Human-in-the-Loop, Liability Still in Play

Note: This approach aligns with established GxP principles around procedural controls, segregation of duties, and auditability.

Human-in-the-Loop is such a critical component of any probabilistic AI deployment within regulated life sciences spaces that it received its own explicit carve-out in the FDA/EMA's Good AI Practice Principles release (Principle 1: Human-Centric by Design). As AI technologies become embedded within infrastructure and workflows in R&D/CMC and healthcare organizations, HITL is a guardrail against downstream propagation of model errors.

However, this means we must evaluate and document the human-interface interaction as critically as we do the model performance and architecture itself. In practice, there are several ways to accomplish this:

1. “Draft Only — Requires Human Review”

For AI-assisted protocols, reports, or structured records, model outputs should be explicitly labeled Draft Only.

System controls should prevent finalization or downstream use until a human reviewer:

• performs review,

• documents rationale, and

• applies a signature or electronic attestation.

This enforces procedural accountability and prevents silent adoption of AI-generated content.

2. Workflow Design (Preventing “Blind Approval”)

In RAG or multi-step AI workflows, each stage should require human confirmation before progression.

The goal is not speed reduction; it is preventing opaque, end-to-end automation where no single human can attest to what they actually reviewed.

3. Cognitive Forcing Functions (“Friction-by-Design”)

One of the most common HITL failure modes is automation bias: over time, humans may stop reading and simply click “Approve.”

To counter this, interfaces should require intentional cognitive engagement before submission.

Examples include:

• requiring the reviewer to highlight supporting evidence in source text,

• selecting a justification or confidence code,

• or highlighting discrepancies.

This aligns with established human-factors and safety-critical system design and ensures the review is real, not ceremonial.

4. Confidence-Based Triage Routing (Risk-Based HITL)

Not all AI outputs require the same level of scrutiny.

HITL workflows should adapt based on:

• calibrated uncertainty scores,

• confidence thresholds,

• or predefined risk classifications.

Higher-uncertainty outputs can be automatically routed for deeper or secondary review, while low-risk outputs follow streamlined paths. This mirrors traditional GxP risk-based validation approaches and supports scale without sacrificing control.

5. Full Traceability of the Hybrid Decision

Traditional audit trails track data changes. AI workflows must also track decision lineage.

The audit record should capture:

• model output,

• human edits,

• timestamps,

• reviewer identity,

• and rationale.

This directly supports ALCOA+ principles and regulator expectations around accountability and traceability.

Real-World Example: AI in Pharmacovigilance (PV) Case Processing

Here is a scenario you can use to tie all the points together. It demonstrates how HITL protects the process during high-volume data intake.

The Scenario: A pharmaceutical company uses a Large Language Model (LLM) to scan incoming unstructured emails from patients to identify potential Adverse Events (AEs).

The Risk: If the AI misses an AE (False Negative), a safety signal could be ignored. If it hallucinates an AE (False Positive), resources are wasted investigating non-events.

The HITL Implementation:

1. Draft Only: The AI scans the email and pre-fills the intake form (Patient ID, Drug Name, Symptom). The status is automatically set to "Pending Medical Review": the system prevents the record from moving to the safety database until a human signs off.

2. Cognitive Forcing: The UI displays the original email on the left and the extracted data on the right. The "Submit" button is disabled until the human reviewer clicks the specific sentence in the email that describes the symptom (e.g., "I felt dizzy after taking the pill"). This proves the reviewer actually read the source text.

3. Audit Trail: The reviewer notices the AI listed "nausea" but the patient actually wrote "queasy." The reviewer corrects the field. The system logs: Field 'Reaction' changed from 'Nausea' (Model) to 'Queasy' (User: Dr. Smith) at 10:42 AM.

The Result: The efficiency of AI is gained (pre-filling data), but the regulatory requirement for validated safety reporting is maintained through forced, documented human oversight.

Implementing HITL is not a "set it and forget it" deployment; it is an ongoing process of quality assurance. Just as we monitor models for data drift, we must rigorously monitor our workforce for "reviewer drift": the tendency for human oversight to degrade over time due to fatigue or over-reliance on the AI.

To ensure the human element remains a robust guardrail, organizations should implement a Reviewer Quality Assurance (QA) Protocol:

• Randomized "Golden Set" Evaluation: A configurable percentage (e.g., 5–10%) of all AI-processed records that have been "Verified" by a human are automatically routed to a Senior Quality Lead for a blind secondary review. This acts as a continuous audit of the HITL process.

• The "Three Strikes" Threshold: We must quantify human performance just as we do model performance. If a human reviewer fails to catch a model error (or erroneously edits a correct output) more than X times in a rolling period:

HITL as a Validated Control — Not a Checkbox

By validating the interaction, not just the output, HITL becomes an active, inspectable control that satisfies both the letter and the spirit of the FDA/EMA’s Human-Centric by Design principle.

As AI systems evolve toward multimodal and agentic architectures, HITL must scale accordingly: shifting from manual intervention inside every step to structured oversight of the loop itself.

Next week: a deep dive into Human-on-the-Loop (HOTL) and how oversight changes as autonomy increases.