs only when policy, authority, conditions, and evidence remain valid at the act.
Evidence at Execution
Evidence captured at the moment of action — not reconstructed afterward.
Decision-to-Execution Gap
The interval between approval and execution where conditions change and admissibility can silently expire.
Control Stack
The 7-layer enterprise architecture in which admissibility is evaluated at L6 (Decision Infrastructure).
Decision Runtime Trace
The artifact each admissibility evaluation becomes part of — the per-decision record from intent through outcome.
Related Comparisons
Related Comparisons
Use these comparisons to understand how Decision Infrastructure differs from adjacent categories, systems, and governance models.
Decision Infrastructure vs Decision Intelligence
The category vs its output cousin — what produces decisions vs what governs them at execution.
Decision Infrastructure vs Decision Governance
Governance defines policy. Infrastructure operationalizes it at execution.
Decision Infrastructure vs Decision Control Plane
A control plane routes and coordinates actions; Decision Infrastructure governs whether each action should still happen at all.
Decision Infrastructure vs Decision Execution Engine
An execution engine runs the action; Decision Infrastructure governs whether execution may proceed.
Decision Infrastructure vs Runtime Governance
Runtime governance is a capability; Decision Infrastructure is the category that contains it.
Decision Infrastructure vs Decision Systems
Workflow-and-approvals systems exit before execution; Decision Infrastructure governs the act itself.
Decision Infrastructure vs AI Governance
AI Governance defines what should be allowed. Decision Infrastructure governs whether those permissions remain valid at execution.
AI Governance vs Decision Systems
Why model and process governance frameworks don't close the gap between approval and consequence.
Decision Infrastructure vs Digital Twin
Simulating reality vs governing what is allowed to happen in reality.
Sovereign Reasoning vs Decision Systems
Reasoning under jurisdictional and policy constraints vs the workflow systems that operationalize decisions.
Decision Infrastructure vs Agentic AI
Agents act autonomously; Decision Infrastructure governs whether each autonomous action is admissible at execution.
Decision Infrastructure vs MLOps
MLOps keeps the model healthy; Decision Infrastructure governs whether the decision it informs is admissible at execution.
Decision Infrastructure vs GRC
GRC documents and reviews controls; Decision Infrastructure enforces them on each action at execution.
Decision Infrastructure vs iPaaS
iPaaS connects systems and moves data; Decision Infrastructure governs whether the action between them should execute.
Decision Infrastructure vs Observability
Observability explains execution; Decision Infrastructure governs whether it should occur at all.
Decision Infrastructure vs Knowledge Graphs
Knowledge graphs map what is connected; Decision Infrastructure governs whether an action across those connections is admissible.
Decision Infrastructure vs Sovereign Reasoning
Sovereign Reasoning bounds how AI reasons; Decision Infrastructure governs whether the resulting action is admissible at execution.
Decision Infrastructure and Palantir
Palantir integrates data and drives action; Decision Infrastructure governs whether each action is admissible at execution — across any platform.
Decision Infrastructure and ServiceNow
ServiceNow runs and automates the workflow; Decision Infrastructure governs whether each action it fires is admissible at execution.
Decision Infrastructure and Pega
Pega manages decision workflows; Decision Infrastructure governs whether execution remains legitimate at the act.
Decision Infrastructure and Appian
Appian automates process execution; Decision Infrastructure governs consequence authorization at the commit boundary.
Decision Infrastructure and FICO
FICO optimizes decision quality; Decision Infrastructure governs whether a scored decision is still admissible at execution.
Decision Infrastructure vs Middleware
Middleware passes messages between systems; Decision Infrastructure governs whether the action a message triggers should execute.
Decision Infrastructure vs BPM
BPM orchestrates the process and moves work to the action; Decision Infrastructure governs whether that action should commit.
Decision Infrastructure vs Workflow Automation
Workflow automation runs the sequence; Decision Infrastructure governs whether each action in it should commit.
Decision Infrastructure and Salesforce
Salesforce runs the customer workflow; Decision Infrastructure governs whether each action it fires remains legitimate at the act.
Decision Infrastructure and Celonis
Celonis reveals how processes run and drives action; Decision Infrastructure governs whether that action is admissible at execution.
Decision Infrastructure and Icertis
Icertis manages contracts and obligations; Decision Infrastructure governs whether an action taken under them is admissible at execution.
Decision Infrastructure and Encompass
Encompass runs the loan workflow; Decision Infrastructure governs whether each consequential loan action is admissible at execution.
Decision Infrastructure and Empower
Empower runs loan origination; Decision Infrastructure governs whether each consequential loan action is admissible at execution.
Decision Infrastructure and Harvey
Harvey generates legal reasoning and drafts; Decision Infrastructure governs whether the actions taken from that reasoning are admissible at execution.
Decision Infrastructure and iManage
iManage manages legal knowledge; Decision Infrastructure governs the consequential actions taken using that information at execution.
Decision Infrastructure and Intapp
Intapp coordinates legal intake, conflicts, and approvals; Decision Infrastructure governs whether execution remains admissible at the act.
Decision Infrastructure and Relativity
Relativity surfaces and reviews evidence; Decision Infrastructure governs the consequential actions taken because of it at execution.
Decision Infrastructure and Reveal
Reveal surfaces evidence with AI-assisted review; Decision Infrastructure governs the consequential execution based on it.
Decision Infrastructure and Aderant
Aderant runs the business of law; Decision Infrastructure governs whether the consequential actions those operations drive are admissible at execution.
Decision Infrastructure and NetDocuments
NetDocuments manages legal documents and knowledge; Decision Infrastructure governs the consequential actions taken using that information.
Decision Infrastructure and Contract Lifecycle Management
Contract lifecycle platforms manage the contract; Decision Infrastructure governs whether actions taken under it remain admissible at execution.
Decision Infrastructure and Litera
Litera drafts, compares, and perfects legal documents; Decision Infrastructure governs whether the actions taken from those documents are admissible at execution.
Related Reading
Long-form explorations of admissibility at execution
Platform & Vision