top of page
SAVANT_AI - logo RGB - White - Full.png

SOVEREIGN COGNITIVE SYSTEM

Human Competence Gate — how to turn fictional human oversight of AI into a real control mechanism

  • 5 days ago
  • 7 min read

Series: CDF 1.3.2 in practice — 6 articles on the methodology of sovereign AI implementation

This is the fifth article in the series (S3). In previous issues: Cognitive SLA (S1) — reasoning quality metrics; From pilot to production (G1) — eliminating Pilot Purgatory; Sovereignty Level Assessment (S2) — the right level of sovereignty; Agent Governance (G2) — swarm agent management. The SAVANT series focuses on compliance, quality measurement, and oversight. CDF 1.3.2 is a proprietary methodology developed by allclouds.pl, based on ISO/IEC 42001:2023 and the EU AI Act.


 

In many organizations, "human oversight" of AI looks like this: a recommendation appears on the screen, the user clicks "approve," and the system records the acceptance. Formally, everything is correct. On paper, a human participated in the decision-making process.


The problem begins when a more difficult question needs to be answered: did this person really understand what they were approving? Did they read the justification? Did they know the legal and financial consequences? Were they aware of the exceptions and limitations of the recommendation?


If the organization cannot demonstrate this, then its "human oversight" is a ritual, not a safeguard. And this is where one of the most interesting ideas of CDF 1.3.2 comes in: Human Competence Gate.


"Human-in-the-loop" alone is not always enough

In the debate on AI, it is often assumed that the presence of humans in the process automatically solves the problem of responsibility and safety. This is a convenient assumption, but in practice it is too simplistic.


A human may formally participate in the process, but at the same time not have the time, context, or competence to truly evaluate the system's recommendation. They may act routinely, approving successive decisions without deeper analysis — especially when the system appears to be working correctly for a long time. As a result, oversight becomes ceremonial: it exists because it has to, but it does not fulfill its protective function.


CDF 1.3.2 defines five levels of AI agent autonomy — from L0 (Human-only) to L4 (Full autonomy). Even at level L1, where a human formally approves each action, the question arises: what guarantees that this approval is conscious?


A full description of the five levels of CDF autonomy — from L0 Human-only to L4 Full autonomy — can be found in the article "Cognitive SLA — why 99.9% uptime is not enough." We describe the governance model for agents at each level in the article "Agent Governance — how to manage a swarm of 50 AI agents without losing control."


What is Human Competence Gate

Human Competence Gate, or HCG for short, is a control mechanism triggered before AI decisions are approved in high-risk processes. Its task is to check whether the user has sufficient understanding of the matter for their approval to have real supervisory value.


The mechanism works simply. After the AI generates a recommendation, the system activates HCG and generates a contextual set of 5–15 Yes/No questions. The questions cover three areas:

  • Relevant facts related to the case.

  • Key consequences of the decision—legal, financial, organizational.

  • Limitations, exceptions, and conditions for applying the recommendation.


Only after reaching the required accuracy threshold can the user approve the decision. If the threshold is not reached, the system blocks approval and may escalate the matter or refer the user to additional explanatory material.


This is not a general knowledge test. It is a verification of understanding of a specific decision, in a specific context, just before it is approved.


Where does the system get its questions from?

HCG questions are not a static list prepared in advance. CDF 1.3.2 assumes three sources for generating control questions, used in combination or depending on the use case:

  • Departmental templates — predefined sets of questions for repeatable types of decisions (e.g., credit decisions, purchases above a threshold, configuration changes). Defined in the HCG Activation Matrix as a Phase 2 artifact.

  • Business rules — questions resulting from the organization's internal governance policy, regulatory requirements (EU AI Act, DORA), or contractual terms. Each organization defines its own rules in the HCG Control Policy.

  • Contextual generation by AI — for non-standard or complex decisions, the system can dynamically generate questions based on the content of recommendations, case data, and risk profile. Generated questions are logged and audited.


This approach combines repeatability (templates) with flexibility (dynamic generation), while maintaining full auditability regardless of the source of the questions.


When HCG activates and what it logs

CDF 1.3.2 does not treat HCG as a mechanism that is always and everywhere enabled, but as a tool that is activated where the risk is actually elevated. Typical activation categories include: high-risk decisions according to the EU AI Act classification, decisions with legal or financial implications for third parties, first decisions of a given type made by the user, processes in regulated sectors (finance, health, public administration), and cases indicated by the organization's internal governance policy.


