# Human approval policy

Use this policy template to decide when an AI system can act autonomously and when a human must approve. Good approval policy is specific: it names actions, thresholds, roles, evidence, and audit requirements instead of relying on vague judgment.

## Policy dimensions

- Impact: financial value, customer impact, legal exposure, security exposure, and operational disruption.
- Reversibility: automatic rollback, manual rollback, partial rollback, or no practical rollback.
- Confidence: model confidence, retrieval quality, rule match, historical success, and reviewer agreement.
- Sensitivity: personal data, regulated data, confidential data, production credentials, and customer commitments.
- Role: requester, approver, escalation owner, policy owner, and audit reviewer.

## Approval packet

Each approval should show proposed action, source evidence, risk flags, affected systems, rollback path, and expiration time. If the approver lacks enough context, the system should escalate rather than hide uncertainty.