"Human in the loop" appears in almost every enterprise AI governance document, usually followed by a description of a process — a workflow step, a review queue, an approval button. The documentation gets filed and the project proceeds, and in that sequence, without anyone intending it, the human oversight requirement has been converted from an architectural constraint into a procedural hope.
EU AI Act Article 14 does not require a documented process. It requires that a natural person be technically able to oversee, interpret, and override AI outputs. The word technically is load-bearing. A feedback button is bypassable. A review queue is skippable under deadline pressure. A UI approval step can be automated away by a downstream process someone built to "improve efficiency." None of these satisfies Article 14 for a high-risk system — employment decisions, credit scoring, financial services, critical infrastructure — because all of them can be removed from the execution path without a code change, a review, or a record.
Translated into architectural terms: the system must be incapable of taking a consequential action without a committed human oversight record. Not unlikely to bypass oversight. Not required by policy to seek it. Incapable of proceeding without it. The oversight is not a step in a workflow. It is a precondition on a function — and the explainability record (SHAP values, feature importance, whatever method makes the reasoning legible) must also be a precondition, not a postscript. Writing the explanation after approval has been granted is not compliance. It's paperwork.
The distinction between process compliance and structural compliance is the central architectural question in AI governance, and it doesn't show up in demos. It shows up in regulatory examinations and the quiet accumulation of non-compliant decisions nobody noticed until someone looked.
| Process compliance | Structural compliance |
| Review queue exists as policy | SHAP record written to immutable store before HITL checkpoint exists |
| Threshold raised under operational pressure | Write function requires a hitl_id parameter, issued only after a human commits a decision |
| Queue can be bypassed by a downstream batch job | HITL is a non-bypassable node in the agent's state machine, not a UI feature |
| Compliance exists in the process. The process can be skipped. | Compliance is in the code. The code cannot be skipped. |
A documented example: a compliance policy requires human review for all AI-assisted financial decisions above a threshold. A review queue exists and is monitored. For six months every decision is reviewed. Then a business unit reports the queue is causing a three-day delay in payment processing. The threshold gets raised, then raised again. Eighteen months after deployment, a regulatory examination finds 40% of decisions in an Annex III category have no human oversight record. No breach, no malicious intent — a process that eroded under operational pressure, and an architecture that made the erosion possible.
Structural compliance makes that failure mode impossible, not unlikely. The payment-processing function requires a hitl_id parameter. The parameter can only be supplied by the approval service. The approval service only issues an ID after a human reviewer has committed a decision. There is no threshold to raise and no queue to bypass — if the queue is causing delay, the delay is visible and has to be addressed by adding reviewers or renegotiating the autonomy boundary, not by removing the requirement.
The most precise way to understand what structural compliance requires is to ask where the HITL lives in the execution graph. In a process-compliance architecture, it lives in the UI — a button, a queue, a page a human navigates to. In a structural-compliance architecture, it lives in the agent's state machine, as a node on a conditional edge, where the condition determining whether the edge fires is a computed confidence score against a calibrated per-category threshold — not a UI event. A UI feature can be bypassed by anything that doesn't go through the UI: a downstream process, a batch job, an API call that skips the front end. A state machine node cannot be bypassed, because the graph topology has no edge that goes around it. The only path from decision to write is through the node, and the condition is not "the user clicked approve." It is "a human reviewer committed a decision record that satisfies the Article 14 oversight requirement." Those are different conditions, and only one of them survives a regulatory examination.
Further reading: Regulation (EU) 2024/1689, Articles 9 & 14. · Guo, C. et al. (2017). On Calibration of Modern Neural Networks. ICML. · Minderer, M. et al. (2021). Revisiting the Calibration of Modern Neural Networks. NeurIPS.