Papers
Topics
Authors
Recent
Search
2000 character limit reached

Human-in-the-Process (HITP) Overview

Updated 6 July 2026
  • Human-in-the-Process (HITP) is a framework that defines human roles as either constitutive links necessary for decision outputs or corrective agents intervening off the primary chain.
  • It differentiates between in-loop (HITL) and off-loop (HOTL) interactions, clarifying how timing and integration of human input shape AI outputs and oversight.
  • The framework drives practical design by emphasizing process-level evaluation, auditability, and normative oversight to improve AI governance and mitigate risks.

Searching arXiv for papers on Human-in-the-Process and closely related HITL/HOTL frameworks. Human-in-the-Process (HITP) denotes human participation during the runtime or lifecycle of an AI or process-aware system in a way that is structurally consequential for how decisions are produced, corrected, validated, or governed. In contemporary usage, the term functions most often as an umbrella category rather than a single interaction pattern. A central clarification is that runtime human involvement is best distinguished causally, not spatially: it is either constitutive, when a human contribution is a necessary link in the decision chain, or corrective, when a human contribution is external to the default decision chain but can prevent, modify, or override outputs (Baum et al., 19 Mar 2026). Across adjacent literatures, HITP also refers more broadly to end-to-end human embedding in workflows, including protocol-level oversight in agentic systems, iterative steering in browser agents, process-aware business systems, and process-level evaluation of agent behavior (Cheng et al., 24 Apr 2026, Yun et al., 15 Sep 2025, Kabicher-Fuchs et al., 2012, Rmus et al., 7 May 2026). This breadth has made the term useful, but also conceptually unstable.

1. Causal definition and conceptual scope

The most explicit causal account defines HITP as human participation during the runtime of an AI system’s decision process, partitioned into two forms: constitutive and corrective (Baum et al., 19 Mar 2026). Constitutive runtime involvement corresponds to Human-in-the-Loop (HITL): a human contribution is a necessary link in the causal chain from input to output. Corrective runtime involvement corresponds to Human-on-the-Loop (HOTL): the default system produces outputs without the human, but the human can prevent, modify, or override outputs or the process itself. The distinction is therefore not primarily about physical location or interface position, but about whether the human lies on the primary causal path.

In this taxonomy, a human is HITL with respect to process PP iff, counterfactually, no chain manifestation of PP could generate an output without that human contribution. A human is HOTL with respect to PP iff all default chain manifestations generate outputs without that person, but there exists a manifestation with intervention that prevents, modifies, or overrides the output or the process (Baum et al., 19 Mar 2026). The paper’s summary formulations capture this succinctly: HITL is “a human contribution is a necessary link in the causal decision chain,” whereas HOTL is “a human contribution is external control over a decision chain that is otherwise—i.e., in lack of intervention—independent from any HOTL” (Baum et al., 19 Mar 2026).

Other works use HITP more expansively. In browser-using agents, the term names continuous human participation across goal setting, subgoal refinement, action steering, and termination, even though the underlying paper uses HITL terminology (Yun et al., 15 Sep 2025). In agentic workflows, HITP is a decoupled control plane that governs when, who, how, and through which channels humans should be engaged during execution (Cheng et al., 24 Apr 2026). In process-aware information systems, the analogous idea appears as human integration and human orientation in organizational processes, with process participants treated as first-class actors whose satisfaction, motivation, and performance are design objectives (Kabicher-Fuchs et al., 2012). These formulations suggest that HITP has become a cross-domain label for human participation embedded in process architecture rather than confined to a narrow supervision checkpoint.

A recurrent implication is that HITP is best treated as a family of structurally distinct arrangements rather than a synonym for “some human oversight.” Several papers explicitly reject the idea that any human presence suffices to characterize meaningful control. A perfunctory human step may satisfy a “not solely automated” formality while failing to provide effective oversight, traceability, or risk reduction (Baum et al., 19 Mar 2026, Chiodo et al., 15 May 2025).

