GOVERNANCE STANDARD v1.0 · PATIENTCENTRICCARE.AI

Hybrid Human–Agent Operating Standard

Defines who decides, when AI can act, and how every decision is governed at runtime.

Read the Research → Ask us a question →
Harvard Medical School Best Capstone 2026 Oxford Saïd Distinction 93% SSRN Preprint Published March 2026

Why this matters

This standard enforces human authority before AI acts — not after.

Human Authority Line

Safety OS enforces a clear authority boundary — every AI action is classified into one of three governance tiers.

Defines who decides, when AI can act, and how every action is accountable.

Tier C

Human Required / AI Blocked

AI blocked. Human authority is mandatory. Execution only by designated authority.

Decision Source: Human only

Audit: Immutable, traceable, attributable
Non-delegable authority above this line
Tier B

AI Recommends / Human Confirms

AI may propose actions. Execution requires explicit human confirmation before proceeding.

Decision Source: AI → Human confirmation

Escalation triggered if thresholds exceeded

Audit: Immutable, traceable, attributable
Tier A

AI Executes Within Bounds

AI operates autonomously within pre-defined, auditable boundaries. Human oversight remains upstream.

Decision Source: AI (bounded)

Audit: Immutable, traceable, attributable

Every action is classified and logged at runtime with decision source, authority level, and outcome.

Override Authority

Tier B Caregiver
Tier C Designated Human

All Overrides:

Logged Traceable Attributable

How it works at runtime

1
AI action is initiated
2
Decision gate evaluates authority rules
3
Action is classified into Tier A / B / C
4
System enforces execution or escalation
5
Immutable, traceable, attributable audit record is generated

Runtime Control Architecture

Safety OS™ — Human Authority Retained Across Adaptive Care Phases: Governance Architecture

Illustrative governance architecture: maps authority, enforcement, and escalation across deployment contexts. Does not imply commercial readiness, autonomous clinical action, or regulatory approval.

Governed Continuous Engagement Within AI-in-the-Loop Authority

Continuous engagement operates within preserved human authority. Escalation intensity is proportional to validated signal strength.

Core Architectural Principles

Five enforceable invariants:

1 Explicit Authority Partitioning

Humans retain binding authority; agents execute within defined permissions.

2 Bounded Autonomy

Every capability has an assigned autonomy level. Unclassified capabilities cannot execute.

3 Deterministic Escalation

Escalation logic is pre-defined, auditable, and irreversible until resolved.

4 Consent Lifecycle Enforcement

Active consent is tracked, enforced, and timestamped for every interaction.

5 Immutable Auditability

All decisions and escalations are logged with immutable, traceable, attributable audit logging.

What this is NOT

  • × Not a policy framework
  • × Not post-hoc audit
  • × Not model governance
  • × Not a monitoring layer

What this IS

  • ✓ Runtime control plane
  • ✓ Authority enforcement layer
  • ✓ Deterministic escalation system
  • ✓ Auditable decision infrastructure

Example: Calling a caregiver

1. AI proposes action
2. System evaluates authority
3. Tier B → requires caregiver confirmation
4. If risk threshold exceeded → escalates to Tier C
5. All actions logged with immutable, traceable, attributable audit logging

Control Plane vs. Embodied Agents

Safety OS is a control plane — not an interface.

Embodiments (voice agent, app UI, humanoid robot, wearable) are execution nodes. The control plane is the source of truth for:

  • Identity & consent context
  • Role-based capability activation
  • Escalation gating & runtime enforcement

Agents are execution enforcers — the Control Plane is the governance engine.

Safety OS Progression Model

Staged adoption for regulated deployment:

Phase I — Caregiver-in-the-Loop

  • Non-clinical workflows
  • Caregiver escalation validated
  • Identity, consent, escalation gating tested

Phase II — Physician-as-Pilot

  • Clinical workflows with human final authority
  • Agent execution scoped and reversible

Phase III — AIaMD / SaMD-Aligned

  • MDR / FDA / EU AI Act alignment
  • Physician authority remains upstream
  • Safety OS ensures regulatory continuity
Safety OS Three-Phase Governance Progression Model

Governance Compatibility

Safety OS complements existing governance frameworks:

Framework Alignment
EU AI Act High-Risk AI requirements
NIST AI RMF AI Risk Management Framework
OECD AI Principles Trustworthy AI principles
ISO/IEC 42001 AI Management System

Alignment context only. Does not imply regulatory clearance.

Downloads & Governance Artifacts

Safety OS Public Doctrine (PDF) Decision Inventory Template Autonomy Allocation Template Accountability & Escalation Template Governance as Infrastructure Pattern Library

Evidence & Implementation Library →

Every AI system already operates somewhere on the Human Authority Line.
The question is whether you designed it — or it emerged by default.

Define your authority model →

Reference & License

v2.0 - stable

Published by PatientCentricCare.AI. Safety OS reference model and control plane implementation are proprietary. Public doctrine and reference models are provided for citation, research, and standard-building with attribution. View license.

How to cite

Squire, A. (2026). Safety OS™ — A Human-Agent Teaming Control Architecture (v2.0). PatientCentricCare.AI. https://www.patientcentriccare.ai/standards/hybrid-human-agent-operating-standard

Related Frameworks