In early 2021, the Dutch government resigned en masse1. Years of silent administrative harm had finally become visible. Thousands of parents, many of them immigrants or dual nationals, had been falsely accused of benefits fraud, cut off from childcare subsidies, and pushed towards financial ruin.

The mechanism that had triggered these accusations wasn’t a rogue policy or a vindictive official. It was a machine-learning fraud detection system, deployed inside the Dutch tax authority, that flagged “suspicious” claims. The system was meant to assist caseworkers, not replace them. On paper, it did just that: an algorithm would generate a risk score, and a human reviewer would decide whether to act.

But oversight, it turned out, existed more in theory than in practice.

Caseworkers rarely questioned the system’s output. They were overworked, under-resourced, and in many cases simply not informed about how the model worked or why a particular case had been flagged. There were no meaningful alerts, no mandate to investigate beyond what the score suggested, and no room to challenge the decision without internal friction. The system was technically “human-in-the-loop,” but substantively, the loop had collapsed.

In its damning report, Amnesty International condemned the oversight structure as “formal but ineffective”2. I think this is a polite way of saying that it was ostensibly a safeguard, yet entirely hollow. Families were financially ruined and trust in the state shattered, all while the government clung to the façade of oversight. Much like Australia’s Robodebt scandal3, where automated debt notices were issued without adequate oversight, despite early legal warnings and widespread human suffering, systems can claim human oversight while architects look the other way. That phrase, formal but not effective, has since become shorthand for a deeper warning: human oversight must be more than a procedural checkbox. Or it becomes no oversight at all.

When human oversight becomes a meaningless checkbox

Failures like the Dutch benefits scandal are often framed as cautionary tales about algorithmic bias or state surveillance. But the underlying pattern, where a system becomes too complex, too opaque, or too fast for humans to genuinely oversee repeats across many sectors.

Zillow’s iBuying venture offers a private-sector example4. I previously wrote about how Zillow was a classic example of undetected model drift, but there’s more to the story that is much less widely reported. You see the company initially designed its home-purchasing algorithm, Zillow Offers, as a hybrid system: the machine would generate a suggested price, but human analysts and local real estate professionals would review, adjust, and approve each offer. For a while, that worked as an effective safeguard. But as Zillow pushed to scale, the human layer thinned. The hybrid AI and human analyst approach wasn’t achieving the growth targets that the CEO had set, so at some point he directed the removal of that human oversight check. What had been a system of collaboration became a system of unchecked automation.5

Then the market shifted. The algorithm kept buying homes at inflated prices, failing to anticipate the downturn, and no one stepped in. No meaningful human oversight remained. By the time Zillow shuttered the program, it had lost more than $400 million, laid off a quarter of its workforce, and exited an entire line of business. The company didn’t lack human oversight at the outset. It lost it gradually, through pressure to grow, pressure to trust the system, and pressure to remove friction.

I’ve seen this pattern in other AI deployments too, where early caution gives way to scale-driven erosion of safeguards. What starts with thoughtful review processes slowly shifts, often without anyone explicitly deciding to remove them. Until, suddenly, they’re gone.

Absence of timely human intervention also led to tragedy in the case of Uber’s 2018 self-driving vehicle crash in Tempe, Arizona6. The car detected a pedestrian crossing the road six seconds before impact, but its emergency braking system had been disabled by design to avoid erratic stops during testing. The backup safety driver was expected to intervene if something went wrong, but crucially, they received no alert. They were looking away until half a second before the crash. At that point, intervention was impossible.

There was technically a person “in the loop.” But there was no warning, no clear handoff, no expectation that the system might fail. And when the loop did need to be closed, it was too late. The pedestrian, Elaine Herzberg, was killed. The National Transportation Safety Board later described the failure as a systemic breakdown in shared responsibility and oversight.

Even in domains that pride themselves on human judgment, like healthcare, oversight can degrade when systems are poorly designed. A recent study involving 450 clinicians found that when they were given assistance from intentionally biased AI tools during diagnosis, their performance dropped. Accuracy fell from 73% to 61.7%, not because they didn’t know the right answer, but because they deferred to the system7. Oversight existed, on paper. But it had been subtly hollowed out by the interaction design: confidence ratings, suggestion formatting, and institutional culture all nudged the human doctor to agree.

