EU AI Act Article 14: Human Oversight Requirements Explained

What is Article 14 of the EU AI Act?

Article 14 is the EU AI Act's core human oversight provision. It establishes that high-risk AI systems must be designed and built in a way that allows human operators to meaningfully supervise their operation and intervene when necessary. The article places obligations on both the companies that build AI systems and the organisations that deploy them.

The requirement is not symbolic. Article 14 specifies concrete capabilities that must exist: the ability to understand what the AI system is doing and why, the ability to detect anomalies and unexpected outputs in real time, and the ability to stop the system or override its decisions. A human being must be in a position to exercise these capabilities — not merely receive a log file after harm has occurred.

Which AI systems does Article 14 apply to?

Article 14 applies to high-risk AI systems as defined by the EU AI Act. These are listed in Annex III of the Act and cover eight domains:

1. Biometric identification and categorisation — remote biometric identification in public spaces (with narrow exceptions), categorisation of persons by sensitive characteristics
2. Critical infrastructure — AI managing roads, water, gas, heating, and electricity networks
3. Education and vocational training — AI that determines access to education or evaluates students
4. Employment — AI used in recruitment, shortlisting, performance evaluation, promotion, and termination
5. Access to services — AI making decisions on credit, insurance, housing, and essential public services
6. Law enforcement — AI used for lie detection, crime prediction, or risk assessment of individuals
7. Migration, asylum, and border control — AI for assessing applications, risk scoring, and document verification
8. Administration of justice and democratic processes — AI assisting courts and election-related systems

If your AI system falls into any of these categories, Article 14 applies to you. Many common business AI tools — automated CV screening, credit approval algorithms, tenant risk scoring, and fraud detection — are in scope.

What providers must do under Article 14

AI providers (the companies that build and place high-risk AI on the market) must design their systems with human oversight built in from the start. Specifically, the technical and organisational measures must enable human operators to:

• Fully understand the AI system's capabilities, limitations, and the conditions under which it can be expected to perform reliably
• Monitor the AI system's operation and detect drifts in performance, malfunctions, and unexpected outputs
• Disregard, override, or interrupt the system through a "stop" or similar mechanism
• Intervene in the system's operation or interrupt it through a pre-defined protocol

For biometric identification systems specifically, Article 14 adds a fifth requirement: the ability to prevent the system from being put into operation unless appropriate oversight confirmation is obtained.

What deployers must do under Article 14

Deployers (organisations that put high-risk AI systems to use) have parallel but distinct obligations. They must:

• Assign human oversight responsibilities to specific, competent individuals
• Provide those individuals with the authority, training, and tools to exercise oversight effectively
• Implement human oversight procedures as part of their operational workflows
• Ensure that human overseers have sufficient competence to understand the AI system's outputs and detect errors

Assigning oversight to someone without the time, knowledge, or authority to actually intervene does not satisfy Article 14. The obligation is substantive, not procedural.

Common implementation mistakes

Based on early compliance reviews across financial services, healthcare, and HR platforms, these are the most frequent Article 14 failures:

• Log-only monitoring: capturing AI decisions in logs but having no workflow that causes a human to review them
• Post-hoc review: reviewing AI decisions after they have been communicated to the affected person, making the review irrelevant to the outcome
• Nominal oversight assignment: naming a "responsible person" who has no training, no tools, and no capacity to intervene
• Threshold washing: setting oversight thresholds so high that effectively no AI decision ever reaches a human reviewer
• Missing override mechanism: no technical way to stop the AI system or reverse its output in production

How GeraWitness implements Article 14 compliance

GeraWitness is built around the four Article 14 capabilities as the design brief:

• Understand: plain-English explanations of every AI decision routed to the human reviewer, including the features and confidence scores that drove it
• Monitor: real-time intercept of AI actions above configurable thresholds before they are executed
• Override: one-click reject or modify at the reviewer's inbox, with the action held until confirmation
• Interrupt: emergency stop mechanism that freezes all pending AI actions within a defined scope, with audit log of the pause event

Every review decision — approve, reject, modify, or escalate — is cryptographically signed, timestamped, and stored in tamper-evident form. This creates the defensible Article 14 compliance record that both providers and deployers need.

Frequently asked questions