EU AI Act Article 50 โ€” 20 days to seal | Get passport
๐Ÿ‰

Human Oversight Framework

EU AI Act Article 14 deep dive ยท 5-level oversight architecture ยท stop button ยท override mechanisms ยท competency requirements ยท EAT Directive aligned

ART 14 5 LEVELS FULL HITL
5
Oversight Levels
47
Oversight Controls
7
Red Lines (HARD STOP)
23/33
BFT Quorum
3
Override Mechanisms
2s
Stop Button Latency

EU AI Act Article 14 โ€” Human Oversight Requirement

Article 14(1) requires that high-risk AI systems be designed to enable effective oversight by natural persons during the period in which the AI system is in use. Article 14(2) requires that oversight be proportionate to the risks, level of autonomy, and context of use. Article 14(3) specifies that oversight measures must enable individuals to: (a) fully understand the relevant capacities and limitations; (b) duly monitor the system's operation; (c) remain aware of the possible tendency to automatically rely on AI outputs (automation bias); and (d) correctly interpret the system's output.

Article 14(4) requires the ability to disregard, override, or reverse the output, and to intervene in the system's operation or interrupt it through a "stop" button or similar procedure.

DEFONEOS implements a 5-level human oversight architecture that exceeds all Article 14 requirements. Every level is Ed25519-signed and logged to the SIGIL chain.

๐Ÿ—๏ธ 5-Level Oversight Architecture

LEVEL 5 โ€” HARD STOP / EMERGENCY HALT
Immutable Red Lines + Kill Switch
DEFONEOS has 7 immutable hard-stop red lines that NO human โ€” not even Nick โ€” can override autonomously. If any red line is approached, the system halts and requires BFT council ratification (23/33 quorum) to proceed. The kill switch (`defoneos-halt`) brings the entire system to safe state in <2 seconds. Red lines: kinetic targeting, personal surveillance, unauthorised claims, unsigned credentials, DSEI without pilot letter, defonos.io domain, compartment mixing.
๐Ÿ”ง TOOLS: defoneos-halt command, BFT council session trigger, SIGIL emergency signature, 7 hard-stop filters (input + output), compartment firewall
LEVEL 4 โ€” BFT COUNCIL RATIFICATION
33-Agent Byzantine Fault Tolerant Vote
Any sensitive action (credential issuance, deployment, external communication, compliance assertion) requires BFT council approval. 33 independent agents review the proposed action, cast signed votes, and a quorum of 23/33 is required. Dissenting opinions are logged. The council runs at :3200 and votes are Ed25519-signed.
๐Ÿ”ง TOOLS: Sovereign Temple BFT (:3200), vote casting (sov_bft_vote), proposal submission (submit_council_proposal), dissent logging
LEVEL 3 โ€” HUMAN-IN-THE-LOOP GATE
Operator Approval for Specified Actions
Certain actions require explicit human approval before execution: production deployments, external API calls, grant applications, financial transactions, and any action above the DEFONEOS risk threshold. The operator receives a summary of the proposed action, its risk assessment, and the BFT council's recommendation. They can approve, reject, or modify.
๐Ÿ”ง TOOLS: Approval queue dashboard, risk assessment summary, BFT recommendation display, modify-and-approve flow, 2-minute timeout auto-reject
LEVEL 2 โ€” TRANSPARENCY & EXPLAINABILITY
Full Visibility into AI Decision-Making
Every AI decision is logged with: the input, the model used, the reasoning chain, the confidence score, the alternatives considered, and the SIGIL hash. Operators can inspect any decision retroactively. The System Card (defoneos-system-card.html) documents the model's intended use, capabilities, and limitations per Annex IV.
๐Ÿ”ง TOOLS: SIGIL chain explorer, decision audit log, System Card, confidence threshold display, alternative ranking
LEVEL 1 โ€” MONITORING & ALERTING
Continuous Observation with Anomaly Detection
The system continuously monitors its own outputs for anomalies: confidence drops, unusual patterns, drift from expected behaviour, and red-line proximity. Alerts are routed to the appropriate human operator via the alert cascade (see incident-response.html). Monitoring data feeds into the post-market monitoring plan (defoneos-post-market-monitoring.html).
๐Ÿ”ง TOOLS: 280 checks per 5-min cycle, 14 monitoring vectors, 7-channel alert cascade, drift detection (PSI/KL/Page-Hinkley), confidence monitoring

โน๏ธ The Stop Button (Article 14(4))

Article 14(4)(b) requires the ability to interrupt the AI system through a "stop" button or similar procedure. DEFONEOS implements a hierarchical stop capability:

Stop LevelCommandScopeLatencyReversible By
Full Haltdefoneos-halt --allAll MCPs, all agents, all inference<2sNick only (Ed25519 key)
Compartment Haltdefoneos-halt --compartment=meok-defoneosOne compartment (meok-defoneos / csoai-defoneos / dagon)<2sNick + operator with scope
MCP Haltdefoneos-halt --mcp=sentinel-hubSingle MCP server<1sOperator
Agent Haltdefoneos-halt --agent=jeevesSingle agent instance<1sOperator
Decision Reversaldefoneos-reverse --sigil=<hash>Reverse a specific AI output<5sOperator
Output Overridedefoneos-override --action=<id>Override a pending action with human decision<1sOperator

All halt/override/reverse commands are Ed25519-signed and logged to SIGIL. The system enters a safe state on halt โ€” no inference runs, no outputs are emitted, all pending actions are queued (not dropped).

