Key takeaways
- Human-in-the-loop (HITL) pauses the AI until a person approves the next step. Human-on-the-loop (HOTL) lets the AI proceed and gives a person the ability to monitor and intervene. Human-out-of-the-loop (HOOTL) removes the person from the runtime path entirely.
- The three labels were not invented for machine learning. They come from a 2012 Human Rights Watch report on autonomous weapons and were codified in U.S. Department of Defense Directive 3000.09.
- The EU AI Act does not pick one of the three. Article 14(3) says oversight measures must be
commensurate with the risks, level of autonomy and context of useof the system. That is the legal hook for choosing a mode, not a mandate. - A defensible choice runs on seven axes: latency budget, reversibility of the decision, criticality, autonomy ceiling, fallback path, audit granularity, and regulatory tier. Pick the rightmost column (most autonomous) that satisfies all seven, not the leftmost that minimises engineering work.
- A human standing next to a screen is not oversight. Without override authority, training, and a measurable override rate, you have what scholars now call a
warm body in the loop, a compliance prop that fails on first audit.
Where the terms come from (and why most articles get it wrong)
The in/on/out-of-the-loop trichotomy is not a software engineering invention. It was crystallised by Bonnie Docherty in a 2012 Human Rights Watch report on autonomous weapons systems, and adopted shortly after by DoD Directive 3000.09 (issued 2012, updated 2023), which defines three operating modes for lethal autonomous weapon systems and demands that commanders retain appropriate levels of human judgment over the use of force.
The vocabulary migrated into civilian machine learning around 2018 to 2020, when MLOps platforms needed a shorthand for labelling pipelines and exception queues. Vendor blogs picked it up. By the time agentic AI became the dominant topic in 2025, the labels were everywhere and rarely sourced.
This matters for two reasons. First, the original taxonomy was built around kill-chain decisions where every wrong call costs lives. Borrowing the language for a content moderation queue without acknowledging that gap is misleading. Second, the U.S. legal language has already moved on: the FY2025 National Defense Authorization Act replaced human in the loop with positive human actions for nuclear command, precisely because regulators noticed that loop membership was being claimed without action behind it.
Keep the labels. They are useful. But assume your reader knows where they came from, and treat them as design choices, not slogans.
Definitions, side by side
Human-in-the-loop (HITL)
A HITL system pauses at one or more decision points and cannot proceed without explicit human approval. The AI typically does the heavy lifting (ranking candidates, extracting fields, scoring risk) and the human is the gate.
Canonical examples:
- The U.S. Navy’s Aegis Combat System in its Auto SM mode: the system fully develops the engagement process but firing requires
positive human action. - A credit underwriting workflow where the model produces a recommendation and a banker authorises the loan. GDPR Article 22 effectively forces this for fully automated decisions with legal effects on a person.
- A radiologist confirming an AI-flagged lesion before it enters the patient record.
Strength: strong accountability. Weakness: throughput collapses if a human must approve every call. HITL stops being meaningful when the reviewer cannot keep up with the queue (see the rubber-stamping section below).
Human-on-the-loop (HOTL)
A HOTL system executes autonomously and exposes the trajectory to a supervisor who can intervene, override, or halt. The human is on the alert path, not the critical path.
Canonical examples:
- Social-media content moderation at scale: classifiers act on millions of posts per hour; moderators review escalations and audit a sample.
- Card-network fraud detection: transactions are decisioned in tens of milliseconds; analysts work the exception queue and tune the model.
- Remote patient monitoring: an algorithm calls anomalies in real time; the care team confirms or de-escalates.
Strength: scale. Weakness: late intervention. By the time a human notices a drift or a wrong action, the system may have committed thousands of decisions. HOTL relies on instrumentation: logging, alerting, override latency targets, and reviewer staffing.
Human-out-of-the-loop (HOOTL) and Human-in-Command (HIC)
HOOTL means no human participates at runtime. The model designer set the parameters; the system runs. This is the only mode where the autonomy ceiling is total. It is appropriate for low-stakes, high-frequency decisions such as content recommendation ordering inside a session, or microsecond-scale market-making once safety bounds are encoded.