2. Formalizations: constitutive, corrective, and process-level roles

The causal taxonomy is formalized in structural-causal terms in "Constitutive vs. Corrective: A Causal Taxonomy of Human Runtime Involvement in AI Systems" (Baum et al., 19 Mar 2026). In the constitutive case, the human variable HH lies on the primary causal chain for output YY:

Y=f(M(X),H,Z)Y = f(M(X), H, Z)

Here XX denotes inputs, MM the model, and ZZ other system or state variables. The defining condition is necessity: if HH is absent, PP0 is undefined or no decision output occurs (Baum et al., 19 Mar 2026). A textual DAG places PP1 on-path, for example as an authorization or judgment node in the chain PP2.

In the corrective case, the default autonomous chain produces PP3 without the human, and the human acts off-path through supervisory intervention:

PP4

PP5

or, explicitly,

PP6

In this structure, PP7 is not required for PP8, but can intervene to produce PP9 by preventing, modifying, overriding, pausing, or aborting the process (Baum et al., 19 Mar 2026). The corresponding textual DAG keeps PP0 off the default path, with edges to output or process-control nodes.

A further distinction concerns process-level versus outcome-level characterization. A synchronous HOTL actor who intervenes becomes outcome-HITL for the specific token output affected, because that intervention becomes causally necessary for that outcome, while the overall process remains HOTL because default manifestations do not require the human (Baum et al., 19 Mar 2026). This clarification is important in practice because many deployed systems alternate between largely autonomous operation and occasional human takeover without changing their process-level classification.

A different formal tradition appears in "Formalising Human-in-the-Loop: Computational Reductions, Failure Modes, and Legal-Moral Responsibility" (Chiodo et al., 15 May 2025). There, in-loop human roles are modeled through oracle machines. Trivial monitoring corresponds to a total function independent of the human oracle, except for an emergency stop; single endpoint human action corresponds to many-one reduction; highly involved interaction corresponds to Turing reduction (Chiodo et al., 15 May 2025). This suggests a compatible but distinct reading of HITP: broad process-level human involvement includes both in-loop oracle calls and out-of-loop configuration or governance, while the strictly in-loop slice can be typed by the computational structure of human queries.

A process-oriented variant appears in "Process Matters more than Output for Distinguishing Humans from Machines" (Rmus et al., 7 May 2026). There, HITP refers not to human intervention in system output, but to process-level supervision and evaluation of how behavior is produced. The core thesis is that output equivalence does not imply process equivalence, and that process-level features such as learning slopes, stickiness, win–stay/lose–shift, sampling behavior, or post-error adjustments provide stronger discriminative signal than final performance alone (Rmus et al., 7 May 2026). This extends HITP from control architecture to evaluation architecture.

3. Temporal structure and nested runtimes

Corrective HITP is temporally differentiated into synchronous, asynchronous, and anticipatory modes (Baum et al., 19 Mar 2026). These modes are situated in a nested runtime model that distinguishes deployer runtime from provider runtime. Deployer runtime is the period in which the system is actively processing inputs and generating outputs in a specific deployment context. Provider runtime spans the broader operational lifecycle within which deployer design, runtime, and inspection cycles occur (Baum et al., 19 Mar 2026).

Synchronous HOTL consists of real-time monitoring and immediate intervention during deployer runtime. If intervention occurs, the human becomes outcome-HITL for that decision token. The practical implication is a real-time window of control, so system design must ensure interruptibility and latency budgets appropriate to the risk profile (Baum et al., 19 Mar 2026).

Asynchronous HOTL consists of periodic review with delayed interventions such as threshold adjustment, retraining, or policy updates. It operates during deployer inspection time, shaping subsequent deployer design and runtime, while remaining inside provider runtime. Corrections target future system behavior rather than the current token decision, which creates requirements for traceability and change control (Baum et al., 19 Mar 2026).

Anticipatory HOTL consists of prospective corrective influence through precommitment mechanisms such as authorization boundaries, alignment parameters, guardrails, or legal threshold ranges, targeted at a specific deployment context and revisitable within provider runtime (Baum et al., 19 Mar 2026). This suggests that some forms of ex ante constraint-setting should count as runtime-oriented oversight when they are specifically oriented toward the ongoing process rather than merely belonging to general system design.

