Tip: use your browser's Print dialog (⌘P / Ctrl+P) and "Save as PDF".
HAL White Paper · Version 1.0
For most of the history of machine decision-making, governance had a simple shape: a machine proposed, and a human disposed. We called this Human-in-the-Loop, and it served us well. It is now quietly failing, because the premise it rested on (that the human is the one who acts) no longer holds.
Human-in-the-Loop (HITL) is an inheritance from control theory, aviation, and early automation, where a human operator remained the final authority over a machine that could otherwise act on its own. The principle was conservative and sound: where a machine might err in ways that matter, insert a human between its judgement and the world.
HITL worked because of a structural fact about the systems it governed: they did not act. They produced outputs (scores, classifications, drafts) and then stopped. The output was inert until a human picked it up. That gap between output and action was where governance lived. It also worked because volumes were human-scaled, so the review was real.
Two things break HITL: volume and action. When a system makes more decisions than a human can examine, "human-in-the-loop" becomes "human-rubber-stamping-the-loop". The control persists on paper while evaporating in practice.
A reviewer who cannot review is not a control. They are a liability with a job title.
The deeper break comes when systems begin to act. The moment a system can send the email, file the report, move the money, or delete the record, the gap between output and action closes. There is no longer a natural pause in which a human stands.
Agentic systems take actions in pursuit of goals, chaining steps, calling tools, and operating with minimal supervision. That shift changes what governance must cover. An actor needs a different kind of governance: whether the action was authorised, bounded, recorded, and owned.
The useful frame is delegation. When we let a system act on our behalf, we delegate authority to it, exactly as we delegate authority to people. We scope what it may do (Authority), set what it must never do (Limits), define when it must escalate (Escalation), and keep records of what it did (Evidence). These are the ancient mechanics of delegation, applied to a new kind of agent.
Execution can be delegated to a system. Accountability cannot. When a human employee acts within their authority, the organisation remains accountable. Substituting software for the employee changes nothing. Software has no independent judgement to be held to account, so accountability flows back, through the system, to the human who owns it. That is the substance of Human Accountable for the Loop.
The law of agency has governed delegated action for centuries. A principal is bound by the authorised acts of their agent. A regulator faced with an erroneous automated filing will not accept "the model did it" as a defence. HAL asks organisations to confront that reality before deployment, not during an incident.
Organisations will run many agents at once. Governing this estate will resemble portfolio management more than decision-by-decision review: a registry of agents, each with an owner, an authority scope, a risk level, a HAL score, and a review date. Governance itself will become continuous, the way operations became continuous with DevOps. And one line will not be allowed to blur: however deep the stack of agents, accountability terminates at a human.
The future of AI governance is about ensuring someone remains accountable for the system making those decisions.