What does Article 14 actually require?

Article 14 requires humans to understand AI capabilities and limitations, remain aware of automation bias, correctly interpret outputs, be able to override or reverse decisions, and be able to intervene or stop the system.

What should be recorded for each approval or override?

At minimum: decision ID, AI recommendation, context presented, reviewer ID, timestamp, action taken, rationale (if required), time spent on review, and policy version in effect.

How do we prevent rubber-stamping?

Define reviewer rubrics, require rationale for risky approvals, sample reviewer decisions, run calibration sessions, and track time spent on reviews.

What is a "two-person rule"?

A requirement that certain actions need two distinct human approvals, commonly used for high-impact or irreversible decisions like account closure or SAR filing.

How do we handle emergency overrides?

Allow immediate action by any trained operator, require "Emergency Override" documentation, auto-notify supervisors and compliance, and complete retrospective review within 24-48 hours.

What training competencies are required?

AI system fundamentals, domain knowledge, oversight procedures, automation bias awareness, override procedures, and compliance requirements. Recertification should be annual or more frequent.

Playbook

Human Oversight Procedure Playbook (Article 14 compliant)

Download an Article 14 compliant human oversight playbook covering roles, approval workflows, queue management, override procedures, training requirements, and evidence capture.

Define a reviewable human oversight SOP in 30-40 minutes.

For compliance, risk, product, and ML ops teams shipping agentic workflows into regulated environments.

Last updated: 16 déc. 2025 · Version v1.0 · Fictional sample. Not legal advice.

Download oversight playbook Request full package

Report an issue: /contact

Context

What this artifact is (and when you need it)

Minimum viable explanation, written for audits, not for theory.

EU AI Act Article 14 requires high-risk AI systems to be designed for effective oversight by natural persons. This playbook translates Article 14 requirements into operational procedures.

It covers 7 parts: Article 14 requirements, oversight roles, approval workflows, queue management, override procedures, training requirements, and evidence capture.

You need it when

You are inserting approval gates into AI workflows (high-risk actions, sensitive data access, production changes).
You need to prove who approved/overrode a decision and what context they saw.
You are preparing a human oversight section for Annex IV or an internal control review.

Common failure mode

"Human in the loop" described in prose with no role authority matrix, no queue SLAs, no override documentation requirements, and no training competency verification.

Checklist

What good looks like

Acceptance criteria reviewers actually check.

Roles and authority levels are explicit with competency requirements and recertification schedules.
Approval workflows define triggers, steps, and documentation for standard, escalation, and exception paths.
Queue management includes SLAs, prioritization rules, workload distribution, and bottleneck response.
Override procedures cover pre-execution, post-execution reversal, and emergency overrides with reason categories.
Training program defines curriculum, role-specific requirements, and ongoing competency verification.
Evidence capture specifies data points, capture methods, and integrity requirements for all oversight actions.

Preview

Template preview

A real excerpt in HTML so it's indexable and reviewable.

Playbook preview (excerpt)

## Part 2: Oversight Roles and Responsibilities

### 2.1 Oversight Role Definitions
| Role | Authority Level | Training Required |
|------|-----------------|-------------------|
| AI Operator | Level 1: Standard decisions | Initial cert + annual refresh |
| Senior Operator | Level 2: Elevated decisions | Advanced cert + quarterly review |
| Oversight Supervisor | Level 3: Override authority | Supervisory cert + monthly calibration |

## Part 5: Override and Reversal Procedures

### 5.1 Override Types
| Override Type | Authority Required | Documentation Level |
|---------------|-------------------|---------------------|
| Pre-execution override | Standard approval authority | Standard |
| Post-execution reversal | Level 2+ | Enhanced with justification |
| Emergency override | Any trained operator | Emergency protocol + retrospective |

Download the full artifact

How-To

How to fill it in (fast)

Inputs you need, time to complete, and a miniature worked example.

Inputs you need

Role definitions with authority levels and competency requirements.
Approval workflow triggers, steps, and documentation requirements.
Queue SLAs, prioritization rules, and bottleneck response procedures.
Override types, authority requirements, and reason categories.
Training curriculum with role-specific requirements and recertification.
Evidence data points, capture methods, and integrity requirements.

Time to complete: 30-40 minutes for v1, then iterate with real review logs.

Mini example: override reason categories

EXAMPLE

Override Reason Categories:
| Category | Description | Review Priority |
|----------|-------------|-----------------|
| SAFETY | Safety concern for user or third party | Immediate review |
| ERROR | Obvious AI error or malfunction | High priority |
| CONTEXT | AI lacked relevant context | Standard review |
| POLICY | Policy consideration AI cannot assess | Standard review |
| JUDGMENT | Human judgment differs on edge case | Pattern analysis |

KLA Mapping

How KLA generates it (Govern / Measure / Prove)

Tie the artifact to product primitives so it converts.

Govern

Policy-as-code checkpoints that block or require review for high-risk actions.
Versioned change control for model/prompt/policy/workflow updates.

Measure

Risk-tiered sampling reviews (baseline + burst during incidents or after changes).
Near-miss tracking (blocked / nearly blocked steps) as a measurable control signal.

Prove

Hash-chained, append-only audit ledger with 7+ year retention language where required.
Evidence Room export bundles (manifest + checksums) so auditors can verify independently.

Related resources

Post-market monitoring plan template Audit log retention policy template Evidence pack checklist AI model card template