Other domains instantiate similar temporal patterns. In browser-using agents, the process is organized as an iterative loop: the agent proposes next action modules, the user steers through feedback, the model summarizes results, and the cycle continues until the user is satisfied (Yun et al., 15 Sep 2025). In this setting, HITP is not a rare interruption but the ordinary temporal structure of browsing itself. In agentic workflow systems, temporal structure appears as pre-commit hooks, callback or polling-based decision retrieval, timeout semantics, rollback, and deferred resumption (Cheng et al., 24 Apr 2026). In online software defect prediction, human feedback arrives under distinct waiting windows: predicted-positive commits receive faster SQA labels after PP1, whereas predicted-negative commits rely on slower bug-fixing-commit resolution after PP2 (Liu et al., 2023). The shared pattern is that HITP is often defined as much by when human input is available as by what form it takes.

4. Cognitive integration and human–machine coupling

The causal taxonomy introduces an orthogonal dimension: complementary versus hybrid intelligence (Baum et al., 19 Mar 2026). In complementary intelligence, human and AI contribute via separate autonomous cognitive processes coordinated at decision time. In hybrid intelligence, human cognition is partially constituted by the system’s representations, so perception or reasoning is reshaped by the interface or model outputs (Baum et al., 19 Mar 2026).

This distinction matters because the epistemic conditions of intervention differ across configurations. Complementary configurations preserve independent human judgment more readily, but HOTL can become cognitively demanding under low engagement, reflecting Bainbridge’s “ironies of automation” (Baum et al., 19 Mar 2026). Hybrid configurations can increase performance, yet blur epistemic boundaries because the overseer’s judgment is partly shaped by the system’s own representations. Effective oversight in hybrid configurations therefore requires situational awareness, calibration, independence checks, and mechanisms to surface disagreement between integrated system representations and external benchmarks (Baum et al., 19 Mar 2026).

Other papers describe related couplings in different vocabularies. In collaborative robotics, hierarchical intention tracking models human intentions at task, interaction, and verification levels, using upward measurement propagation and downward posterior propagation across switching intention trees (Huang et al., 8 Jun 2025). The human is neither merely a supervisor nor merely a source of disturbance; rather, robot adaptation depends on real-time inference over human goals, engagement mode, and verification signals. In creative systems, human participation ranges from real-time steering and curation to collaborator performance and environmental staging, with multimodal feedback loops feeding these contributions back into model training (Chung, 2021). In inclusive design optimization, the broader HITP view places designers and people with disabilities at multiple points in the optimization process: curating constraints, selecting multimodal feedback channels, personalizing prompts, validating trade-offs, and governing transparency and ethics (Jansen, 13 May 2025).

A plausible implication is that HITP should not be classified only by the causal location of human action but also by the degree of representational interdependence between human and machine. The same causal role can have substantially different reliability and accountability properties depending on whether human judgment remains independent or has been cognitively scaffolded, reshaped, or partially constituted by system outputs.

5. Normative oversight, governance, and role duality

A major contribution of the causal taxonomy is the separation of descriptive categories from normative requirements (Baum et al., 19 Mar 2026). HITL and HOTL describe causal positions. Human Oversight (HO), by contrast, is a normative mode of HOTL requiring that a person be “systematically prepared for and in the position to consciously monitor operations and intervene, if necessary, in order to substantially reduce AI-induced risks” (Baum et al., 19 Mar 2026). On this view, HO implies HOTL, but HITL alone does not imply meaningful oversight.

The distinction has direct regulatory significance. The taxonomy is presented as a way to clarify how GDPR Article 22’s concern with “not solely automated” decisions differs from AI Act Article 14’s concern with effective oversight (Baum et al., 19 Mar 2026). A constitutive human gate may satisfy formal non-automation requirements while remaining an ineffective “rubber-stamp.” This is not only a legal concern but a system-design concern.

Several practical criteria for effective oversight are synthesized in the same work: situational awareness, authority to intervene, latency and window-of-control compatible with the risk profile, competence and preparedness, and auditability or traceability (Baum et al., 19 Mar 2026). Comparable design principles appear in the decoupled HITL architecture for agentic workflows, where oversight is externalized as an independent Human Oversight Service with explicit APIs, centralized policy enforcement, logging, role resolution, and communication channels (Cheng et al., 24 Apr 2026). There, HITP becomes a protocol-level concern governed along four dimensions: intervention conditions, role resolution, interaction semantics, and communication channel (Cheng et al., 24 Apr 2026).

