Skip to main content
EU AI Act Article 14 requires human oversight that is effective, not decorative. Oversight metrics turn that requirement into numbers computed continuously from your existing governance data: how often humans intervene, how fast they respond, how often they override the agent, and how many approval requests expire with nobody watching. No additional instrumentation is required. The metrics are derived from policy evaluations and approval workflow records you already generate.

The Metrics

The unattended rate is the most honest single measure of whether human oversight exists outside the policy document: the approval mechanism existed, and nobody decided in time. A stale-pending request counts as expired the moment its expiry passes, even before the background sweeper updates its status.

Per-Agent Scorecard

Tenant-Wide Summary

Returns the same metrics aggregated across all agents, plus agents_evaluated (distinct agents with policy evaluations in the window).

Window Semantics

  • Both endpoints accept start and end query parameters (ISO 8601). Default window is the last 30 days; the maximum range is 180 days.
  • Timestamps without a timezone offset are treated as UTC.
  • Historical windows are reproducible. Approval expiry is judged as of the window end, not the current time, so a report for a closed period returns the same numbers every time you run it. A request that lapsed after your window closed was still pending within it.
  • Requires the governance:read scope.

How Defer-to-Human Counting Works

defer_to_human_policies counts enabled policies of type require_approval or require_human_review whose conditions match the agent, using the same condition matcher the policy engine uses at evaluation time, including risk-tiered scoping. An unclassified agent never matches a policy scoped to specific risk levels, so classifying your agents is a prerequisite for risk-tiered oversight coverage.