The European Union’s Artificial Intelligence Act entered into force in 2024.
Article 14 requires that high-risk AI systems be designed to allow effective human oversight.
The text is deliberately not prescriptive.
It says effective. It does not say dialog, checkbox, approve button, or review page.
Yet across the industry, “human oversight” has come to mean one thing almost exclusively: a modal that asks the human to confirm.
This is a category mistake.
What the Act Actually Requires
Article 14 says the human assigned to oversight must be able to:
- •understand the capabilities and limitations of the system
- •monitor its operation and remain aware of automation bias
- •decide not to use it, to override it, or to stop it
- •intervene or interrupt its operation
Nothing in this list requires a dialog.
Nothing in it prohibits a cryptographic proof.
The word effective is doing the work. An oversight mechanism that can be bypassed, ignored, or impersonated is not effective. An oversight mechanism that produces tamper-evident, non-repudiable evidence of who authorized what — that is.
Why Approval Dialogs Fail
A modal asking “approve this action?” is a user-interface pattern.
It verifies nothing about who is on the other side of the click.
Consider what a modern attack actually looks like.
An attacker does not bypass the dialog. They cause the dialog to be answered by the wrong entity.
- •Prompt injection causes the agent to auto-confirm its own actions.
- •A compromised model invents a plausible reason the user would approve and triggers the flow.
- •A spoofed UI layer intercepts the click and answers it programmatically.
- •Consent fatigue conditions the human to approve without reading.
- •A hijacked session approves on the real user’s behalf.
In every case the dialog appeared. The dialog was answered. The system logged consent.
No effective oversight occurred.
The dialog was never the oversight. It was the interface to an oversight that was never actually implemented.
What Cryptographic Proof Does Differently
Cryptographic proof of human authorization is not a UI element. It is a primitive.
The human performs a biometric gesture on their own device.
The device produces a signed assertion binding four things together:
- •the specific human, via a fresh biometric capture
- •the specific action, via a canonical payload
- •the specific moment, via a monotonic counter
- •the specific hardware, via device attestation
None of these can be produced without the human physically present and participating.
Prompt injection cannot forge biometrics.
A compromised model cannot sign on behalf of someone whose key it has never seen.
A remote attacker cannot produce a fresh biometric over the wire.
The proof is not a record of a dialog. It is an artifact whose existence is the authorization.
For more on how this applies to autonomous agents, see AI Agent Authorization.
The Regulatory Reading
Regulators care about effect, not form.
Article 14 will be enforced against outcomes. Did a human actually authorize a given high-risk action. Can that authorization be reconstructed afterward. Can it be repudiated.
A dialog-based approach fails on all three axes.
A cryptographic approach satisfies all three by construction.
This is why the same technical requirement now appears across regulatory frameworks that share almost nothing else:
- •PSD2 Article 97 and the Regulatory Technical Standards on SCA require dynamic linking and non-repudiation.
- •DORA (the EU Digital Operational Resilience Act) requires ICT-risk controls and tamper-evident evidence for critical financial operations.
- •The EU AI Act Article 14 requires human oversight of high-risk AI systems that is effective, not procedural.
Three regimes. One convergent technical requirement.
Closing
The Act does not say how to implement oversight.
It says oversight must work.
A dialog asks the human to approve.
A signature proves the human did.
One is an interface. The other is authority.