42
AI Gov Mapper
ISO × NIST × EU
← All themes

Human Oversight across ISO 42001, NIST AI RMF and the EU AI Act

// theme · human-oversight

Human Oversight

Open in explorer →

Meaningful human control and ability to intervene or override.

// Do once → satisfies all three
ONE documented oversight protocol - named reviewers, intervention UI, stop-the-line, override audit log.

A real protocol with logs is the only way to evidence oversight; ticking 'human in the loop' on a deck satisfies none of the three.

ISO 42001
Annex A.9
NIST AI RMF
MAP 5.2 · MANAGE 2.3
EU AI Act
Art.14 · Art.26
// Evidence auditors expect
  • Documented override / stop-the-line procedure
  • Trained reviewer roster with sign-off authority
  • UI evidence of meaningful intervention points (not rubber-stamp)
  • Logs proving overrides were possible AND used
// Common pitfalls
  • 'Human in the loop' that only clicks Approve on 1000 items/day - automation bias = no oversight.
  • Overrides technically possible but operationally discouraged or unreviewed.
  • Reviewers not trained on the failure modes they're meant to catch.
ISO 42001
3
Annex A.9 requires responsible use including human oversight of the intended purpose.
Annex A.9.2
Processes for responsible use
Define processes for the responsible use of AI systems within the organisation.
Annex A.9.3
Objectives for responsible use
Set objectives for the responsible use of AI systems, aligned with the AI policy.
Annex A.9.4
Intended use of the AI system
Ensure AI systems are used for their intended purpose, with human oversight in place.
NIST AI RMF
4
MAP 5.2 designs the human–AI configuration; MEASURE 2.9 checks the system is interpretable enough to oversee; MANAGE 1.2 plans the response; MANAGE 2.3 ensures real override / disengage / deactivate controls exist.
MAP 5.2
Practices for human-AI configurations
Practices and personnel for human-AI configurations established.
MEASURE 2.9
Interpretability & explainability
AI system is examined for interpretability and explainability.
MANAGE 1.2
Treatment plans defined
Plans to mitigate or transfer AI risks are defined.
MANAGE 2.3
Override, disengage, deactivate mechanisms
Procedures to override, disengage or deactivate the AI when needed.
EU AI Act
2
Art.14 demands designed-in human oversight measures proportional to risk; Art.26 obliges deployers to assign trained humans.
Article 14
Human oversight
Designed to be effectively overseen by natural persons during use.
Article 26
Obligations of deployers
Deployers use AI per instructions, ensure human oversight, monitor and log.
// What now?
Open
Open “Human Oversight” in the Explorer →
Continue
Continue to a related theme · Accuracy, Robustness & Security