Human in the loop is the most over-promised mitigation in AI governance. We have read the phrase in every AI policy document we have been handed in the last two years, and we have watched it fail to mean anything in roughly four out of five implementations. The phrase by itself is not a control. It is a placeholder for one.

What turns human in the loop into a real control is an SLA on the human. Without the SLA, the human is a rubber stamp. With it, the human is an actual gate, and the gate is something the regulator can inspect.

What human in the loop looks like when it’s theatre

The pattern we walk into most often is this. The AI system produces a recommendation. A human is required to approve the recommendation before it executes. The interface has an approve button and a reject button, and a small text area for comments. The human approves 99% of the time, often within two seconds, and the system runs.

Nobody at the firm believes the human is actually reviewing anything, but nobody can quite say so out loud. The control exists on paper. The audit committee was told there is a human in the loop. The regulator was told the same. In practice, the human is a click-through, and the click-through rate would be the same if the recommendation were random.

This is theatre, and it fails the first time a regulator asks the obvious question, which is what the human is actually checking. The answer of “they approve recommendations” is not an answer. The answer of “they look at the inputs and the outputs and verify X, Y, and Z” is an answer, but it requires that X, Y, and Z be defined somewhere the reviewer can see and the regulator can read.

What human in the loop looks like with an SLA

An SLA on a human in the loop has four components. Drop any one and the control degrades to theatre within a quarter.

  • Response time. The maximum time the human has to review before the system either escalates or auto-defaults. Five seconds is theatre. Five minutes is a control. The number itself matters less than its existence and the consequence of missing it.
  • Review checklist. The specific items the human is required to verify before approving. Not “use your judgement”. Not “review the recommendation”. A list. Three to seven items, written down, versioned.
  • Training and authority. The human is qualified to apply the checklist and authorised to reject. We have seen reviewers who could approve but not reject. That is not a control. That is a notification.
  • Sampling and audit. A subset of approvals is re-reviewed by a second human or an automated system, and the agreement rate is tracked over time. When the agreement rate drops below a threshold, the control is broken and the team is notified.

If your human in the loop has all four, you have a control the regulator can examine. If it has three, you have a control that will fail an audit. If it has two or fewer, you have a button.

Diagram contrasting a theatre human-in-the-loop pattern with an SLA-backed control that includes response time, review checklist, authority to reject, and sampling audit

The implementation is the boring part

Every component of the SLA-backed human in the loop is straightforward to build. The response timer is a timeout on the queue the recommendation sits in. The checklist is a form. The training and authority piece is a permissions check. The sampling audit is a second queue with a re-review form and a metric.

What is hard is operating it. The response time SLA only works if missing it has a consequence the operating team feels. The checklist only works if it is updated when the model changes, and if reviewers are trained on the new checklist. The sampling audit only works if the agreement rate is actually computed and surfaced somewhere people read.

In every engagement where we have helped a firm tighten this up, the win has come from the same place. We sit with the operating team for a week, watch them actually use the review interface, and rewrite the checklist around what they were already doing on paper. The checklist that emerges from that exercise is almost never the one the AI risk team would have written from a desk. It is what the work actually requires, and it is the one the reviewers will follow.

The version of this we recommend everyone start with is the smallest possible. Pick one decision that currently has a click-through human in the loop. Add a five-minute SLA, a three-item checklist, and a 5% sampling audit. Run it for a month. Look at the data. Adjust the checklist. The rest follows.

The first time a regulator asks how your human in the loop actually works, the answer should be a screenshot of the checklist, a screenshot of the SLA dashboard, and the agreement rate for the last quarter. If the answer is the AI policy PDF, the control was never built.

Related: Your governance framework does not know which model version is live. The audit chain and the HITL SLA are the two controls regulators check first.