What does Article 14 actually require?

Article 14 requires humans to understand AI capabilities and limitations, remain aware of automation bias, correctly interpret outputs, be able to override or reverse decisions, and be able to intervene or stop the system.

What should be recorded for each approval or override?

At minimum: decision ID, AI recommendation, context presented, reviewer ID, timestamp, action taken, rationale (if required), time spent on review, and policy version in effect.

How do we prevent rubber-stamping?

Define reviewer rubrics, require rationale for risky approvals, sample reviewer decisions, run calibration sessions, and track time spent on reviews.

What is a "two-person rule"?

A requirement that certain actions need two distinct human approvals, commonly used for high-impact or irreversible decisions like account closure or SAR filing.

How do we handle emergency overrides?

Allow immediate action by any trained operator, require "Emergency Override" documentation, auto-notify supervisors and compliance, and complete retrospective review within 24-48 hours.

What training competencies are required?

AI system fundamentals, domain knowledge, oversight procedures, automation bias awareness, override procedures, and compliance requirements. Recertification should be annual or more frequent.

Playbook

Human Oversight Procedure Playbook (Article 14 compliant)

Download an Article 14 compliant human oversight playbook covering roles, approval workflows, queue management, override procedures, training requirements, and evidence capture.

Define a reviewable human oversight SOP in 30-40 minutes.

For compliance, risk, product, and ML ops teams shipping agentic workflows into regulated environments.

Última actualización: 16 dic 2025 · Versión v1.0 · Muestra ficticia. No asesoramiento legal.

Download oversight playbook Solicitar paquete completo

Informar un problema: /contact

Contexto

Qué es este artefacto (y cuándo lo necesita)

Explicación mínima viable, escrita para auditorías, no para teoría.

EU AI Act Article 14 requires high-risk AI systems to be designed for effective oversight by natural persons. This playbook translates Article 14 requirements into operational procedures.

It covers 7 parts: Article 14 requirements, oversight roles, approval workflows, queue management, override procedures, training requirements, and evidence capture.

Lo necesita cuando

You are inserting approval gates into AI workflows (high-risk actions, sensitive data access, production changes).
You need to prove who approved/overrode a decision and what context they saw.
You are preparing a human oversight section for Annex IV or an internal control review.

Common failure mode

"Human in the loop" described in prose with no role authority matrix, no queue SLAs, no override documentation requirements, and no training competency verification.

Lista de verificación

Criterios de exito

Los revisores de los criterios de aceptación realmente verifican.

Roles and authority levels are explicit with competency requirements and recertification schedules.
Approval workflows define triggers, steps, and documentation for standard, escalation, and exception paths.
Queue management includes SLAs, prioritization rules, workload distribution, and bottleneck response.
Override procedures cover pre-execution, post-execution reversal, and emergency overrides with reason categories.
Training program defines curriculum, role-specific requirements, and ongoing competency verification.
Evidence capture specifies data points, capture methods, and integrity requirements for all oversight actions.

Avance

Vista previa de la plantilla

Un extracto real en HTML para que sea indexable y revisable.

Playbook preview (excerpt)

## Part 2: Oversight Roles and Responsibilities

### 2.1 Oversight Role Definitions
| Role | Authority Level | Training Required |
|------|-----------------|-------------------|
| AI Operator | Level 1: Standard decisions | Initial cert + annual refresh |
| Senior Operator | Level 2: Elevated decisions | Advanced cert + quarterly review |
| Oversight Supervisor | Level 3: Override authority | Supervisory cert + monthly calibration |

## Part 5: Override and Reversal Procedures

### 5.1 Override Types
| Override Type | Authority Required | Documentation Level |
|---------------|-------------------|---------------------|
| Pre-execution override | Standard approval authority | Standard |
| Post-execution reversal | Level 2+ | Enhanced with justification |
| Emergency override | Any trained operator | Emergency protocol + retrospective |

Descargue el artefacto completo

Cómo hacerlo

Cómo rellenarlo (rápido)

Entradas que necesita, tiempo para completar y un ejemplo resuelto en miniatura.

Entradas que necesita

Role definitions with authority levels and competency requirements.
Approval workflow triggers, steps, and documentation requirements.
Queue SLAs, prioritization rules, and bottleneck response procedures.
Override types, authority requirements, and reason categories.
Training curriculum with role-specific requirements and recertification.
Evidence data points, capture methods, and integrity requirements.

Tiempo para completar: 30-40 minutes for v1, then iterate with real review logs.

Mini example: override reason categories

EJEMPLO

Override Reason Categories:
| Category | Description | Review Priority |
|----------|-------------|-----------------|
| SAFETY | Safety concern for user or third party | Immediate review |
| ERROR | Obvious AI error or malfunction | High priority |
| CONTEXT | AI lacked relevant context | Standard review |
| POLICY | Policy consideration AI cannot assess | Standard review |
| JUDGMENT | Human judgment differs on edge case | Pattern analysis |

Mapeo KLA

Cómo lo genera KLA (Gobernar / Medir / Probar)

Vincula el artefacto con las funcionalidades del producto para facilitar la conversión.

Govern

Policy-as-code checkpoints that block or require review for high-risk actions.
Versioned change control for model/prompt/policy/workflow updates.

Measure

Risk-tiered sampling reviews (baseline + burst during incidents or after changes).
Near-miss tracking (blocked / nearly blocked steps) as a measurable control signal.

Prove

Hash-chained, append-only audit ledger with 7+ year retention language where required.
Evidence Room export bundles (manifest + checksums) so auditors can verify independently.

Recursos relacionados

Post-market monitoring plan template Audit log retention policy template Evidence pack checklist AI model card template