Why the same control everywhere doesn't make sense
An AI system that requires human approval for every tiny action loses the automation benefit entirely (see module 9, cost & ROI). A system that executes critical actions with no oversight at all carries unnecessary risk (see module 13). The right answer sits in between - graded by impact.
Three levels of human oversight
Full autonomy
The AI acts entirely on its own. Fits actions with low impact if something goes wrong and good reversibility - e.g. summarizing an internal note.
Approval before execution
The AI proposes an action, a human confirms it before it takes effect. Fits actions with noticeable but bounded consequences - e.g. canceling an invoice.
Spot-checking
The AI acts on its own, a human reviews a sample of results afterward. Fits high-volume actions with medium risk - e.g. automated replies to standard requests.
What determines the right level
Two questions decide: how severe are the consequences of a mistake - financial, legal, reputational? And how easily can a mistake be undone? High impact plus poor reversibility calls for the strictest level (approval before execution); low impact plus good reversibility allows full autonomy.
Why this matters for you as a decision-maker
"Human in the loop" isn't a blanket yes/no question - it's a deliberate design decision per action type. In a vendor pitch involving agents (module 10), it's worth asking: which oversight level was chosen for which actions, and why?