Architecture · EU AI Act

The architecture of accountability: HITL, XAI, and the EU AI Act deadline

Siddharth Rao · 10 min read

A pattern shows up repeatedly in AI programmes right now. A model ships into production, performs well in evaluation, then legal notices the EU AI Act deadline approaching. "Add human oversight" appears in the backlog. Three weeks later, a reviewer screen gets bolted onto the end of the prediction pipeline — click approve or reject, log entry written, compliance box ticked. This is compliance theatre, and for any system processing decisions that affect livelihoods, credit access, medical care, or employment, it will not survive an audit by a competent national authority.

An appliedAI Institute study, cited via the Cloud Security Alliance in March 2026, found 40% of enterprise AI systems have unclear risk classifications — meaning organisations are either over-spending on unnecessary controls or deploying regulated systems without required safeguards. The EU AI Act's Annex III imposes high-risk obligations on systems operating across eight domains, including employment and essential services — the category that catches most enterprise deployments: revenue recognition models, supplier scoring agents, predictive maintenance systems, contract risk classifiers. Articles 9 through 15 lay out specific requirements — continuous risk management, training data governance, automatic event logging, human oversight capability. What's vague is how to implement these as working software. That's an architecture problem, not a legal one.

The regulation doesn't care about your review screen. It cares whether a qualified human could actually understand, challenge, and override the model's output before that output caused harm.

Six design principles hold across every system I've built against this requirement:

HITL as a state machine, not a review button. A UI checkpoint can be bypassed by anything that doesn't go through the UI. A node in the agent's execution graph cannot.

XAI before the checkpoint. SHAP sequencing matters — the explanation has to be written to an immutable store before the human reviewer sees the decision, not generated afterward to justify it.

Data governance as a prerequisite, not a parallel track. Article 10's data governance obligations have to be built before the logging infrastructure, and the logging infrastructure (Article 12) before the HITL interface — because the interface is only as good as the log schema underneath it, and that schema has to be correct from day one.

Augment, don't replace. The AI system augments human judgement in defined domains. The human is not a checkpoint after the AI has decided — the human is a decision-maker using the AI's output as one input. The autonomy boundary defines where the system acts and where it briefs: below the boundary, act; above it, brief and wait.

Reviewer accountability. Every approval ties to a named reviewer with a session-verified identity. Reviewer decision patterns get monitored — approval rates, time-on-task, override frequency. A reviewer who approves 100% of cases in under ten seconds is flagged for audit, not celebrated for speed.

Compliance and model improvement are the same infrastructure, if designed together. Every reviewer override is a labelled example of where the model was wrong or human judgement diverged from it. Captured systematically, that data feeds the retraining pipeline. Forrester's Total Economic Impact study of Vertex AI found organisations achieving 60% faster model explainability, with the primary benefit being model improvement at scale without proportional headcount growth — a direct consequence of structuring HITL as a feedback mechanism rather than an approval bottleneck.

On the business case: the architecture of accountability is sometimes framed as a cost centre. The framing is wrong. The question isn't what compliance costs — it's what the alternative costs. Under the EU AI Act's penalty structure, high-risk violations carry exposure up to €15M or 3% of global revenue; the reputational cost of a public enforcement action in a regulated industry is harder to quantify but structurally similar in magnitude. The architecture investment to build a compliant HITL and explainability stack is a fraction of either number.

Where to start: inventory. You cannot govern what you haven't mapped. Audit every AI system in production — its purpose, the data it processes, the populations it touches, whether it operates in any EU market — and run a preliminary Annex III classification for each. Document the assessment regardless of outcome; Article 6(4) requires providers who believe their system is not high-risk to document that judgement before placing it on the market. For systems that are likely high-risk, start with data governance, then logging, then the HITL interface last — built against a SHAP sequencing contract established before the interface was designed, not retrofitted into it afterward.

Sources: Regulation (EU) 2024/1689, Annex III and Article 14. · Forrester Consulting (2023). The Total Economic Impact of Google Cloud Vertex AI. · Cloud Security Alliance (2026). EU AI Act High-Risk Compliance Deadline. · Dataiku (2025). EU AI Act High-Risk Requirements.

← Back to all writing
— Siddharth Rao