TNT Intelligence GmbH

Applied Systems / Trusted Autonomy

ITA

Infrastructure for Trusted Autonomy

ITA is TNT's runtime architecture for trusted autonomy. It asks how autonomous systems can remain productive without inheriting unlimited authority from the fact that they are technically capable.

Its answer is architectural: governed execution spaces, bounded capability visibility, a single enforcement boundary for real effects, and audit as part of the runtime contract rather than an afterthought.

The screenshots shown here document an example control panel already built on top of ITA. The main point is not the dashboard itself, but the runtime architecture beneath it.

Public architecture model

A runtime architecture for systems that must act with real effect while staying governable. ITA extends GTAF into execution spaces, capability exposure, enforcement, and audit.

Back to publications

What TNT built

ITA stands for Infrastructure for Trusted Autonomy.

It is TNT Intelligence's runtime architecture for systems that may act with real effect while still having to remain governable. GTAF defines the delegation model; ITA carries that logic into execution.

Execution is not the same as capability. Capability is not the same as permission.

That distinction matters because most agent systems still grant too much implicit authority to whatever can plan, call tools, or persist state. ITA is built around the opposite assumption: planners are useful, but authority must remain structurally external to planning.

Core runtime model

ITA separates capability visibility, planning, and execution authority. The decisive point is the single enforcement boundary that decides whether a real effect is permitted in the active space.

The architecture is built around governed execution spaces rather than permanent agent identities. Authority is therefore context-bound, time-bound, and policy-bound instead of being attached loosely to a model or tool set.

Why this is not agent orchestration

Typical orchestration focusITA focus
How the agent plansUnder which conditions execution is actually allowed
Which tools are connectedWhich capabilities are visible in the active governed space
How to recover after something happenedHow to constrain or deny the effect before it happens
Identity-based rolesContext-bound authority with explicit enforcement

That is why ITA has more in common with a control plane for trusted AI execution than with a classic orchestration framework.

Example governed execution space

A simplified execution space can be pictured like this:

JSON
{
  "scope": "repo.payments-service.release",
  "actor_context": "release.automation",

  "visible_capabilities": [
      "git.read",
      "git.write",
      "ci.trigger"
  ],

  "policy_context": "release.class-b",
  "audit_path": "execspace-2026-04-01-001"
}
A simplified execution space: capability visibility, policy context, and audit path belong to the space itself, not permanently to an agent identity.

The same logical agent might enter a different execution space later. It would then see a different capability surface, carry a different policy context, and therefore operate under a different authority envelope.

Why the strategic weight is larger than it looks

The AI Act creates pressure around risk, oversight, documentation, logging, and controllability. What it does not define is a concrete runtime architecture that prevents a system from acting outside mandate.

ITA matters because it points at exactly that missing layer. It treats runtime authority as architecture rather than compliance theater. For organizations that want AI systems to do more than assist passively, that is a materially different proposition.

How TNT can help

ITA is especially relevant for teams that want autonomy with real operational utility but cannot afford a collapse of control. Typical collaboration paths include:

  • designing governed execution spaces for internal or external AI systems

  • separating planning, capability exposure, and execution authority in agent-based products

  • shaping architectures for public-sector, enterprise, or regulated environments where auditability and intervention are non-negotiable

  • reviewing whether an existing stack currently behaves more like optimistic orchestration than trusted autonomy

Where this lands first

Trusted internal AI operators

Systems that should not only recommend but also prepare, trigger, or execute bounded work inside enterprise or institutional environments.

Autonomous products with real-world effect

Products that move toward action, tool use, or downstream operations and therefore need a control plane beneath the planner instead of trusting orchestration alone.

Continue in publications

Governance & Trust Architecture Framework

GTAF Reference

A governance framework for AI systems that may act, delegate, or produce consequential effects. GTAF turns scope, authority, responsibility, and validity into structured operational artifacts.

Read the framework

Deterministic runtime enforcement core

GTAF Runtime

The enforcement core that turns evaluated governance outputs into executable allow/deny decisions. The public implementation demonstrates the contract, but the runtime model is broader than one language.

See enforcement

Integration layer around the runtime core

GTAF SDK

The adoption layer that helps real systems load artifacts, shape execution context, and call the runtime cleanly. The public implementation is one concrete path, but the integration model is not language-specific.

Understand integration

Talk to TNT when AI should do real work

From GTAF through Runtime and SDK to ITA, TNT already brings public reference work, runtime building blocks, and applied architecture into these questions. The conversation does not have to start at theory.

When these questions move from interest to implementation, TNT is a serious conversation partner.

Discuss your context