For boards · compliance · legal

The question your regulator
will ask — before your auditor does.

Amendment 13 is active. AI decisions are being reviewed. The question is no longer whether AI was used — it is whether a human decision-maker can be identified, and whether their judgment is on record.

What the law now requires

Israel · Amendment 13 · Privacy Protection Law · in force August 2025

Boards hold personal accountability for data protection practices — including AI systems that process personal data. The Privacy Protection Authority has published draft guidance on AI-related obligations (April 2025) and is moving to active enforcement in 2026.

Israel Supreme Court · AAM 63194-08-25 · 22 March 2026: the court found a municipality acted «recklessly» by acting on AI output without documented human verification. The question was not whether AI was used — it was whether a human decision was on record.

EU AI Act · Article 14 · Human Oversight · defines the requirement

Article 14 requires that high-risk AI systems be designed and deployed to allow meaningful human oversight — not passive monitoring, but the ability to understand, intervene, and correct. The EU extended the high-risk compliance timeline; the window to build this correctly is now. Article 50 (transparency requirements) applies from August 2026. High-risk oversight obligations under Article 14 apply from December 2027.

Effective July 30, 2026, Google's updated advertising Terms of Service shift accountability for AI-generated outputs fully onto the organizations that act on them.

The gap that existing tools do not close

AI audit trails, model monitoring, and risk dashboards document what the AI did. They do not document what the human decided. A log entry that says «reviewed» is not evidence of meaningful review. A policy that says «humans oversee» is not a record of oversight. Regulators are beginning to draw this distinction.

What AI Oversight Evidence is

A verifiable, independently-anchored record of the human decision.

Not a log of AI activity. Not a policy document. A record of the human: who reviewed, what they considered, what they decided — in a form a regulator, auditor, or court expects.

AI Oversight Evidence · record structure · illustrative
Decision moment
2026-06-27 · 14:37:22 UTC+3
Decision-maker
Identified · role-authenticated · on record
AI output reviewed
Document reference · version · timestamp
Human judgment recorded
Approved · with noted consideration / Modified · reason documented / Rejected · reason documented
Anchor
Timestamped · structured · independent of the AI system · audit-ready

The record survives the system it was made in. It is not a screen capture. It is not a checkbox. It is a structured entry that documents the moment a human decision-maker was present — and decided.

How it works

Questions boards ask

We have an AI governance policy. Is that not sufficient?
A policy describes intention. AI Oversight Evidence documents execution. Amendment 13 and EU AI Act Article 14 both require evidence of actual oversight — not a framework for it. In the AAM 63194-08-25 ruling, the municipality had procedures. The court found the procedures were not followed in a verifiable way.
Our AI systems have audit logs. Don't those cover this?
AI audit logs document what the model did — inputs, outputs, confidence scores. They do not document what the human decided. The evidentiary gap is specifically between the AI output and the human judgment. Caneni closes that gap.
What does this look like operationally?
Caneni is implemented as a structured overlay on existing decision workflows — requiring no changes to the AI systems themselves. The evidentiary layer sits beside the AI system, not inside it.

Talk to Apotrop

If your board is reviewing AI accountability obligations — or if a regulator, auditor, or legal proceeding has raised questions about human oversight — a brief, confidential conversation is the right next step.

Talk to Apotrop

Or write directly: hello@caneni.net

Full methodology: canon.caneni.net

← Back to Caneni