Across sectors, the pattern is the same: oversight fails not only when humans are absent, but when the broader system (both the technology and the governance wrapped around it) quietly stops needing or enabling them. When decision-making structures, management incentives, and institutional habits align to sideline human judgment, the result is the same as full automation: oversight in name only. Compliance theatre.

Is a human really in the loop?

In AI governance conversations, I often hear or read assurances that “a human is in the loop.” I’ve said it myself. It sounds responsible, even reassuring. It’s a signal that the system was designed with human accountability and judgment built in. And in many cases, that’s true at the outset: the intention is for humans to understand the system, to question it, and to have real authority over its decisions. It suggests that no matter how complex the algorithm, a person is ultimately in charge.

But intent has a half-life. Over time, under pressure to scale, to cut costs, or to speed up decisions, that human role can thin out. The oversight that once acted as a genuine safeguard slowly shifts into something symbolic. A person’s name is still on the process, but their ability to meaningfully intervene fades. “Human in the loop” becomes less a guarantee of governance and more a comfort phrase — a placatory assurance that soothes concern while masking the fact that the loop, in substance, has already been broken.

It is comforting and reassuring that a human is present. But meaningful oversight requires more than presence. It requires understanding, timing, and power.

As Santoni de Sio and Van den Hoven argued in their 2018 paper on meaningful human control, oversight only works when humans have both epistemic access— the ability to understand what the system is doing — and causal power — the ability to change or stop it in time.8

Strip away either, and you don’t have human-in-the-loop, or human-on-the-loop. You have no loop at all. Oversight, once weakened, rarely breaks loudly. It erodes, decays and becomes ultimately meaningless.

Not all oversight is equal

We tend to imagine oversight as a binary: either the human is involved, or they’re not. But in practice, there are levels, and they matter.

• Human-in-the-loop (HITL) systems require human approval before the AI’s decision is executed. This is appropriate for high-risk decisions: medical diagnoses, welfare eligibility, hiring, or sentencing.

• Human-on-the-loop (HOTL) systems allow the AI to act autonomously but keep a human in a supervisory role. This makes sense for continuous systems, like factory automation or energy distribution, where speed is critical, but oversight is still necessary.

• Human-out-of-the-loop (HOOTL) systems that give full autonomy to the machine. These may be acceptable in low-stakes applications, or high-speed environments like cybersecurity, provided there are robust monitoring, alerting and fallback mechanisms. But for most sensitive contexts, they should raise a red flag.

In the Dutch scandal, the system was described as HITL. In practice, it drifted into HOTL, and eventually HOOTL. Meaningful human oversight had eroded to near zero. Zillow made the same slide. Uber skipped the loop altogether, by placing a human driver in the car but disabling alerting. The clinicians in the diagnostic study subtly developed cognitive biases to align with the AI recommendations, reducing their effectiveness as overseers.

The two questions every human oversight mechanism must answer

Effective human oversight depends on two simple but demanding capabilities.

Can the human see what’s going on?
This is observability. It includes explanations that make sense in context, indicators of confidence or uncertainty, and visibility into inputs and reasoning.

That means more than a dashboard demo. It’s case-level, decision-grounded visibility: explanations that make sense for this decision, signals about uncertainty and data quality, a clear provenance trail showing which data and model version were used, and simple “what-if” tools so a reviewer can test whether a small change would flip the outcome. The view has to fit the role. What a clinician needs isn’t what a caseworker needs. And the whole thing should read like a timeline you could hand to an auditor.

Can the human act in time to change the outcome?
This is intervention. It requires authority, fast access to controls, and procedures that support override or escalation when needed.

Seeing without doing is theatre. Intervention requires pre-delegated authority to pause or override, controls that are fast and obvious (hold, reverse, adjust thresholds, route to an expert), clear escalation paths with owners and response times, staffing that matches the risk and volume, and a log that records interventions and feeds learning back into the system.

