Provable human oversight for AI agents in regulated environments
FluxAI answers that deterministically: was there time to read the evidence, was the approver independent, was anything skipped. Rubber-stamping becomes a fact you can catch, not a risk you hope isn't there.
The architecture
Five things you have to enforce when an AI agent runs in production. DARMA defines what each is, and the mechanism that does the enforcing.
Delegation
Who may activate the agent.
Authorization
What the agent may do.
Runtime
Did this specific action pass policy.
Model Integrity
Has the model been tampered with or drifted.
Accountability
Can we prove what happened.
DARMA is the framework. Human in Control enforces the first four layers in real time: who may activate the agent, what it may do, whether the action passed policy, and whether the model has drifted. Proof of Human Oversight covers the fifth, Accountability, proving the oversight held when a regulator asks.
Deterministic
Where the rest of the market puts a model in place to judge whether oversight held, our decision is a calculation an auditor can run and get the same answer every time.
Direct Advisory
Engagements are structured to match your operational reality, operating either through the FluxAI stack or as an independent external resource.
Independent advisory
Interim integration into your organization to drive compliance and manage technical risk.
Audit readiness
Gap analysis and board preparation for incoming regulatory mandates.
Runtime infrastructure
Deployment of the FluxAI governance stack for agentic workflows.
Embedded engineering
Tactical collaboration alongside your development teams to secure algorithmic execution boundaries.
Hourly rate
From 1,500 DKK / hour
Scope and estimate are agreed before we start.
Product · Proof of Human Oversight
Prove the oversight actually happened.
A regulator cannot deterministically prove that a human made the right decision. But it can be proven when the human could not have reviewed the case at all: too fast, no evidence, self-approved, incomplete process. Proof of Human Oversight turns rubber-stamping into a fact you can catch, and translates it into the regulation it satisfies. Compliance mapping (Article 14, DORA) is included as a deliverable, not a separate product.
For CROs, Heads of MRM, compliance and 2nd line of defence in regulated environments.
Catch approvals that went too fast.
An approval recorded faster than anyone could have read the evidence is logged as oversight that could not have taken place. Plain arithmetic, not a judgement call, so it holds up to an auditor.
Require that the approver is not the doer.
Whoever edited the content cannot approve it, and the most sensitive decisions require two independent approvers. No one can approve twice, and escalating to yourself is rejected.
Bind every approval to the regulation.
Each approval is written to an immutable chain tied to a versioned rule set and mapped to the article (Article 14, DORA, NIS2, GDPR) it satisfies. Evidence an auditor can cite, not a checkbox.
Catch the gaps before the regulator does.
Incomplete provenance, missing steps and reports that contradict the log are flagged automatically, so they surface internally instead of in a regulatory case.
How it starts
Gap analysis
Free scoping
A short call maps where oversight can be proven across your agents, and leads into a Honeypot Assessment as the first deliverable.
Diagnostic
Priced on scope
Full proof of human oversight assessment with an evidence record and Article 14 / DORA mapping as a deliverable. Scoped from the assessment.
Delivered as an engagement, not a subscription. Ongoing monitoring is agreed separately.
Proof of Human Oversight in practice
Two approvals that looked fine but that a regulator would not accept.
Bank · credit approval
A credit decision is approved eight seconds after the agent delivered its recommendation. No one can have read the rationale in eight seconds. The system logs the approval as oversight that could not have taken place, before it becomes a regulatory case.
Advisory · GDPR notification
The DPO is on holiday. IT approves the GDPR notification to meet the 72-hour window. The system flags that the approver was not the competent, independent role, and preserves who actually decided what.
Product · Enforcement
Oversight enforced at runtime, not assumed.
AI agents act; the runtime decides whether to let them. The agent proposes an action, a deterministic policy engine validates it, and a human approves where it matters. Those three roles never merge, so authority never collapses onto whoever pressed run. The same architecture governs a payments pipeline, a case-management system, or a clinical workflow.
For CTO, CISO and platform security leads.
Every action is checked at the boundary.
Every action an agent attempts is validated against your policy before it touches anything outside the boundary. The check is deterministic, not one model judging another. The agent keeps moving, and nothing crosses the line unchecked.