Role duality complicates this picture. The same person may occupy both HITL and HOTL roles simultaneously, for example by being constitutively involved in one subsystem while also overseeing aggregate behavior or compliance in another (Baum et al., 19 Mar 2026). The paper argues that this must be treated as a design problem rather than merely acknowledged. Architectural mitigation includes layered oversight structures separating real-time oversight, systemic oversight, and compliance oversight across roles or levels. Epistemic mitigation includes interfaces that surface disagreement and counter automation bias (Baum et al., 19 Mar 2026).

This concern resonates with other domains. In process-aware information systems, human-centric design requires supportiveness, usability, adaptive guidance, explicit feedback, collaboration, audit trails, and attention to privacy, control, and motivation (Kabicher-Fuchs et al., 2012). In process safety, humans function as independent protection layers and supervisory actors whose reliability must be modeled alongside AI failures by LOPA and Bayesian networks (Wen, 2023). In formal computability terms, increasing human computational involvement improves the potential for meaningful oversight but complicates explainability and responsibility attribution, producing an “unavoidable trade-off” between richer human impact and cleaner legal-moral responsibility assignment (Chiodo et al., 15 May 2025).

6. Architectures, workflows, and applied examples

HITP is operationalized through markedly different architectures across domains, though recurring patterns are visible.

In browser-using agents, the workflow is explicitly iterative. A user sets a high-level goal; the model decomposes it into subgoals; clarifying context is injected; the model generates either exploration or exploitation action modules; the agent executes web actions; results are summarized for the user; and the user steers the next step or terminates when sufficiently satisfied (Yun et al., 15 Sep 2025). The framework preserves the user’s browsing mental model while distributing labor among user, model, and agent.

In agentic workflows, HITP is externalized into a decoupled control plane (Cheng et al., 24 Apr 2026). Agents emit a structured request to the oversight service, which evaluates policies, resolves approvers, routes interactions through selected channels, returns allow/block/require_approval/modify/defer decisions, and records audit logs (Cheng et al., 24 Apr 2026). This architecture aims at governance consistency, reusability, and progressive autonomy across heterogeneous multi-agent settings.

In predictive business process monitoring, HITP is instantiated as human inspection and alteration of a distilled decision tree surrogate PP3 built from an original black-box predictor PP4 (Käppel et al., 24 Aug 2025). Domain experts inspect nodes using sensitive attributes, decide contextually whether those uses are fair or unfair, edit the tree via discard or retrain strategies, obtain an edited surrogate PP5, and then fine-tune the original model into PP6 using PP7 supervision (Käppel et al., 24 Aug 2025). The method is model-agnostic and localizes human intervention at decision-region level rather than removing sensitive attributes wholesale.

In collaborative robotics, HITP is realized through Hierarchical Intention Tracking. The system dynamically switches between Interaction–Task and Verification–Task trees, tracking task-level goals, interaction-level modes, and verification-level states such as Normal versus Abnormal cooperation (Huang et al., 8 Jun 2025). Switching is governed by probability and dwell-time thresholds: for example, Cooperation probability above PP8 for more than PP9 seconds triggers verification; task-level intention above HH0 for two seconds registers alignment; contact force above HH1 triggers admittance control (Huang et al., 8 Jun 2025). The human is thus embedded in the control process through inferred intention and selective verification rather than constant explicit querying.

In process safety, HITP means that humans remain integral participants across design, operations, maintenance, and emergency response, functioning as independent protection layers rather than merely external supervisors (Wen, 2023). In software defect prediction, it means SQA staff are internal components of the prediction-evaluation-update loop: predicted-positive commits are inspected and labeled earlier through human feedback, improving evaluation validity and predictive performance in online just-in-time defect prediction (Liu et al., 2023).

The following table summarizes recurrent HITP configurations present in the literature.

