Human oversight
Article 14 of the EU AI Act requires that high-risk systems be designed for effective human oversight. Meridian Blue ships a built-in review queue and appeal workflow so the human-in-the-loop step is the actual code path, not a Confluence page.
Review queue
Requests classified as high risk and flagged by the deployer policy are placed in the review queue. The HTTP response is delivered immediately as today (no 202 hold) — the queue captures the response for after-the-fact reviewer scrutiny + appeal.
The queue is visible in the dashboard's Review page and via GET /api/v1/review/queue.
Review API
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/review/queue | List items pending review for the tenant. |
GET | /api/v1/review/:id | Fetch one item including original prompt + response. |
POST | /api/v1/review/:id/decision | Record the reviewer's decision (approved / rejected / modified) with notes. |
All routes require the reviewer, admin, or owner role.
Appeals
End users (or their representatives) can contest a decision via POST /api/v1/appeals. Each appeal carries the original request ID, the appellant's justification, and is routed to the same reviewer set. The full lifecycle (open → under-review → resolved) is tracked and auditable.
Reviewer literacy gate
Article 4 of the EU AI Act requires staff to have sufficient AI literacy. Reviewers must complete the literacy module (/api/v1/literacy) before they can act on review-queue items. The completion record is stored against the user's account and shown next to their name in the queue UI.