Accountability & Audit

When an agent acts for a citizen, much of what it does happens out of sight. Government runs the other side of the same arrangement, applying automated steps to whole populations at once, with no person watching any single case. What an agent does in a person’s name therefore has to stay visible at two scales: the single interaction, and the automated process that runs across a whole population.

This surfaces new challenges: a citizen has to be able to find out what an agent did for them and get a wrong decision corrected, and an agency has to be able to catch a systemic error in its own automation, not just a single bad case.

01 Policy challenge

When an agent acts in a citizen's name, responsibility for what it did becomes hard to fix: the citizen, the agency, and the agent's provider can each point elsewhere, while the record of what was actually done is thin or absent.

As agents handle more of each interaction, two conditions sharpen. A mistake can surface only after a decision has been acted on, when it is hardest to reverse, and a single fault in an automated process can repeat across an entire population before anyone detects it. For policymakers this leaves an accountability gap precisely where automation makes errors fastest to spread and slowest to see.

02 Design challenge

Make what an agent did in a citizen's name legible and accountable: reviewable by the citizen before it takes effect, and a trail that fixes responsibility after.

Give a clear path to challenge, reverse, or seek recourse when it goes wrong.

Catch and stop a systemic fault before it reaches population scale.

Keep a path open for people who can't read or check that record themselves, or who must rely on a trusted person to do it for them.

Patterns in this territory

8 shown

3.1

Draft-review-before-commit checkpoint

A check-your-answers screen rendered before confirmation, where each agent-supplied answer carries its data provenance and a change link.

Live surface

3.2

Confirmation receipt with action record

A confirmation screen that issues a saveable receipt naming the agent, the delegation authority, the data sources, and a unique reference.

3.3

Structured audit trail with role-based views

A single audit record rendered through three views, selectable by role: citizen summary, caseworker decision points, and full regulatory trace.

3.4

Reasons for decision

A reasons panel at the review checkpoint stating why the agent reached its recommendation, in citable plain-language form.

3.5

Recourse and dispute affordances

A 'dispute this action' affordance on each receipt that opens a complaint pre-filled with the action record and a service-side response clock.

3.6

Liability surfacing at the point of action

A liability statement at the review checkpoint naming who is responsible if the agent's action contains errors.

3.7

Reversibility and undo

A reversibility badge at the authorization checkpoint classifying the action as reversible, amendable, compensable, or irreversible.

Live surface

3.8

Systemic-error detection and circuit-breaker for agent actions

An operations console that turns 'measure the aggregate, not the transaction' into a fleet-level error-rate monitor with pre-declared thresholds and a halt-and-rollback control.

Case studies that touch this territory

Case study

Robodebt — what happens when accountability and audit fail

A worked failure case: the Australian Robodebt scheme is the definitive demonstration of what occurs when automated government decision-making operates without review checkpoints, audit trails, reasons, recourse, or reversibility. It is the test the accountability patterns are measured against.

Informs T3 · Accountability & Audit