Article 14: Human Oversight
Article 14 of the EU AI Act requires that high-risk AI systems be designed and developed in such a way that natural persons assigned to oversight can effectively monitor the system during use, understand its outputs, and intervene when necessary. It is a design requirement — the oversight capability must be built into the system, not merely described in a policy document.
What Article 14 Actually Requires
Article 14(1) states that high-risk AI systems must be designed and developed, including with appropriate human-machine interface tools, so that natural persons to whom oversight is assigned can effectively oversee the system during its use.
Article 14(2) specifies that this oversight must be aimed at preventing or minimising the risks to health, safety, or fundamental rights that can emerge when a high-risk AI system is used in accordance with its intended purpose or in a reasonably foreseeable misuse situation.
The critical distinction Article 14 draws is between oversight that can be exercised in theory and oversight that can be exercised in practice. A system that technically allows users to override its outputs but presents those outputs in a way that makes meaningful review impractical does not satisfy the requirement. The design must support effective oversight.
The Five Oversight Capabilities Required
Article 14(4) specifies five capabilities that oversight persons must have as a result of the system's design. These are not procedural requirements for the deployer — they are design requirements for the provider.
Art. 14(4)(a)
Understand the system's capabilities and limitations
The system must be designed so oversight persons can fully understand what it can and cannot do — including its intended purpose, likely performance boundaries, and known failure modes. This requires interpretability features and clear documentation available to the operator.
Art. 14(4)(b)
Detect and address anomalies, dysfunctions, and unexpected performance
Oversight persons must be able to identify when the system is behaving unexpectedly. This typically requires monitoring dashboards, confidence scores, anomaly alerts, or other mechanisms that surface unusual outputs for human review.
Art. 14(4)(c)
Interpret system outputs
Oversight persons must be able to interpret the system's outputs correctly given the context of use. Where outputs are not self-explanatory — probability scores, ranked lists, classification labels — the system must provide sufficient context for a competent operator to evaluate them.
Art. 14(4)(d)
Decide not to use or override outputs in specific situations
The system must be designed so that oversight persons can disregard, override, or reverse AI-generated outputs. This is a design requirement — the system must support override, not merely permit it if someone determines how.
Art. 14(4)(e)
Intervene or interrupt system operation
Oversight persons must have a physical or digital 'stop button' capability — the ability to interrupt the system or revert to manual operation when necessary. This must be an accessible, clearly documented feature, not a theoretical emergency procedure.
Design vs. Procedure — The Critical Distinction
Article 14 is frequently misunderstood as a procedural requirement — something satisfied by writing an oversight policy or a standard operating procedure. It is not. It is a system design requirement.
This means that the following do not satisfy Article 14 on their own:
- A policy requiring human review of all AI outputs
- Training materials for operators on how to use the system
- An escalation procedure for unusual outputs
- A general terms-of-service clause about human oversight
What does satisfy Article 14 is building the oversight capabilities into the product itself: monitoring dashboards, confidence indicators, explainability features, visible override controls, and documented stop/interrupt mechanisms.
Operator Competence Requirements (Article 14(4))
Article 14(4) also requires that oversight persons have the necessary competence, training, and authority to perform the oversight role. Providers must specify in their instructions of use what competencies are required — the deployer is then responsible for ensuring their designated oversight persons have those competencies before using the system.
This means providers must include in their instructions of use a clear description of the background knowledge, professional qualifications, and training an oversight person should have. A general note that “only qualified staff should use this system” is insufficient — the specific competencies must be identified.
Common Mistakes
Treating Article 14 as a process requirement, not a design requirement
The most common error. Article 14 requires oversight capabilities to be built into the system. A policy document describing an oversight process does not satisfy it.
Conflating 'human-in-the-loop' with Article 14 compliance
Human-in-the-loop means a human approves every decision. Article 14 requires effective oversight — which can include periodic monitoring with override capability. The standard is effectiveness, not approval cadence.
No documented override mechanism
Article 14(4)(d) requires that oversight persons can decide not to use or override AI outputs. If your system does not have an explicit, documented override feature, this requirement is not met.
Omitting competency requirements from instructions of use
Providers must specify what qualifications and training oversight persons need. Leaving this to deployers' discretion is a compliance gap that regulators will flag.
Generate your Article 14 documentation
Nytivo's Article 14 module guides you through each human oversight requirement and generates the documentation section required for your Annex IV technical documentation pack.
Start free trialArticle 14 — Frequently Asked Questions
Does Article 14 require a human to approve every AI decision?
No. Article 14 does not require human-in-the-loop approval for every output. It requires that the system be designed so that humans assigned to oversight are able to effectively monitor and intervene when necessary. 'Human on the loop' — periodic monitoring with the ability to intervene — satisfies the requirement. The appropriate level of oversight will depend on the severity of potential harm: a medical diagnostic AI warrants closer oversight than an automated scheduling tool, even if both are high-risk.
What is the difference between Article 14's design requirement and an operational procedure?
Article 14 is a design requirement, not a process requirement. The oversight capabilities — monitoring, interpretation, override, interruption — must be built into the AI system itself. A policy document stating that operators must review all AI outputs does not satisfy Article 14; the system must actually support effective review. This means interpretability features, monitoring interfaces, confidence indicators, and override controls must exist in the product — not just in the operational handbook.
Who counts as the 'natural person' responsible for oversight?
Article 14(1) refers to 'natural persons to whom human oversight is assigned.' In practice, this is typically the deployer's staff — HR professionals, loan officers, clinicians, or other qualified personnel using the AI system in their professional role. The provider (the company building the AI) is responsible for designing the system to support effective oversight. The deployer is responsible for assigning competent people to perform it.
What training do oversight persons need?
Article 14(4) requires that oversight persons have the necessary competence, training, and authority to perform their oversight role — including understanding the system's limitations. Providers must document what competencies are required and supply sufficient instructions of use to enable deployers to train their oversight staff appropriately. The deployer is responsible for ensuring their staff actually receive that training.
How does Article 14 interact with Article 9 (risk management)?
Human oversight is frequently one of the risk mitigations identified under Article 9. If your risk management system identifies a risk that human review would mitigate, Article 14 specifies the design standard that the review mechanism must meet. An oversight mechanism that exists on paper but cannot be effectively exercised due to system design does not satisfy either article.
Related articles
Article 14 compliance by industry
Human oversight requirements play out differently across sectors. The required oversight intensity and design depends on the risk severity and decision context of your AI system.