Ask most people how we should keep humans in control of increasingly autonomous AI, and you'll hear about principles, red lines, and oversight committees. Ask someone who has run a telecom network operations centre, and you'll hear about shift rosters, escalation thresholds, and the handover log. The second group has been solving this problem, in production, for thirty years.
This paper makes a simple argument: the disciplines that keep critical infrastructure safe — where automated systems already make thousands of decisions a minute, and humans remain accountable for all of them — are the missing vocabulary of AI governance.
The myth of "human in the loop"
"Human in the loop" has become the reflexive answer to every question about autonomous-system safety. But in an operations centre, nobody would accept it as a specification. Which human? In the loop of what, exactly? With how long to act, and what authority to override?
Operations teams learned long ago that meaningful human control is not a property you declare — it is a system you design. It has at least four moving parts:
- Escalation design — what conditions hand a decision up to a human, and how quickly.
- Staffing and cognitive load — whether the human actually has the attention to decide well.
- Authority and reversibility — what the human can override, and what is already irreversible.
- Accountability — whose name is on the decision when it goes wrong.
If you cannot point to the human who is accountable for a given autonomous action, you do not have human oversight. You have a diagram of one.
What the handover log knows
Every shift in a NOC ends with a handover: a structured account of what the systems did, what was anomalous, what was escalated, and what the next shift should watch. It is, in effect, a continuous audit trail with a human author and a human reader.
Standards bodies are now reinventing this idea for AI under names like "audit logging" and "traceability." But they often miss what makes the handover work: it is written for a specific accountable reader, at a specific moment of transferred responsibility. An audit log nobody is responsible for reading is not accountability — it is storage.
Toward an operational framework
The paper proposes a framework that maps these operational disciplines onto agentic AI in critical infrastructure — defining oversight levels, escalation criteria, and accountability assignments that a regulator could actually measure and an operator could actually run.
The point is not that AI governance should copy telecom operations wholesale. It is that the people who have lived with autonomous systems at scale have answers worth hearing — and the governance conversation is poorer for their absence.
This is an excerpt. Download the full 38-page white paper for the complete framework, case studies, and proposed standards language.