Amendment 13 is active. AI decisions are being reviewed. The question is no longer whether AI was used — it is whether a human decision-maker can be identified, and whether their judgment is on record.
Boards hold personal accountability for data protection practices — including AI systems that process personal data. The Privacy Protection Authority has published draft guidance on AI-related obligations (April 2025) and is moving to active enforcement in 2026.
Israel Supreme Court · AAM 63194-08-25 · 22 March 2026: the court found a municipality acted «recklessly» by acting on AI output without documented human verification. The question was not whether AI was used — it was whether a human decision was on record.
Article 14 requires that high-risk AI systems be designed and deployed to allow meaningful human oversight — not passive monitoring, but the ability to understand, intervene, and correct. The EU extended the high-risk compliance timeline; the window to build this correctly is now. Article 50 (transparency requirements) applies from August 2026. High-risk oversight obligations under Article 14 apply from December 2027.
Effective July 30, 2026, Google's updated advertising Terms of Service shift accountability for AI-generated outputs fully onto the organizations that act on them.
AI audit trails, model monitoring, and risk dashboards document what the AI did. They do not document what the human decided. A log entry that says «reviewed» is not evidence of meaningful review. A policy that says «humans oversee» is not a record of oversight. Regulators are beginning to draw this distinction.
Not a log of AI activity. Not a policy document. A record of the human: who reviewed, what they considered, what they decided — in a form a regulator, auditor, or court expects.
The record survives the system it was made in. It is not a screen capture. It is not a checkbox. It is a structured entry that documents the moment a human decision-maker was present — and decided.
Map the AI-assisted decisions in your workflow that carry regulatory, legal, or reputational weight — credit decisions, risk assessments, compliance determinations, medical or legal recommendations.
At each decision point, a structured prompt asks the accountable human to confirm review and record their judgment — not a checkbox, but a timestamped, structured entry that distinguishes meaningful engagement from passive sign-off.
The entry is anchored outside the AI system — in a form that survives the system it was made in, accessible to the board, auditors, and regulators on request.
When a regulator, auditor, or legal proceeding asks «who was the decision-maker, and when did they decide?» — the answer is a dated, structured record, not a policy document or a system log.
If your board is reviewing AI accountability obligations — or if a regulator, auditor, or legal proceeding has raised questions about human oversight — a brief, confidential conversation is the right next step.
Or write directly: hello@caneni.net
Full methodology: canon.caneni.net
← Back to Caneni