Human oversight is not achieved by placing a person somewhere near the workflow. It requires a clear relationship between technical permission, accountable authority and the consequence of the proposed action.
A tool-using system may be technically able to send an email, change a record or trigger a payment. That does not mean it has authority to do so in every context.
Effective oversight defines
- which actions may run automatically;
- which actions require notification;
- which actions require review after execution;
- which actions require approval before execution;
- which actions require dual or specialist approval;
- which actions are prohibited;
- who can override a decision;
- how the reason is recorded;
- how execution is independently confirmed.
Review thresholds should reflect impact, reversibility, monetary value, affected people, autonomy, confidence and context. A single system may therefore require different oversight for different actions.
The agent’s own statement that an action succeeded is not sufficient evidence. Consequential actions should produce an external execution receipt or observed-state check where possible.
DDAI view: govern the action instance, not merely the model or agent label.