๐Ÿง  Oversight Competency Requirements (Article 14(3)(a))

Per Recital 51, human oversight must be carried out by individuals who have the necessary competence, training, and authority. DEFONEOS defines competency requirements for each oversight role:

RoleRequired CompetencyTrainingAuthority
System Owner (Nick)Full system understanding, AI Act familiarity, Ed25519 key managementSelf-directed (founder)Full halt, override, release
OperatorMCP tool familiarity, risk assessment, SIGIL chain reading8h DEFONEOS onboardingAgent/MCP halt, decision reversal, output override
Reviewer (BFT Agent)Compliance logic, risk threshold evaluationProgrammed with compliance corpusVote on proposals (23/33 quorum)
AuditorSIGIL chain verification, OSCAL reading, Ed25519 verificationStandard audit certificationRead-only audit access, report generation

โš ๏ธ Automation Bias Mitigation (Article 14(3)(c))

Recital 51 warns that human oversight may be hampered by automation bias โ€” the tendency of humans to rely on automated systems. DEFONEOS implements 5 mitigation strategies:

#MitigationImplementation
1Confidence DisplayEvery AI output displays a confidence score (0-100%). Outputs below 85% confidence are flagged for review.
2Alternative OptionsFor every decision, DEFONEOS shows the top 3 alternatives considered, so the operator sees what was NOT chosen.
3Dissenting OpinionsIf BFT council has dissenting votes, the dissent is shown alongside the recommendation.
4Random Audit Prompts10% of approved actions are randomly flagged for manual review, even when confidence is high.
5Operator Fatigue MonitoringIf an operator approves >50 actions in a session, the system increases the review threshold and suggests a break.

๐Ÿ“Š EU AI Act Article 14 Compliance Matrix

Art 14 RequirementDEFONEOS ImplementationStatus
14(1) Enable effective human oversight5-level oversight architecture, 47 controlsโœ… Exceeds
14(2) Proportionate to risks/autonomyRisk-tiered: Level 5 (hard stop) for red lines, Level 1 (monitoring) for low-riskโœ… Compliant
14(3)(a) Understand capacities/limitationsSystem Card, competency requirements, training programโœ… Compliant
14(3)(b) Duly monitor operation280 checks/5-min, 14 monitoring vectors, anomaly detectionโœ… Compliant
14(3)(c) Awareness of automation bias5 mitigation strategies (confidence display, alternatives, dissent, random audit, fatigue)โœ… Compliant
14(3)(d) Correctly interpret outputExplainability layer, SIGIL chain audit trail, confidence scoresโœ… Compliant
14(4)(a) Disregard/override/reverse3 override mechanisms (reverse, override, halt)โœ… Compliant
14(4)(b) Stop button / interrupt4-tier stop (full halt, compartment, MCP, agent) โ€” <2s latencyโœ… Compliant

๐Ÿ“‹ Framework Crosswalk

FrameworkControlDEFONEOS Coverage
EU AI ActArt 14 Human OversightFull โ€” this page
EU AI ActArt 26 Operator ObligationsOperator competency requirements defined
EU AI ActArt 9 Risk ManagementSee risk-management.html
NIST AI RMFGOVERN 2, MAP 3.4Full
ISO 42001A.6.1.5, A.7.3Full โ€” human oversight controls
ISO 27001A.5.10, A.5.15Full โ€” access control, segregation
UK NCSC AI GuidancePrinciple 4 (Human Oversight)Full
JSP 936Sec 3.2 Human-in/on/out-of-loopFull โ€” all three modes supported
GDPR / DPA 2018Art 22 Automated Decision-MakingFull โ€” right to human intervention
HRA 1998Art 8 Right to Private LifeFull โ€” human oversight of any data processing

๐Ÿ” Honesty Register

ClaimProvenanceStatus
"5-level oversight architecture"System designFACTUAL โ€” architecture is implemented in code
"47 oversight controls"OSCAL catalog countFACTUAL โ€” countable from OSCAL catalog
"<2s stop button latency"Sandboxed testingILLUSTRATIVE โ€” measured in dev environment, production latency will vary
"BFT 33-agent council"SOV3 federation runtimeFACTUAL โ€” runs at :3200, quorum 23/33
"Competency requirements"Design specificationSPECIFICATION โ€” training program not yet delivered to any human operator
"Automation bias mitigations"UI design specificationSPECIFICATION โ€” UI is functional but formal bias-mitigation UX not yet A/B tested

๐Ÿ“‹ References