High-risk AI systems must not operate autonomously without effective human intervention being possible. Article 14 of Regulation (EU) 2024/1689 (the EU AI Act) establishes that providers must design such systems in a way that oversight during use is genuinely feasible. Deployers are then required to assign competent, trained personnel to carry out that oversight in practice. The article also explicitly introduces the concept of automation bias, a cognitive phenomenon that can systematically undermine the effectiveness of human oversight.
What Article 14 requires
Article 14(1) provides that high-risk AI systems must be designed and developed, including with appropriate human-machine interface tools, to allow effective oversight by natural persons during the period of use. Oversight measures must be proportionate to the level of risk, the degree of autonomy of the system, and the context of use (paragraph 3).
Paragraph 4 sets out five concrete capabilities that human overseers must have:
- the ability to understand the system's capacities and limitations and to monitor its operation, including detecting anomalies, dysfunctions, and unexpected performance;
- awareness of the possible tendency towards automation bias, particularly for systems used to provide information or recommendations for decisions to be taken by natural persons;
- the ability to correctly interpret the system's output;
- the ability to decide, in any particular situation, not to use the system or to disregard, override, or reverse its output;
- the ability to intervene in the operation of the system or interrupt it through a 'stop' button or similar procedure that allows the system to come to a halt in a safe state.
Automation bias: the problem at the core
Automation bias is the tendency of people to follow the output of automated systems without critically evaluating it, even when that output is incorrect or contradicted by available information. The term refers to two types of errors: errors of commission, where an employee acts on an incorrect automated recommendation without checking it, and errors of omission, where an employee fails to notice that the system has not flagged a problem.
Article 14(4)(b) explicitly names automation bias as a risk of which overseers must remain aware. This is notable because few EU legislative texts address a specific cognitive phenomenon at this level of detail. Its inclusion signals that the legislator does not treat human oversight as self-evident, but as a skill that must be actively maintained.
Factors that intensify automation bias include high workload, time pressure, limited domain knowledge, strong trust in the system's reliability, and the absence of alternative information sources. In sectors such as healthcare, law enforcement, and social benefits, where high-risk AI systems are frequently deployed, these conditions are often present.
The role of the provider
The provider bears primary responsibility for making oversight possible. In practice, this means the system must include technical facilities: comprehensible interfaces, explanations accompanying output, logging functions, and the ability to halt the system or override its output. Where technically feasible, oversight measures are built directly into the system (paragraph 3(a)). Where this is not possible, the provider describes which organisational measures the deployer must implement (paragraph 3(b)).
The instructions for use that providers are required to draw up under Article 13(3)(d) must describe the oversight measures. A provider that fails to deliver adequate oversight facilities does not comply with the Regulation.
The role of the deployer
Under Article 26(1) and (2), deployers are required to use the system in accordance with the provider's instructions and to assign competent, trained, and authorised personnel to carry out human oversight. It is not sufficient to designate someone formally as an overseer: that person must also be genuinely capable of interpreting output, recognising deviations, and intervening in a timely manner.
Research by the Knowledge Centre Data & Society indicates that the broad flexibility of Article 14 makes practical implementation difficult. Deployers need concrete examples, criteria, and guidance to assess whether their oversight measures are adequate. A lack of expertise and awareness among staff is identified as one of the principal implementation risks.
Organising oversight within the organisation
Effective human oversight requires more than a technical stop button. Organisations deploying high-risk AI are well advised to incorporate the following elements into their workflows:
- a clear governance structure with defined roles and responsibilities for oversight;
- training programmes that specifically address automation bias and how staff can recognise it;
- working instructions that set out when AI output may be followed, when it must be disregarded, and how intervention is documented;
- periodic review of the oversight practice, including analysis of cases in which output was not followed or the system was halted.
The Knowledge Centre Data & Society also emphasises the importance of output tailored to the end user: information about system limitations and risks must be comprehensible to the person exercising oversight, not only to a technical specialist.
Timeline and enforcement
Article 14 forms part of the obligations for high-risk AI systems. The original application date was 2 August 2026, but following the Digital Omnibus agreement of 7 May 2026 it has shifted: to 2 December 2027 for stand-alone high-risk systems (Annex III) and to 2 August 2028 for AI embedded in regulated products (Annex I). In the Netherlands, compliance with the AI Act is supervised by sectoral authorities within their own domains. The Autoriteit Persoonsgegevens (AP) and the Rijksinspectie Digitale Infrastructuur (RDI) will take on a coordinating role within the national supervisory framework, as announced by the Dutch government in April 2026.
Organisations that are already deploying high-risk AI, or planning to do so, are well served by an early assessment of their oversight structure. Article 14 is not a paper obligation: supervisory authorities will expect demonstrable and operational measures.