Domain Human role in process Representative structure
Runtime AI decisions Constitutive gate or corrective switch HITL/HOTL causal taxonomy (Baum et al., 19 Mar 2026)
Browser agents Continuous steering and stopping authority Iterative action/decision loop (Yun et al., 15 Sep 2025)
Agentic workflows Oversight control plane Decoupled request/decision service (Cheng et al., 24 Apr 2026)
Business process monitoring Fairness adjudicator and model editor Distill–inspect–edit–fine-tune pipeline (Käppel et al., 24 Aug 2025)
Collaborative robotics Intention source and verification partner Switching intention trees (Huang et al., 8 Jun 2025)
Process safety Independent protection layer and supervisor LOPA/BN human–AI collaboration model (Wen, 2023)

A plausible synthesis is that HITP architectures tend to differ chiefly along three axes: whether the human is on the causal path or off it; whether intervention is token-level, process-level, or lifecycle-level; and whether human input is hard-coded into the workflow or routed through an externalized governance service.

7. Evaluation, tensions, and research directions

Evaluation of HITP remains fragmented because the concept spans multiple causal positions and application settings. Nonetheless, several recurring evaluation dimensions appear.

For runtime corrective involvement and normative oversight, proposed measures include intervention rates and triggers, outcomes of intervention, latency and window-of-control, operator workload and vigilance, situational awareness, auditability, and efficacy of anticipatory constraints (Baum et al., 19 Mar 2026). In decoupled oversight systems, additional metrics include oversight latency, human intervention rate HH2, false-positive and false-negative interventions, user burden, outcome quality, and the effect of progressive autonomy parameters on intervention frequency and loss (Cheng et al., 24 Apr 2026). In process-level discrimination research, process-feature classifier AUC and energy distance quantify how well process traces distinguish humans from agents even under output matching; process-feature classifiers achieved mean AUC HH3 on output-matched tasks (Rmus et al., 7 May 2026). In collaborative robotics, efficiency, robot path length, human path length, human force, human energy, failures, recovery events, and Likert-scale trust or fatigue scores were used to compare HIT variants against coexistence and cooperation baselines (Huang et al., 8 Jun 2025).

Several tensions recur across the literature. One is the tension between richer human involvement and explainability or responsibility. The formal reductions paper argues that more involved interaction increases branching and entanglement in the computation tree, making ex post causal attribution less determinate even as oversight becomes more meaningful (Chiodo et al., 15 May 2025). Another is the tension between control and fatigue: unreliable automation may elicit critical evaluation but also increased frustration and response variability, while negative framing can distort trust calibration even when outputs are unchanged (Subramanya et al., 11 Feb 2025). A third is the tension between fairness correction and expert burden: local human editing of surrogate models can preserve fair uses of sensitive attributes, but large trees and proxy bias make review labor-intensive (Käppel et al., 24 Aug 2025).

Misconceptions addressed explicitly in the literature include the idea that any human step is “oversight,” that HITL and HOTL differ merely by spatial arrangement, and that process evaluation can be replaced by output matching alone (Baum et al., 19 Mar 2026, Rmus et al., 7 May 2026). Another common simplification is to treat human involvement as a UI feature rather than a systems property. Several papers instead treat HITP as an architectural concern spanning policies, runtimes, protocols, and audit structures (Cheng et al., 24 Apr 2026, Kabicher-Fuchs et al., 2012).

Future directions are correspondingly broad. They include standardizing HITP vocabularies and message schemas in agent communication protocols (Cheng et al., 24 Apr 2026); developing transferable process representations beyond task-specific hand-crafted features (Rmus et al., 7 May 2026); learning dynamic intention-tree structures or integrating language and vision-LLMs into hierarchical intention tracking (Huang et al., 8 Jun 2025); extending fairness-oriented HITP to outcome and remaining-time prediction in business process monitoring (Käppel et al., 24 Aug 2025); and improving tool support, inter-annotator agreement measurement, and effort estimation in human-guided model editing (Käppel et al., 24 Aug 2025).

Taken together, these works indicate that HITP is not a single mechanism but a design space organized by causal position, temporal mode, cognitive integration, and governance function. Its unifying idea is that human participation is not merely appended to a system but structurally embedded in how the system acts, is corrected, is interpreted, or is certified. Where the literature differs is in what counts as “the process”: a runtime decision chain, an iterative interaction loop, an organizational workflow, a process-aware information system, or even the behavioral trace by which human and machine activity itself is evaluated.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Human-in-the-Process (HITP).