Tier 2 · Design2.215 min

The human gate — and its hard limit

A fiery orange-and-pink sunset over a harbour ringed by dark hillsAgents at Work — CC BY 4.0

When an agent touches something that matters — a decision about a person, a payment, a promise — the standard advice is “keep a human in the loop.” It’s good advice. It’s also the most misunderstood safeguard in the whole field, because the comfortable version of it barely works. This lesson is about building the gate so it actually holds.

The gate, done properly

A human gate is a point in the agent’s work where it must stop and a person decides before anything happens in the world. The agent prepares — reads, drafts, ranks, flags — and then it waits. A person looks, decides, and it’s the person’s decision that goes out.

That’s the shape. The trap is in one word: decides. There’s a world of difference between a person who makes the decision and a person who signs off on the machine’s decision. They look identical on an org chart. They are not the same safeguard, and the evidence on the gap is stark.

Why “a human signs off” is weaker than it sounds

Put a person in front of an AI’s recommendation and, over and over, they adopt it — including when it’s wrong.

This has a name — automation bias — and it doesn’t go away because you’re clever or well-intentioned. A fast, fluent, confident recommendation is designed to be agreed with. A tired person at the end of a stack of forty will agree with it. The “human in the loop” becomes a rubber stamp that launders the machine’s call into a human one — while adding almost none of the protection everyone assumes it adds.

What separates a real gate from a rubber stamp

The law, as it happens, turns on exactly this distinction. Under Europe’s GDPR (which reaches you if you ever process an EU-based person’s data), a solely automated decision about someone is prohibited in principle — and what pulls a decision back out of that prohibition is a genuine, non-token human involvement: someone with the authority and the information to reach a different answer, not someone who clicks approve. New Zealand’s Privacy Commissioner makes the same practical point from the other side: a token human-in-the-loop may not cure the automation blindness at all. (General education, not legal advice — the specifics are unsettled and worth real advice.)

So a gate that actually protects you has three properties, and it’s Anchor 3 — you answer for it — made concrete:

The honest conclusion

For a high-stakes call about a person, “we anonymise it and a human signs off” — the defence almost everyone reaches for — is close to the exact thing the evidence says fails. That’s not a reason to despair; it’s a reason to build the gate as a real decision, put testing behind it, and accept the lesson the Recruiter will drive home: sometimes the right gate is to not let the agent make the call at all.

Think of an agent decision you’d want a person to check. Be honest: would that person have the time, the information, and the standing to actually overturn it — or would they, at the end of a busy day, click approve? What would have to change for it to be a real gate?

Next

A real gate needs the agent to hand over evidence, not a verdict. That’s a design choice you make when you build it — criteria, not vibes.

Marking this lesson complete saves your progress on this device — no account, no tracking.

Shared freely, in good faith. If it's been of value, a koha toward development and running costs is warmly welcomed.

Leave a koha →

Useful? Share this lesson with a colleague.