The model never sees regulated data.
Regulated fields are stripped from the prompt before it reaches the model and replaced with tokens that keep the request's structure intact. The model works only on data it is cleared to see.
Every decision is recorded.
Every agent decision is captured and exportable in the format an auditor expects. When a regulator asks who authorised an action or what data it touched, the answer is a record, not a reconstruction.
When governance is unreachable, the agent stops.
Acting requires a live connection to the policy engine. If it cannot be reached, the action is denied and logged. Failing closed is the default, with no silent path that keeps running unchecked.
Deployment is scoped to your environment and risk tier. Starts with a Honeypot Assessment.
Human in Control in practice
Payments · transaction authorization
An agent at a financial firm proposes a 50M DKK transfer. The runtime checks your risk rules in real time, then either lets it move or routes it to a human approver. When a regulator asks who authorised the transfer, the answer is in the record, not in someone's memory.
Advisory · confidential client data
An agent drafts client correspondence at an advisory firm. The brief contains confidential content. The runtime strips those fields before the prompt reaches the model. When a regulator asks whether confidential data reached a third-party model, the answer is no, and the record proves it.
Failure modes
None of these failures involves an attacker; each one comes down to a tired person, a tight deadline and a safeguard that was never in place. Proof of Human Oversight catches all six.
The midnight typo
Someone fixes a small mistake in an already-submitted report without logging it, and six months later the regulator finds the original copy. Here, the chain shows the edit the moment anyone attempts it.
The wrong sign-off
The DPO is on holiday, so IT approves the GDPR notice to make the 72-hour window, and the DPA later asks who authorised it. Here, only the DPO can approve, and the system blocks everyone else.
The erased past
A minor incident is reclassified as major three days in, the old draft is overwritten, and when the supervisor asks what changed and when, no one can answer. Here, the reclassification is added to the history rather than replacing it.
The deadline that slipped
The 72-hour timer runs on a reviewer's laptop that sleeps overnight, so the notification goes out six hours late. Here, the timers run on the database, with no laptop in the path.
The report that disagrees with the log
The submitted PDF says the breach was discovered at 14:00, while the internal log says 11:00, and the regulator notices. Here, the PDF and the audit chain carry the same metadata, so they cannot disagree.
Four hours pasting from Slack
DARMA flags a policy breach at 02:00, an engineer pastes context from Slack into the system and types up the incident, and the 4-hour DORA window closes at 06:00. Here, Human in Control sends the incident straight in, with no copy-paste.
How this works
Three defined steps, and you can stop after any one and walk away with what you have.
Step 1 · Assessment
Honeypot Assessment
5 business days · 50,000 DKK
The audit tests your AI agents in a controlled environment to find where governance is missing and what would have to change. The result establishes the right scope and price for the pilot, and it stands on its own as a baseline you can show your board or your auditor.
Assessment detailsStep 2 · Pilot
Pilot in your environment
90 days · in your environment
The chosen product runs in your environment for 90 days, in production, not a demo or a slide deck. Human in Control governs up to 5 agents, while Proof of Human Oversight proves oversight for one legal entity. Either side can end the engagement at 90 days.
Step 3 · Production
Standard package or larger deployment
Full deployment · ongoing support optional
Full deployment in your environment. The Standard package scales Human in Control to 25 agents or Proof of Human Oversight to 5 legal entities. When the scope is larger, we scope it individually. Ongoing support and policy updates are agreed separately.
EU AI Act
High-risk obligations: 2 December 2027
Stand-alone high-risk systems under Annex III are deferred to 2 December 2027, and systems embedded in regulated products under Annex I to 2 August 2028, once the Omnibus package is published in the Official Journal. The deferral does not cover everything: Article 50 transparency applies from 2 August 2026, and the Article 5 prohibitions have been in force since February 2025. Articles 14, 15 and 12 still apply to high-risk. The deferral is implementation runway, not permission to wait, and the grounds that carried it cannot be made a second time without discrediting them.
EU AI Act, Article 9(2)
“The risk management system shall be understood as a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating.”

