Between the theory and practice of human oversight: Towards specialized AI regulatory sandboxes
DOI:
https://doi.org/10.32091/RIID0275Keywords:
Human oversight, AI Act, GDPR, Regulatory sandboxes, European UnionAbstract
Human oversight has become a flagship safeguard in AI governance frameworks, yet its real‑world performance is uneven. Empirical studies show that humans supervising automated systems are vulnerable to automation bias and organizational incentives that reduce oversight to a box‑ticking exercise. More fundamentally, humans and machines reason in profoundly different ways, making their integration far from straightforward. EU secondary law – most notably the GDPR and the AI Act – requires ‘meaningful’ and ‘effective’ human oversight, but offers limited operational guidance on how to achieve it. This paper argues that specialized AI regulatory sandboxes for human oversight can bridge this theory-practice gap. After mapping the legal obligations and practical shortcomings of human oversight, the paper argues how the AI Act’s regulatory sandbox regime can be leveraged to test concrete oversight models, metrics, and workflows in controlled conditions. It further provides recommendations for the governance of human oversight-specific sandboxes. The paper thus offers a policy proposal to convert open‑textured legislative mandates on human oversight into evidence‑based practices, reduce fragmentation across Member States, and strengthen both innovation and fundamental‑rights protection in the EU’s AI governance.
References
A. Adinolfi (2022), Processi decisionali automatizzati e diritto antidiscriminatorio dell’Unione europea, in A. Adinolfi, A. Simoncini (a cura di), “Protezione dei dati personali e nuove tecnologie – Ricerca interdisciplinare sulle tecniche di profilazione e sulle loro conseguenze giuridiche”, Edizioni Scientifiche Italiane, 2022
Article 29 Working Party (2017), Guidelines on Automated Individual Decision-Making and Profiling for the Purposes of Regulation 2016/679 (Wp251rev.01), 2017
F. Bagni (2023), The Regulatory Sandbox and the Cybersecurity Challenge: From the Artificial Intelligence Act to the Cyber Resilience Act, in “Rivista Italiana di Informatica e Diritto”, 2023, n. 2
F. Bagni, F. Seferi (Eds.) (2025), White Paper on Regulatory Sandboxes for AI and Cybersecurity, CINI’s Cybersecurity National Lab, 2025
S. Barros Vale, G. Zanfir-Fortuna (2022), FPF Report: Automated Decision-Making Under the GDPR – A Comprehensive Case-Law Analysis, in Future of Privacy Forum, 2022
K. Brennan-Marquez, D. Susser, K. Levy (2019), Strange Loops: Apparent versus Actual Human Involvement in Automated Decision-Making, in SSRN Scholarly Paper, 2019
S. Cansu, J. Farrar (2021), Managed by Bots Report, in “Worker Info Exchange”, 2021
E. Cirone (2025), Gli spazi di sperimentazione normativa nell’Unione europea: regolamentare l’innovazione tra principi e prassi applicative, in “Rivista Italiana di Informatica e Diritto”, vol. 7, 2025, n. 1
D. Collingridge (1980), The Social Control of Technology, Frances Pinter Publisher Ltd., 1980
Commission Nationale de l’Informatique et des Libertés (2025), Artificial intelligence and public services: the CNIL publishes the results of its “sandbox”, in cnil.fr, 18 April 2025
Council of Europe (2024), Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, 2024
J. Dirutigliano, D. Baldini (2025), The Right to Explanation: Legal Challenges and the Future of Fairness in Automated Decision-Making, in “Journal of AI Law and Regulation”, vol. 2, 2025, n.2
L. Downes (2009), The Laws of Disruption: Harnessing the New Forces That Govern Life and Business in the Digital Age, Basic Books, 2009
