What does "human-in-the-loop" actually mean under the EU AI Act?
Short answer. Article 14 of the EU AI Act requires that high-risk AI systems be designed so a human can oversee them effectively. "Effectively" is the legally operative word, and it is more demanding than the casual phrase "human-in-the-loop" suggests. This is the regulator-grade reading and the pattern that satisfies it.
What Article 14 actually says
The clause requires that a designated human be able to (a) understand the AI system's capabilities and limitations, (b) detect anomalies and dysfunctions, (c) interpret outputs correctly, (d) decide not to use the system or override it, and (e) intervene or interrupt the system through a stop function or similar mechanism. The five sub-clauses together define what "effective oversight" looks like. A pop-up that says "AI is on" satisfies none of them.
The four common readings, ranked
"Human-on-the-loop." A human watches dashboards; the AI runs autonomously. Insufficient under Article 14. The human cannot intervene fast enough to satisfy clause (e). "Human-in-the-loop." A human approves each high-stakes action. Sufficient when the magnitude is high. Required for "critical-system identifications" under Article 14(5). "Human-over-the-loop." A human sets policy; the AI executes within scope; an audit trail names the human. Sufficient when scope and audit are cryptographically enforced. The pattern Manav supports. "Human-after-the-loop." A human reviews periodically. Insufficient under Article 14 alone. May satisfy other regulations (GDPR Article 22 in some readings) but not Article 14.
What "effectively" requires in practice
Three deliverables. Documentation that names the designated human and describes the boundary of the AI's authority. Tooling that surfaces anomalies in time for the human to act. An audit trail that records the human's interventions, the AI's outputs, and the relationship between them. Without all three, "effective oversight" is asserted, not demonstrated.
Where Manav fits
Manav supplies the cryptographic shape of "human-over-the-loop" — scoped delegations, signed actions, real-time revocation, signed audit trails. The pattern composes with traditional human-in-the-loop approval flows for the highest-stakes Article 14(5) cases, where two natural persons must explicitly sign before an action runs.
The two-natural-persons rule
Article 14(5) requires "critical-system identifications" — for example, biometric verifications used for law-enforcement decisions — to be confirmed by two verified humans. Manav's multi-signature delegation pattern is the implementation: both humans' devices sign the action; both signatures land in the audit log; the relying party rejects the action if either is missing.
Penalty exposure
Up to 7% of global annual revenue or €35M, whichever is higher. The penalties scale with company size; the substantive question is whether the audit trail is producible at the moment the regulator asks. The companies on track today have one in production; the companies behind treat it as a project — which the enforcement date will not allow.
Common objections
The two objections we hear most: (1) this is just OAuth re-skinned, and (2) we'll wait for the standard. On the first: OAuth scoped delegations between services; this layer scopes delegations from a verified human to an agent — different actor, different audit-trail shape. On the second: the standard is being shaped by the relying parties who integrate first. Waiting is a position.
Frequently asked questions
Is the answer the same for an enterprise and an individual? The shape is the same — a signed delegation, a verifier, an audit log — but the magnitude caps and approval flows differ. Enterprises layer multi-signature for high-stakes actions; individuals usually run with a single device-bound key. Both end up with the same regulator-grade chain.
What if the agent acts before I notice? That is what magnitude caps and time-to-live exist for. A correctly scoped delegation will refuse the action at the relying party before the human's attention is required. Revocation under 200 ms catches the residual cases.
How does this compose with what we already run? It sits next to existing IAM (Okta, Auth0, Entra), not over it. Login is still the IdP's job. Manav signs the human's delegation to the agent, which the relying party verifies in addition to the IdP session. Two layers, one audit trail, no rip-and-replace.
Where to start
Start with ai act article 14 playbook for the broader category map. Then read audit trail design for the implementation pattern. The two together compress a week of reading into thirty minutes; everything else on the site is depth on a specific layer.
What "meaningful" actually means in practice
Article 14 requires meaningful human oversight, and the courts have not yet decided what meaningful means. The early enforcement reads suggest a two-part test. First, the human must have the technical and contextual ability to override the system in the moment the override would matter — not in retrospect, not in a quarterly review, but in the operating loop. Second, the override must be observable in the audit log. Both halves matter. A human who can override but leaves no trace passes the first test and fails the second. A logging system that records overrides but the human cannot actually issue them passes the second and fails the first. Meaningful oversight, in the regulator's reading we have seen most often, is the conjunction. The protocol that ships first against both halves writes the case law for everyone after.
"Effective oversight" is not a slogan. It is five sub-clauses, all of which become testable when the audit trail is signed.