Human in the Loop: Why AI Still Needs You

Understanding HITL and the Human Role in AI Compliance Under the EU AI Act

Have you ever wondered why ChatGPT is constantly asking you, “Do you want me to plan it for you?” Or why there’s a thumbs-up and a thumbs-down button?

There’s a great reason behind the two emojis that we see and use—though you probably don’t use them very often. Hopefully, you remember the EU AI Act, which we all need to understand and comply with. If not, now’s the time to revisit our earlier publications.

HITL stands for Human in the Loop. But what is it, and why is it important?

Human in the Loop is a core component of the AI Act and is especially critical for companies designated as High Risk. Which companies are those?

• Recruitment systems (CV analysis, video interviews, candidate evaluation)
  

• Educational assessment systems (automated tests and recommendations)
  

• Healthcare systems (diagnostics, triage, treatment recommendations)
  

• Autonomous decision-making in law enforcement or the judicial system
  

• Credit scoring and financial modeling that impacts consumers
  

HITL means that a human must have the ability to intervene in AI-driven decision-making processes. The human must be able to validate, control, or override the model's output. They must understand how the AI works and be capable of educating or retraining the model where necessary.

So, what should we as software engineers do to be compliant with the AI Act and to implement HITL?

It’s not enough to just add an emoji. You need to implement far more to demonstrate compliance. Here are five key steps you must follow:

1. Design & Architecture Level

You need to embed human review or approval directly into your business process. One common method is to let the AI generate a suggestion and then build in functionality for a human to accept, reject, or edit that suggestion.

Why is this important?
Imagine you’re building an automated credit approval process for a bank. The system collects and analyzes user behavior and credit history to evaluate risk. An AI model automates this and can issue decisions within seconds. But under the AI Act, this isn’t enough. A human must be able to interrupt or change the decision—especially if the model denies credit due to high risk. Alternatively, the human can approve the AI’s decision and allow the process to proceed uninterrupted.

2. User Interface & Experience

There must be a dedicated dashboard for human reviewers. Input data must always be available, along with suggestions, statistics, graphs, etc., to help the reviewer make informed decisions.

Crucially, users must be able to adjust parameters and settings to influence the AI outcome when needed.

3. Logging & Audit Trail

The AI Act mandates that every human intervention must be logged and traceable.

Why?
To ensure accountability and prevent abuse. For instance, a bank employee might approve a risky mortgage just to “be nice,” which could lead to financial loss. No bank enjoys repossessing homes. That’s why every human action—what was suggested, whether it was accepted, what was changed, by whom, and why—should be logged with timestamps and audit trails.

4. Policies & Training

Every organization should train employees on how to use AI systems responsibly. If you implement HITL, you must:

• Create internal policies.
  

• Train your employees on how the system works.
  

• Define responsibilities and procedures, especially for risky or ambiguous cases.
  

• Establish a clear policy for when HITL is mandatory.
  
  

5. Technical Controls

Timeouts and escalations are essential. If a human doesn’t respond in time, a fallback process must trigger automatically. There should also be active alerts or communication mechanisms—especially when handling high-risk customers or detected anomalies. Define thresholds for AI confidence levels. If the confidence drops below that level, trigger immediate human intervention.

Say compliance and share your thoughts in the comments.