omnichannel logoomnichannel.
Guide

Designing Decision Rights for AI Agents

The hardest part of human in control is not the technology. It is the design choice: which actions can the agent take alone, and which need a human gate? Human in control is an operating model for AI agents in which autonomous agents execute the work while a human retains final decision rights. Here is how to decide what those rights cover.

By Graeme Provan · 2026-06-11

The decision-rights framework

Every agent action can be scored on two axes: reversibility (can you undo it?) and stakes (what happens if it is wrong?). The combination tells you where the human belongs.

ReversibilityLow stakesHigh stakes
ReversibleFree-run. Let the agent act. Monitor for drift.HOTL rhythm. Agent acts; human reviews within a time window.
IrreversibleHITL rhythm. Human approves before execution.Named owner approval. Single human gate with audit trail.

Examples by domain

Customer service (low stakes, mostly reversible)

  • Free-run: Routine responses, appointment booking, balance inquiries.
  • HOTL review: Complaint handling, refund authorisation up to a threshold.
  • HITL gate: Refunds above threshold, account closure, complaints flagged for regulatory risk.

Financial services (high stakes, many irreversible)

  • Free-run: Data retrieval, report generation, scheduled communications.
  • HOTL review: Portfolio rebalancing within mandate, routine trade execution.
  • HITL gate: Discretionary trades, mandate changes, client onboarding approvals.

Healthcare (high stakes, often irreversible)

  • Free-run: Appointment scheduling, patient communication, inventory checks.
  • HOTL review: Diagnostic imaging triage, medication interaction alerts.
  • HITL gate: Treatment plans, discharge decisions, anything affecting patient safety.

The design process

  1. Inventory every action. List everything the agent might do, from the trivial to the consequential. Do not skip the edge cases.
  2. Score each action. Reversible or irreversible? Low stakes or high stakes? Use the framework above.
  3. Assign a rhythm. Free-run, HOTL review, or HITL gate? Document the rule, not just the example.
  4. Name the owner. For every HITL-gated action, name the person who holds decision rights. A role is not enough.
  5. Build the audit trail. Every gated action must be logged: what the agent proposed, what the human decided, and why.
  6. Test the override. Simulate a scenario where the human must stop the agent. How long does it take? Does it actually work?
  7. Review quarterly. Agents learn; their action inventory changes. The decision-rights matrix must be a living document.

Common mistakes

  • Everything gated: If every action needs approval, the human becomes a bottleneck and the agent is pointless.
  • Nothing gated: If no action needs approval, you have human-out-of-the-loop with a fancy name.
  • Thresholds without exceptions:A £500 refund limit is useful until a £501 situation requires three days of escalation.
  • Named owner on vacation: Decision rights must have a deputy or a timeout - or the system stops when the owner does.

Read the full canonical definition:

What is Human in Control?
Book a working session