The EU AI Act, especially Article 14, codifies both of these. So does the NIST AI Risk Management Framework. But regulation can only mandate what’s legally required. Both the Dutch Child Welfare Case and the Australian Robodebt case demonstrated extensive human oversight that on paper exhibited capabilities for both observability and intervention, meeting their compliance requirements year after year. Whether it’s operationally real and meaningful human oversight is up to how teams build and govern these systems day to day.

In my work, I’ve found these two pillars, seeing and acting, are where oversight tends to crack. You’ll often find a folder full of policies and a dashboard full of metrics, but no clarity about what to do with them. Or escalation procedures that look good on paper but no one feels empowered to use.

Where does it really break? Not usually with a villain or a catastrophic model bug, but with the slow grind of increased workload, UI friction, decline in training and fuzzy authority. Review queues grow; alerts fire constantly and most are noise; no one is sure who has final say, or who will wear the blame. Incentives prize speed over caution, and culturally the model is “usually right,” so dissent feels costly.

Sustaining meaningful oversight is a design problem. Give reviewers stop-the-line authority with clear triggers. Keep a small but steady slice of cases in mandatory human review so muscles don’t atrophy. Run red-team exercises and “chaos drills” to test the path from alert to action. Treat threshold changes like real changes, with an owner, a record, and a rollback plan. Hold short, routine calibration sessions where humans and models are compared, overrides are discussed, and lessons stick. And separate duties so the people who build models aren’t the ones approving exceptions.

And measure whether judgement matters. Track how long it takes to intervene when it counts; whether overrides actually improve outcomes; whether alerts are precise enough to be trusted; how many escalations die in a queue; whether reviewer load and decision latency fit the harm window; whether explanations are even opened; and how quickly drift detections lead to real changes.

The bottom line: meaningful oversight isn’t “a human nearby.” It’s a design problem to create the sustained conditions for effective, efficient, meaningful human judgement: observability, intervention and time.

Ten questions to pressure-test your human oversight

If you’re building or deploying an AI system and want to know whether your oversight is meaningful (or just cosmetic), start with these. I use a version of this in my own head or with teams I work with, not because it ticks compliance boxes, but because it surfaces the uncomfortable truths early.

1. Who is responsible for reviewing the AI system’s decisions, and do they have the time and authority to act?

2. Can they clearly see how each decision was made, including what data was used and why?

3. Are they trained not just in the system’s function, but in its likely points of failure?

4. Do they have access to override or halt decisions before harm occurs?

5. When they act, or don’t act, is that intervention logged and reviewable?

6. Are alerts designed to prioritise risk, or do they generate noise?

7. Is there a clear escalation path when oversight fails or questions arise?

8. Is anyone responsible for auditing whether the oversight process itself is working?

9. Can the organisation trace the chain of responsibility in the event of harm?

10. If the system failed today, would the human in the loop have made any difference?

If the answer to most of these is “no,” the oversight may be procedural, but it’s not protective.

Designing for slow thinking at machine speed

As an engineer, the hardest challenge of meaningful human oversight is time. Humans need time to weigh context, to notice what’s missing from the record, to check their own bias, and to make a defensible call. At scale, that human tempo collides with the speed and volume of modern AI. Ignore the collision and you simply get compliance theatre: names on forms while decisions outrun any meaningful review. Treat it as an engineering constraint and you can set out to design systems that remain fast where it’s safe and deliberately interruptible where it isn’t.

I think the place to start is to explicitly specify the harm window. Every domain has a practical interval in which a bad decision does real damage. If harm unfolds in seconds, then “we’ll review later” is fantasy; authority to pause or override has to exist up front, and the system needs to tolerate being stopped without breaking. If harm accumulates over hours or days, the design should budget real human time, not just assume it. Either way, the cadence of review has to be set by the harm window, not by average system latency, or profitability targets.

From there, the workflow needs two speeds. Low-risk, high-confidence decisions should move quickly, even automatically. Ambiguous or highly consequential decisions should slow down, collect missing context, and surface uncertainty so a reviewer can actually think. That requires routing that responds to confidence and data quality, not just to throughput targets. It also means keeping a small, constant stream of cases in human-first review so judgment doesn’t atrophy and drift isn’t missed until it’s expensive.

