Law in the Loop
The current dominant paradigm is “human in the loop” — ensuring a human reviews and approves AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impact actions. This works at low volume. It does not scale.
When an AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impact agent is processing thousands of decisions per minute, no human can meaningfully review each one. “Human in the loop” becomes “human rubber-stamping the loop” — governance theater that provides legal cover but no actual oversight.
But the deeper problem isn't scale. It's that “human in the loop” conflates two different things: the authority to govern and the mechanism of governance. The authority remains human. The mechanism cannot be.
The Actual Failure Mode
The key governance failure — in human society, in organizations, in every system that has ever tried to govern itself — is when the law is either not consulted or intentionally disregarded at the point of decision.
A police officer who doesn't check the statute. A trader who bypasses compliance. An agent that acts without verifying its authorization. The law existed. The mechanism to consult it at decision time did not — or was too slow, too inconvenient, or too easy to skip.
This is the problem AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impact governance must solve. Not “how do we keep humans in the loop?” but “how do we keep the law in the loop?” How do we ensure that at every decision point, the applicable rules are consulted — at decision speed, without exception, as a structural property of the system rather than a procedural obligation someone can forget or ignore.
Law at Decision Speed
Biology does this. The immune system doesn't convene a committee when a cell needs to undergo apoptosis. It doesn't put a human in the loop for white blood cell decisions. Instead, it puts lawin the loop — encoded rules that operate at the speed of the system they govern.
The immune system's laws are sophisticated: pattern recognition, memory of past encounters, graduated response, tolerance learning, escalation protocols. They're not perfect — autoimmune disorders exist, allergies exist. But they operate at the speed and scale of the threat landscape. And critically: they cannot be skipped. The law is not a checklist a cell chooses to consult. It is the biochemical environment the cell operates within.
Implementation: Heuristic or Agentic
How the law is consulted at decision time is an implementation choice, not a governance principle. Two approaches, both valid:
Heuristic implementation. The law is encoded as rules, patterns, and thresholds that execute automatically. Fast, cheap, deterministic. Good for well-understood domains with clear boundaries. This is the firewall model — the CISOChief Information Security OfficerExecutive responsible for information security strategy doesn't approve every packet, but the ruleset is present at every decision.
Agentic implementation. The law is consulted via an AIArtificial IntelligenceSystems that learn, adapt, and act with real-world impact agent that can reason about context, precedent, and ambiguity. Slower, more expensive, more nuanced. Good for complex domains where rules alone can't capture the full intent. This is the attorney model — you don't call a lawyer for every decision, but for the ones that matter, the legal reasoning is available at the point of action.
Most real systems will use both: heuristic checks for the 95% of decisions that are routine, agentic review for the 5% that require judgment. The governance architecture must support both — and the entity must not be able to choose which applies.
What Web4 Specifies
Web4Web4Open governance ontology for trust-native entity interactions does not dictate what the law is. That is for every society to decide through the SALSociety / Authority / LawFramework for governing collectives — membership, delegation, norms framework — versioned law datasets, published by designated oracles, enforced through quorum consensus.
What Web4Web4Open governance ontology for trust-native entity interactions does specify is the mechanism: law must be present at every R6/R7 action. The Rules term in the R7 equation (Rules + Role + Request + Reference + Resource → Result + Reputation) is not optional. Every interaction carries its applicable law. The entity cannot act without the law being consulted — not because a human checks, but because the governance structure requires it as a precondition for action.
Peer societies evaluate whether they trust another society's law — its rigor, its enforcement, its outcomes. Law that produces trustworthy entities earns trust from peers. Law that doesn't, doesn't. The feedback is structural, not political.
The principle: Law, not individual humans, must be present at decision time. The human role is authoring, tuning, and auditing the law. The system's role is ensuring the law is consulted at every decision — heuristically, agentically, or both — without exception.