Approve a use case, not an impressive demo. The same model may be acceptable for public research and unacceptable for analysing private correspondence.
Step 1 — state the job
Write one sentence: “The system will use X information to produce Y output for Z person, who will use it to make or support Q decision.” If the sentence cannot be completed, the use case is not defined.
Step 2 — classify the inputs
- Public or licensed information.
- Internal operational information.
- Private personal, legal, financial, health or relationship information.
- Secrets, credentials, authentication data or privileged material.
The final class should usually be excluded unless a deliberately controlled architecture and legal basis exist.
Step 3 — set the consequence
Name the worst plausible outcome if the model is wrong, reveals data or is manipulated. Distinguish reversible inconvenience from money movement, legal position, personal safety, reputation or authority change.
Step 4 — inspect the provider chain
- Where inference and storage occur.
- Whether inputs or outputs train models.
- Retention and deletion behaviour.
- Subprocessors and jurisdiction.
- Administrative access and incident notification.
Step 5 — design human authority
Name the person who checks output, the evidence they see, the action the system cannot take and the escalation rule for uncertainty. “Human in the loop” is meaningless unless the human has time, competence and power to reject.
Step 6 — preserve evidence
For consequential use, retain source references, model/version, relevant prompt or configuration, output, human edits and final decision. The record must let another expert reconstruct why the result was trusted.
Step 7 — prove exit
Test data export, deletion, provider disablement and the manual fallback. Approval without an exit path is dependency acquisition.
Approval card
Record owner, job, information class, consequence, provider, human control, evidence, prohibited actions, expiry date and shutdown method. Approve for a defined period, then review real performance—not promised capability.