With each activation, the system records a complete operational log: what questions were asked, what answers were given, what the validation result was, whether the decision was approved, blocked, or escalated, and which version of the AI model generated the recommendation. All this data goes to the Immutable Audit Trail — an unmodifiable event log whose entries cannot be deleted or changed without leaving a trace.


For an auditor, regulator, or risk department, this is much more valuable than a general statement that "the decision was approved by a human." HCG allows you to reconstruct not only that the decision was made, but also whether the approver demonstrated an understanding of the matter.


Where HCG makes the most sense

Sector

What HCG verifies

Why it matters

Banking

Does the employee understand the terms, risks, and consequences of the recommended credit decision?

DORA, civil liability, consumer protection

Public administration

Does the official understand the effects of the administrative decision, the appeal deadlines, and the consequences for the party?

KPA, EU AI Act Art. 14, right of appeal

Public procurement

Does the decision-maker understand the criteria for evaluating bids and their weight in AI-supported selection?

PZP, transparency, responsibility of the contracting authority manager

Medicine

Does the physician understand the limitations of AI diagnostic or therapeutic recommendations?

MD/IVD regulations, professional responsibility, patient safety

 In each of these cases, the point is the same: it is not only about the presence of a human being in the process, but about the quality of their participation.


HCG against the backdrop of the autonomy model and Cognitive SLA

HCG is most important at the L1 (Human-in-the-loop) level, where a human approves each action — HCG checks whether this approval is conscious. At levels L2–L3, HCG can be activated for selected categories of decisions escalated to humans. At level L4 (Full autonomy), HCG does not exist by definition, because this level is only acceptable for non-critical processes.


HCG is not an alternative to human-in-the-loop. It is its reinforcement — a mechanism that makes the "loop" cease to be a formal loop and begin to function as real control.


HCG naturally complements the Confidence Calibration metric, which we describe in the article "Cognitive SLA." Confidence calibration measures whether a model declaring 90% confidence is actually correct in 90% of cases . HCG complements this measurement on the human side — it verifies whether a person can properly assess this confidence and make an informed decision.


How HCG changes organizations

The most interesting thing about Human Competence Gate is that it acts as both a control and educational mechanism.


Control — because it blocks the approval of a decision if the user does not demonstrate a minimum level of understanding. Educational — because it forces reflection on the content of the recommendation, its conditions, and exceptions. CDF directly calls this "user education on the fly."


This is particularly important in the first months of implementation, when the organization is just building habits of working with AI. HCG not only reduces the risk of a single erroneous approval. It helps shape better decision-making patterns and limits the phenomenon of "automatic" approval — which, over time, is the greatest threat to the quality of human oversight.


HCG artifacts in CDF

CDF 1.3.2 takes HCG seriously at the documentation level. Mandatory Phase 2 artifacts include:

  • HCG Control Policy — defining the rules for activating the mechanism.

  • Human Competence Gate activation matrix per use case.

  • A register of control questions and passing thresholds.

  • HCG Audit Log Specification — describing the format and scope of logging.


This is not a loose recommendation. It is a defined set of documents that an organization should have before production implementation — and which may serve as evidence in an audit or regulatory inspection.


What to ask when designing AI oversight

If an organization implements AI in business-critical processes, it is worth asking a few questions:

  • Does the person actually understand the recommendation they are approving, or are they just clicking on it?

  • Can this understanding be demonstrated in a measurable and repeatable way?

  • Is there a competency threshold for higher-risk decisions before approval?

  • Can the organization reproduce why a particular decision was approved—and by whom?

  • Is human oversight part of real risk management or just a formal step in the process?

  • Is there a record of which version of the AI model generated the recommendation that the user approved?


If there is no good answer to these questions, the problem usually lies not in the AI model itself, but in the architecture of accountability around it.


Supervision that can be defended

Human Competence Gate does not attempt to replace humans or pretend that HITL alone solves the problem of oversight. Instead, it organizes the moment when human responsibility becomes real—and creates an auditable trail of that responsibility.


In the world of AI, it is becoming increasingly important not only whether a human is "in the process," but whether their participation has real decision-making value. HCG answers this question in a concrete way: it verifies understanding, logs the result, and blocks approval when the threshold is not met.


This is what distinguishes ceremonial oversight from oversight that can be defended — operationally, auditorily, and regulatorily.


Oversight is not a one-time implementation. In the last article in the series, we describe Cognitive Operations — what happens after implementation, when most AI vendors have long since left the building. Drift monitoring, Knowledge Graph Governance, agent lifecycle, and monthly cognitive quality reports.

 
 
 
bottom of page