M. Draghi (2025), The Future of European Competitiveness – In-depth analysis and recommendations (Part B), 2025
L. Enqvist (2023), Human Oversight, in the EU Artificial Intelligence Act: What, When and by Whom?, in “Law, Innovation and Technology”, vol. 15, 2023, n. 2
European Commission (2023), ‘Better regulation’ toolbox, July 2023 edition
M. Fink (2025), Human Oversight under Article 14 of the EU AI Act, in SSRN Scholarly Paper, 2025
A. Gaudeul et al. (2025), The Impact of Human-AI Interaction on Discrimination, Publications Office of the European Union, 2025
B. Green (2022), The Flaws of Policies Requiring Human Oversight of Government Algorithms, in “Computer Law & Security Review”, vol. 45, 2022
B. Green, A. Kak (2021), The False Comfort of Human Oversight as an Antidote to A.I. Harm, in SSRN Scholarly Paper, 2021
High-Level Expert Group on Artificial Intelligence (2019), Ethics Guidelines for Trustworthy AI, 2019
H.M. Holtz, J. Ledendal (2026), AI Data Governance – Overlaps Between the AI Act and the GDPR, in “Law, Innovation and Technology”, 2026 (forthcoming)
A. Lanamäki et al. (2025), What to Expect from the Upcoming EU AI Act Sandboxes: Panel Report, in “Digital Society” vol. 4, 2025, n. 2
G. Lazcoz, P. De Hert, (2022), Humans in the GDPR and AIA Governance of Automated and Algorithmic Systems. Essential Pre-Requisites against Abdicating Responsibilities, in SSRN Scholarly Paper, 2022
E. Longo (2021), Time and Law in the post-COVID-19 Era: the usefulness of Experimental Law, in “Law and Method”, Special Issue: Experimental Legislation in Times of Crisis, edited by S. Ranchordàs, B. van Klink, 2021
T. Madiega, A.L. Van De Pol (2022), Artificial intelligence act and regulatory sandboxes, EPRS – European Parliamentary Research Service, 2022
T. Moraes (2023), Regulatory Sandboxes as Tools for Ethical and Responsible Innovation of Artificial Intelligence and Their Synergies with Responsive Regulation, in SSRN Scholarly Paper, 2023
OECD (2024), Recommendation of the Council on Artificial Intelligence, OECD Legal Instruments, 2024
OECD (2023), Regulatory Sandboxes in Artificial Intelligence, OECD Digital Economy Papers, 2023
A. Panezi (2024), Requirements of High-Risk AI Systems: AI Act. Article 14. Human Oversight, in SSRN Scholarly Paper, 2024
Politico.eu (2025), Trump threatens ‘substantial’ new tariffs against countries with ‘discriminatory’ digital rules, 2025
S. Ranchordas, V. Vinci (2024), Regulatory Sandboxes and Innovation-Friendly Regulation: Between Collaboration and Capture, in “Italian Journal of Public Law”, vol. 1, 2024
D.J. Solove, H. Matsumi (2024), AI, Algorithms, and Awful Humans, in “Fordham Law Review”, vol. 92, 2024, n. 5
L. Tosoni (2021), The right to object to automated individual decisions: resolving the ambiguity of Article 22(1) of the General Data Protection Regulation, in “International Data Privacy Law” vol. 11, 2021, n. 2
UNESCO (2021), Recommendation on the Ethics of Artificial Intelligence, UNESDOC Digital Library, 2021
United Nations (2024), Resolution on AI, United Nations General Assembly Resolutions, 2024
M. Veale, F. Zuiderveen Borgesius (2021), Demystifying the Draft EU Artificial Intelligence Act – Analysing the Good, the Bad, and the Unclear Elements of the Proposed Approach, in “Computer Law Review International”, vol. 22, 2021, n. 4
S. Wachter (2022), The Theory of Artificial Immutability: Protecting Algorithmic Groups under Anti-Discrimination Law, in “Tulane Law Review”, vol. 97, 2022, n. 2
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Rivista italiana di informatica e diritto
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