HIC is the inverse: the human remains the principal and the AI is an instrument that extends their reach. The Devoteam and DeepScribe glossaries surface this fourth tier; the aviation autopilot and the surgical robot are the canonical analogies. HIC is sometimes confused with HITL, but the difference is who owns the decision. In HITL, the AI proposes and the human approves. In HIC, the human decides and the AI executes precisely.
The taxonomy is not exhaustive. Recent academic work proposes intermediate tiers like Human-in-the-Process (HITP) and Human-Augmented Model (HAM) to capture richer interaction patterns. For governance purposes, the four-tier scheme above is sufficient.
The 7-axis decision matrix
Most glossary articles stop at definitions. Operators need a picker. The matrix below maps a candidate AI system across seven axes, each tied to a concrete governance constraint. Read each row, score your system, and pick the rightmost (most autonomous) column that still satisfies the row.
| Axis | HITL appropriate when… | HOTL appropriate when… | HOOTL appropriate when… |
|---|---|---|---|
| Latency budget | Decision can wait seconds to minutes (loan approval, clinical diagnosis). | Decision must happen in milliseconds to seconds, but late override has value (fraud scoring, content moderation). | Decision must happen in microseconds and override is impractical (ad bidding, packet routing). |
| Reversibility | Decision is hard or impossible to reverse (firing, surgery, criminal sentencing). | Decision is reversible with effort (transaction reversal, post unhide, refund). | Decision is trivially reversible or low-impact (cache eviction, recommender ordering). |
| Criticality (harm ceiling) | Worst case threatens safety, fundamental rights, or major financial harm. | Worst case is bounded financial loss or recoverable user friction. | Worst case is negligible (UI annoyance). |
| Autonomy ceiling | The system is allowed to act only within a tightly scoped, pre-approved action set. | The system has a broad action set, but a kill switch and runtime guardrails apply. | The system has full action space within its domain; only the design-time policy constrains it. |
| Fallback path | A trained human is on shift and can complete the decision without the AI. | A degraded service mode exists (cached answer, default policy) when the AI or the reviewer is unavailable. | No human fallback is required; the deterministic floor of the system is acceptable. |
| Audit granularity | Each decision must be traceable to a named human approver. | Each decision must be traceable to a model version, but the override action is the audit trail. | Decisions are aggregated; only periodic statistical evidence is required. |
| Regulatory tier | High-risk under EU AI Act Annex III, FDA premarket, MDR Class IIa+, GDPR Article 22 fully automated decisions. | Limited-risk under the EU AI Act, sector codes of conduct, internal policy. | Minimal-risk under the EU AI Act; informal governance only. |
The rule of thumb that turns this into a design tool: pick the rightmost column whose entire row your system can honour, never the leftmost that minimises engineering effort. If any single axis pulls you into HITL, the whole system inherits HITL on that decision path. You can still run HOTL elsewhere in the workflow.
Mapping to EU AI Act Article 14
Article 14 of the EU AI Act is the legal hook for the entire conversation. Paragraph 1 sets the bar: high-risk AI systems shall be designed and developed in such a way ... that they can be effectively overseen by natural persons during the period in which they are in use. Paragraph 3 makes the choice contextual: oversight measures shall be commensurate with the risks, level of autonomy and context of use of the high-risk AI system.
Notice what Article 14 does not say. It does not require a human to approve every decision. It does not name HITL or HOTL. It requires that the system be designed so a person can understand, monitor, intervene, and halt, and that those abilities be proportionate. That is a design brief, not a runtime mode.
The practical mapping:
- High-risk systems (Annex III): HITL or strong HOTL with named override authority. Article 14(4)(d) explicitly demands the ability to
decide ... not to use the high-risk AI system or otherwise disregard, override or reverse the output. If your HOTL design cannot demonstrate that the supervisor can override in time, you have not met Article 14. - Limited-risk systems: Article 50 transparency obligations plus HOTL at the minimum. The reviewer does not have to approve every action; they must be able to see and stop.
- General-Purpose AI (GPAI): oversight obligations shift to model lifecycle controls under Articles 51 to 55 (technical documentation, copyright policy, training-data summaries, and for systemic-risk models, adversarial evaluation and incident reporting). Runtime HITL/HOTL is not the right primitive at this layer; it returns at the deployer layer when a GPAI is integrated into a downstream high-risk product.