About
I am Jesca Martaeng, founder of FluxAI. Fifteen years inside Danish public administration as financial consultant, masterdata consultant, and AI implementation lead took me from sensitive personal data in child welfare to municipal budgets and regulatory compliance. I shipped AI invoice processing at Fredensborg Municipality in two months, and my governance advisory at Gentofte Municipality contributed to its first clean external audit in four years. Today I work as an external consultant to FluxAI, advising organisations directly on top of the platform.
Across those systems I have seen that the model is almost never what fails. When AI goes wrong in production, the postmortem usually points to something operational: missing logs, no clear agreement on who owned which decisions, or behaviour that drifted while nobody was watching. FluxAI runs the policy engine inside the system at runtime, which is how it stops those failures from happening unnoticed in the first place.
Currently
My research was accepted to the AI Transparency Conference in Nürnberg on why human oversight of AI does not survive production. The more tools in use, the higher the error rate. The conclusion is architectural: the system has to enforce what people stop checking. Conference details →
My submission to the UN Global Dialogue on AI Governance (Geneva, July 2026) has been accepted for publication. It argues that agentic AI systems need runtime enforcement and cross-jurisdictional audit log standards, not policy documentation alone.
FluxAI is an acknowledged contributor to IMDA Singapore's Model AI Governance Framework for Agentic AI, listed under its earlier name Flux AI. View the framework →
Questions
Why do AI agents need human oversight?
An AI agent does not just generate text; it takes actions: it moves money, accesses data, files reports, changes cases. When an agent acts autonomously, a mistake becomes a consequence before anyone can step in, which is why EU AI Act Article 14 and DORA require effective human oversight of decisions of that kind. The difficulty is that oversight on paper often collapses in practice, because a person clicks approve under time pressure without being able to read the basis for the decision. FluxAI enforces the oversight at runtime and afterwards proves it could actually have taken place, so oversight becomes a control the system guarantees rather than one it assumes.
Should we use Human in Control or Proof of Human Oversight?
Human in Control enforces oversight in real time: it halts or escalates an agent action before it is carried out, and suits teams putting agents into production. Proof of Human Oversight proves afterwards that the oversight actually held, catches rubber-stamping and maps to EU AI Act Article 14 and DORA, and suits teams that already have approvals but need to show a regulator they were real. The two work together, one enforcing and the other proving, and a Honeypot Assessment shows which gap is the more urgent.
Isn't Proof of Human Oversight just logging?
No. A log records that an approval happened. Proof of Human Oversight assesses whether the approval could have been real: was there time to read the evidence, was the approver independent, was the process complete. It turns a timestamp into a defensible statement about whether oversight actually took place, and that distinction is what a regulator checks.
Can we work with you without deploying software?
Yes. Direct advisory is a separate entry point: gap analysis, board and audit preparation and hands-on governance work, either on top of the FluxAI stack or as an independent external resource. It is billed by the hour and scoped up front, and you do not have to deploy anything to begin.
How do we start?
Most engagements begin with a Honeypot Assessment: five business days that map where your agents have governance gaps and which DARMA layers are unenforced. It qualifies the scope and price for a pilot and stands on its own as a documented baseline.
Where does our data run, and does the model see our PII?
Human in Control is deployed inside your own environment: on-premises, in your VPC or in your existing cloud account, and Proof of Human Oversight is delivered the same way or as a managed service within the EU. Regulated fields are stripped from the prompt before it reaches the model and replaced with tokens that preserve the request's structure, so the model never sees data it is not authorised to. The exact specifications are confirmed at pilot scoping.
Who maintains the system in production, and what is the SLA?
Human in Control is deployed inside your environment, so day-to-day operation sits with your team. FluxAI provides incident response and policy updates against a response-time SLA defined per tier. The architecture is documented and the policy spec is open source, so your team can self-manage. Escalation paths and response windows are agreed at pilot scoping.
What happens to our data if we end the engagement?
All customer data and audit trails are exportable in standard formats, with no lock-in by data format, and audit ledgers can be self-hosted from day one if you prefer.
New to AI governance? See the glossary of terms →
Insights
I write about what I see breaking in AI governance, and what the fixes look like. Follow along on Substack.
Together we walk through where your agents stand, which DARMA layer is missing enforcement, and whether Human in Control or Proof of Human Oversight is the right place to start.