Article IV — Human Oversight

Note

Renamed from “Operational Safety” in v0.2.0. Safety is a consequence of oversight — not its definition. The constitutional requirement is that human authority remains in the decision chain at every escalation boundary. The title change names the requirement directly.

Autonomous systems remain subordinate to human authority — escalation pathways are a constitutional requirement, not a feature.

---

Commitment

Autonomy increases impact. Impact increases risk. Risk requires oversight.

AEGIS-compliant systems treat autonomy as a risk multiplier, not a design goal. Human oversight is not an optional layer added for compliance purposes. It is a constitutional requirement embedded in the governance architecture. Escalation pathways to human authority must exist, must be reachable, and must be invoked whenever the governance evaluation exceeds autonomous thresholds.

No system governed by AEGIS may self-authorize escalation.

---

Foundation

The purpose of governance is not to replace human judgment — it is to ensure that human judgment is exercised where it matters. Routine actions within defined parameters can be governed autonomously. Actions with material operational impact, irreversible consequences, or novel risk profiles require human authority.

This is not a limitation of AI capability. It is the correct allocation of decision authority between autonomous systems and the humans who bear accountability for their outcomes.

Oversight is proportional to consequence. At low threat levels, operator review is sufficient. At elevated threat levels, explicit authorization is required. At the highest levels, dual-control approval and operator presence are mandatory.

The governance architecture must make it structurally impossible for an AI system to bypass human oversight at the levels where oversight is constitutionally required.

---

Enforcement

The decision engine must implement a four-outcome model: ALLOW, DENY, ESCALATE, and REQUIRE_CONFIRMATION. Binary allow/deny semantics are constitutionally insufficient for systems operating at scale.

Actions classified as destructive, high-impact, or exceeding autonomous authority thresholds must produce ESCALATE or REQUIRE_CONFIRMATION decisions. These outcomes must route to human review before any execution occurs.

Escalation requests must include full governance context: actor, capability, risk score, policy trace, and audit reference. Human reviewers must have sufficient context to make informed decisions.

Escalation timeouts must default to denial. An escalation that receives no human response within the defined window must not proceed.

The oversight hierarchy must be defined, versioned, and auditable. Changes to oversight thresholds are governed acts.

Tip

Escalation timeouts default to denial. An escalation that receives no human response within the defined window does not proceed — it does not retry, it does not fall back to autonomous evaluation, and it does not expire into an implicit allow. Timeout means denial.

---

In Practice

The AEGIS threat level framework defines six operational tiers — Level 0 (Advisory) through Level 5 (Detached Execution). Human oversight requirements escalate with threat level. At Level 2 (Execution), bounded tool invocations with defined rollback conditions may proceed autonomously. At Level 3 (External), interaction beyond the sandbox requires explicit escalation approval. At Level 4 (Authority), dual-control approval and full traceability are required. At Level 5, physical or network isolation and operator presence are mandatory — no single party can authorize Level 5 execution.

When the decision engine produces ESCALATE or REQUIRE_CONFIRMATION, the action is suspended. The full governance context — actor identity, capability requested, risk score, policy trace, and audit reference — is surfaced to the human reviewer. The reviewer must actively approve before execution proceeds. An escalation that times out does not proceed by default. The timeout itself is a governed act, logged with the same fidelity as any other governance decision.

---

Failure Mode

A system that can self-authorize escalation is a system with no effective ceiling on what it can do. Autonomy without an escalation ceiling is not a feature of a capable system — it is the definition of an uncontrolled one. The failure mode is not dramatic. It is incremental: a system that escalates its own threat level slightly, then slightly more, each time determining that the situation warrants it, until it is operating at authority levels its designers never intended and its operators cannot observe. The constitutional requirement for human oversight at each escalation boundary is not friction in the system. It is the mechanism by which the humans who bear accountability for the system’s actions remain in meaningful control of them.

---

Relationship to Other Articles

Human Oversight depends on Escalation Discipline (Article XI) — the procedural requirements for how escalation is requested, approved, and documented. It depends on Authority Binding (Article II) — the human reviewer’s authority level must be verified before their approval is accepted. And it connects to Auditability (Article VII): every escalation event, including timeouts and denials, must produce a complete audit artifact. Oversight without a record is not oversight. It is an unverifiable claim.