Making humans faster is different from making them disappear. Reviewers need decision-grounded summaries and system-generated evaluations that foreground the few facts that change the outcome and, just as importantly, flag the evidence that’s missing but normally matters. Explanations should ideally be comparative (why this result and not the plausible alternative) and even let a reviewer test simple counterfactuals without fishing through a dozen screens. Short, domain-specific checklists can help standardise judgment and counter bias far better than long prose guidance that no one reads under pressure.

Reversibility matters as much as speed. If pausing is risky, people will rationalise not pausing. Pipelines should be designed to pause and be safe to rerun; actions should be idempotent (a software engineering term for an operation that can be applied multiple times without changing the outcome); audit trails should read like a timeline you could replay: inputs, model version, human touches, outcome. Oversight also depends on authority being pre-delegated. If a reviewer has to “find a manager” inside the harm window, you don’t have effective, efficient control.

I don’t think this tradeoff between error and delay should be hand-waved; it should be priced. For each decision type, we should consciously think about the cost of being wrong and the cost of being slow, and set thresholds accordingly. That logic can then be tied to service-level objectives for oversight itself, such as how quickly a flagged case is reviewed, how often overrides are exercised, how long it takes to convert a drift alert into a change. Those rhythms should be reinforced by practice: short calibration huddles where model and human calls are compared, red-team drills that inject bad inputs and time the path from alert to action, and clear separation of duties so the people who build the system aren’t the ones approving its exceptions.

Learning from Judgment, Not Just Labels

Human oversight shouldn’t be a static control; it should be a learning, adaptive system. Every human review, override, and hesitation is a training signal. If we instrument decisions properly, the AI can learn from those signals to get better at two things that matter most: spotting which cases are genuinely consequential, and offering help that actually improves human judgment rather than replacing it. Over time, the system should become sharper at recognising ambiguity, missing evidence, and high-regret scenarios. And it should slow itself down in those moments, asking for richer context or routing to a more experienced reviewer. Assistance should mature from “here’s the answer” to “here’s what’s missing, here’s what would change the outcome, here’s the second-best explanation you should rule out.”

The learning should run in both directions. The same observational layer that helps the model improve can also help humans see themselves more clearly. Patterns in reviewer behaviour like rubber-stamping after long runs of similar cases, leniency with familiar entities, harsher calls at certain times of day or under heavy load. They’re not moral failings or incompetence; they’re predictable biases in human cognition. Used well, AI can surface these biases gently and constructively: a nudge to take a second look, a prompt to request one more piece of evidence, a suggestion to hand an edge case to a fresh set of eyes, or simply a pause when the data show that decisions degrade late in the shift. The point is not to police reviewers, but to protect the quality of judgment when it’s most at risk.

That means treating disagreement as gold, not noise; preserving the context around human decisions so it can be learned from, and using that feedback to continuously refine triage, explanations, and escalation paths. Done right, the oversight loop gets stronger with use. The AI becomes better at identifying what really matters and when to slow down, and humans get decision support that sharpens their judgment instead of dulling it.

None of this is about slowing everything down. It’s about slowing the right things down on purpose, so human judgment arrives within the harm window with enough signal, and enough authority, to change the outcome. That is the real work of balancing scale with scrutiny: keep the machine fast where it’s safe, and make it genuinely stoppable where it isn’t.

Oversight that works takes work

Human oversight is often the last line of defense in AI governance. But it only works when it’s designed for reality, not for compliance checklists or public reassurance. That means slowing down when it matters. It means giving humans the tools and authority to say no. And it means recognising that the mere presence of a person doesn’t guarantee protection, only deliberate design can do that.

I and my team now spend the majority of our time on the challenges of meaningful human oversight and I look forward to sharing more of our work in the near future. From what we’ve seen, meaningful human oversight takes much more than interface design, workflow tasks, training manuals and checklists.

It takes leadership, the willingness to treat meaningful human oversight as an essential design constraint. I believe the conscious, proactive design of meaningful, scalable human oversight is the single most important thing we can do to make AI systems safe.

3

Avoiding Fracture between AI and Corporate Governance: A cautionary tale

James Kavanagh

·

Feb 18

Read full story

4

AI Lifecycle Governance

James Kavanagh

·

Apr 22

Read full story