- Prohibited systems (Article 5): oversight mode is irrelevant. The system is unlawful.
Melanie Fink’s SSRN paper on Article 14 is worth a careful read: she argues that the article leaves the most consequential question (how oversight is operationalised) almost entirely to the deployer, which makes design choices the de facto compliance posture.
Mapping to ISO/IEC 42001 and NIST AI RMF
If the EU AI Act is the regulator-facing hook, ISO/IEC 42001 is the management-system spine and the NIST AI RMF is the engineering vocabulary. The three speak to each other:
- ISO/IEC 42001 §6.1.4 (operational planning and control) and Annex A.6.2.6 (human oversight) require that the organisation define, implement, and maintain controls for human oversight as part of its AI management system. The standard does not pick HITL or HOTL either; it requires evidence that the choice was deliberate and tested.
- NIST AI RMF GOVERN-1.4 (
Processes are in place to determine the needed level of risk management activities based on the organization's risk tolerance) and MANAGE-2.4 (Mechanisms are in place and applied, and responsibilities are assigned and understood, to supersede, disengage, or deactivate AI systems that demonstrate performance or outcomes inconsistent with intended use) are the architecture and runtime versions of the same control. - The official AIRC crosswalk maps the two standards line by line.
The practical posture: write your oversight mode into your ISO 42001 statement of applicability, justify it with the 7-axis matrix, instrument it the way NIST AI RMF MANAGE-2.4 demands, and you have one coherent answer for an EU AI Act Article 14 audit, an ISO 42001 certification audit, and a NIST-aligned customer questionnaire.
The rubber-stamping trap
More HITL than the system needs is worse than less. When a reviewer is fed a queue of thousands of please approve items per shift, attention collapses and approvals become reflexive. Verfassungsblog calls this a warm body in the loop: nominal oversight that satisfies a checklist and provides no real check on the model. Auditors notice.
Four design fixes are now considered baseline:
- Confidence-routed escalation. The reviewer sees only the items the model itself flags as uncertain or those sampled for QA. Approvals on the high-confidence stream are batch-audited, not unit-reviewed.
- Override rate as a KPI. Track the percentage of AI decisions reversed by the reviewer over time. An override rate stuck at zero means the human is rubber-stamping. An override rate stuck above twenty percent means the model is broken. The acceptable band depends on the use case; the point is that the metric exists.
- Reviewer training and rotation. Article 14(4)(b) names training as a requirement, not a nicety. Reviewers should be domain-trained, rotated to fight fatigue, and tested with seeded errors.
- Override latency. Measure the time between an anomaly and a human action. If the median is longer than the time the AI takes to commit the wrong outcome, your HOTL claim is theatre.
These four points are what separate we have a human in the loop from we have effective human oversight under Article 14. Auditors increasingly ask for the second.
Sector-specific oversight
The oversight mode that survives audit is sector-specific because risk tiers are.
- Healthcare: HITL is the default for diagnostic outputs that enter the medical record. Article 14 combines with the EU Medical Device Regulation (MDR) and, in the United States, with FDA Software-as-a-Medical-Device guidance. HOTL is acceptable for triage and monitoring once the false-negative rate has been bounded by clinical study.
- Financial services: HITL for credit and underwriting decisions on natural persons (GDPR Article 22 forces this), HOTL for fraud monitoring and transaction surveillance, and HOOTL is generally unacceptable for any decision that hits a customer record.
- Public sector and justice: a special case. The Oxford IJLIT 2026 paper on
judges-in-the-loopargues that for high-risk decision support systems used in adjudication, the oversight has to be exercised by the decision-maker, not a third-party reviewer, or it does not count as meaningful human control. - Autonomous mobility: HOTL during in-trip operation, with HITL escalation for edge cases handled by a remote operations centre. HOOTL is reserved for sub-second control loops where human latency is physically infeasible.
- Content and search: HOTL with confidence-routed sampling is the norm. HITL becomes mandatory when content removal touches political speech or other fundamental-rights-loaded categories.
The pattern: as the harm ceiling rises, the matrix forces you leftward. As the latency budget shrinks, it forces you rightward. Real systems live at the intersection.
How to implement oversight in your AI system
A five-step routine that aligns the matrix above with ISO 42001 documentation and EU AI Act audit evidence:
- Classify the AI system under the EU AI Act risk tiers, GDPR Article 22, sector regulations, and any contractual obligations. This determines the regulatory tier row of the matrix.
- Score the system across the other six axes. Write the scores down. The choice of mode falls out of the scores.
- Document the choice in your ISO 42001 Statement of Applicability under Annex A.6.2.6, with a reference to the matrix output and a signed-off rationale.
- Instrument the runtime. Override path, override latency target, audit trail per decision (or per model version, depending on the row), reviewer training records, override-rate dashboard.
- Review quarterly. Override rate, false-stamp rate (a sampled audit of
approveditems), reviewer fatigue signals, and any regulatory or technical changes that move a row.
The loop closes when the dashboard either confirms the original choice or surfaces a row that has shifted, in which case you re-score and update the SoA. Teams that manage AI governance at the portfolio level usually need tooling at this point. AI Sigil is built around this exact workflow.
FAQ
Is there a real difference between human-in-the-loop and human-on-the-loop? Yes. HITL pauses the AI and waits for a human approval before proceeding. HOTL lets the AI act and gives a human the ability to monitor and override. The difference is not aesthetic. It changes the latency budget, the audit trail, the staffing model, and the regulatory exposure. Treating the two as interchangeable is how compliance debt accumulates.
What is human-on-the-loop in plain language? The AI does the work. A person watches it work, can stop it, and reviews a sample of what it did. It is the right pattern when you cannot afford to gate every decision but you cannot afford to let the system run unsupervised either.
Who coined the term human-in-the-loop? The phrase predates AI in modelling and simulation literature, but the modern in/on/out-of-the-loop trichotomy was popularised by Bonnie Docherty in the 2012 Losing Humanity Human Rights Watch report on autonomous weapons. The U.S. Department of Defense adopted it for Directive 3000.09 shortly afterward.
Where does the EU AI Act use human-in-the-loop? It does not, by name. Article 14 mandates effective oversight by natural persons, lists four oversight capabilities (understand, monitor, intervene, halt), and requires that oversight be commensurate with the risks, level of autonomy and context of use. The HITL/HOTL labels are tools the deployer picks to satisfy that brief.
Is human-in-the-loop enough for a high-risk AI system? Only if it is genuine. Article 14(4) requires that the supervisor can understand the system, monitor its operation, intervene, halt it, and override it. A nominal approver who rubber-stamps a queue does not meet that bar. The override rate, override latency, and reviewer training are the evidence an auditor will ask for.
What is human-in-command and how is it different? In HIC, the human is the principal decision-maker and the AI is an instrument that executes their intent. Pilots in autopilot, surgeons on a robotic console. HIC differs from HITL because the decision was always the human’s; the AI never proposes a course of action that the human merely approves.
Can I mix modes in the same system? Yes, and most production systems do. Run HOTL on the bulk pipeline, route low-confidence cases to a HITL queue, and keep HOOTL for the tight feedback loops that cannot tolerate latency. The matrix is applied per decision path, not per system.
Conclusion
The loop labels are not a vendor pitch. They came from a decade of debate about how much autonomy a machine should hold over a life-or-death decision. The civilian governance conversation inherited that vocabulary along with the obligation to use it precisely.
The useful posture is structural. Score every AI decision path on the seven axes. Pick the most autonomous mode that the scores allow. Write the mode and the rationale into your ISO 42001 SoA. Instrument the override path with the rigour that EU AI Act Article 14(4)(d) and NIST AI RMF MANAGE-2.4 both demand. Track the override rate and the false-stamp rate. Re-score when the system, the data, or the regulation moves.
The alternative, picking a label because a vendor blog used it, is how oversight becomes a checkbox and then a finding. The matrix is the way to make sure the label you ship is the one that actually fits the system.
For a deeper read on Article 14 itself, the AI Sigil Article 14 walkthrough is the companion piece to this article. For the ISO 42001 control mapping, the ISO 42001 pillar is the next stop.