Australian SMEs are moving beyond one-off ChatGPT experiments. The National AI Centre reported that 43% of Australian SMEs had some level of AI adoption across December 2025 to February 2026, with adoption rebounding to 44% in February 2026. The important question is no longer simply whether a business should use AI. It is where the business should keep human control.1
A human approval step is the point in a workflow where AI can prepare, classify, summarise, draft, recommend or route something, but a nominated person must review it before the business acts. In plain English: AI can do the work up to the decision point, but a person still presses the button when the action matters.
The simple rule
Use mandatory human approval before an AI workflow takes any action that could materially affect a customer, employee, supplier, bank account, public statement, legal or regulatory position, confidential information, or a source-of-truth business record.2,3,4,11
This does not mean every AI workflow needs to be slow. A good approval design lets AI remove admin work while keeping the business in control of the parts that carry real risk. AI.gov.au's guidance asks organisations to maintain human control, match oversight to the AI system's autonomy and stakes, and design override points so a person can pause, override, roll back or shut down a system where needed.2,3
What counts as a real approval step?
A real approval step is more than a person glancing at an output. It needs to be designed into the workflow so that the AI system cannot complete a controlled action until the reviewer approves it.
- The reviewer can see the original source material, not just the AI summary.
- The reviewer can see what the AI is proposing to do, where it will be sent or saved, and which system will be changed.
- The reviewer can approve, edit, reject or escalate the output.
- The workflow records who approved the action, when they approved it and what changed.
- The reviewer is trained and has authority for the type of decision being made.
- The system has a fallback path if the AI output is unclear, incomplete or unavailable.
Without those elements, a business can end up with approval theatre: a box is ticked, but the person cannot properly judge the output or stop the system in time.
Use human approval when one of these risk signals appears
1. The output goes to a customer, supplier or the public
Customer-facing AI should be treated differently from internal drafting. A sales email, quote response, complaint reply, review response or website update can create expectations for the business. Australian Consumer Law risks can arise if AI-generated content misleads people about a product, service, price, performance, availability or entitlement.4
Practical approval point: let AI draft the response, but require a staff member to approve before the message is sent or published.
2. Money, value or contractual commitments are involved
An AI workflow should not autonomously approve refunds, discounts, payments, payroll changes, account credits, credit notes, contract terms or purchase commitments unless the business has deliberately built a controlled, tested and auditable process. In most SMEs, the safe starting point is for AI to prepare the information and route the item to the responsible person for approval.
Practical approval point: AI can match documents, flag exceptions and prepare a draft action, but a human approves the payment, refund, discount, payroll update or contract change.
3. The workflow affects staff, contractors or job applicants
AI workflows that influence recruitment, performance management, rostering, termination, workplace investigations or pay should have stricter controls. AI.gov.au's law guide notes that existing laws can apply to AI-related workplace and discrimination risks, including Fair Work, workplace health and safety and anti-discrimination laws.4
Practical approval point: AI can organise applications, summarise CVs or prepare interview notes, but a qualified person makes and documents the decision. AI should not be the final decision-maker for hiring, firing, pay, discipline or workplace action.
4. Personal information, sensitive information or confidential business data is used
If a workflow handles personal information, customer records, health information, IDs, payroll records, employee data or confidential business material, approval should be part of a broader privacy and access-control design. The OAIC says the Privacy Act applies to uses of AI involving personal information, and APP 11 requires reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.5,7
Practical approval point: AI can identify relevant records or draft a response, but a human checks whether the output exposes personal, sensitive or confidential information before release or system update.
5. The AI workflow updates a system of record
A CRM, accounting file, payroll system, helpdesk, product database, inventory system or compliance register is a source of truth. Incorrect write-backs can create downstream errors that are harder to see than a bad draft email. For early AI automations, read-only access is usually safer than write access.
Practical approval point: AI can propose the CRM update, invoice coding, product description change or customer record update. A person approves the write-back until the workflow is proven, bounded and monitored.
6. The AI has tools, integrations or agentic permissions
AI agents are more useful when they can call tools, search files, read inboxes, use APIs or update systems. They are also riskier. OWASP identifies prompt injection and excessive agency as key LLM application risks, recommending limited permissions and human approval for high-impact actions.10,11
Practical approval point: an agent can prepare actions, but approvals are required before sending external emails, deleting records, changing financial data, accessing sensitive records, updating files, or executing irreversible system actions.
7. The workflow can scale an error quickly
A bad AI output is one problem. A bad AI output sent to 2,000 customers or written across thousands of records is a business incident. High-volume workflows need exception handling, rate limits, monitoring and approval thresholds, not just a prompt.
Practical approval point: require review for the first batch, sample outputs during production, and mandatory escalation for confidence failures, unusual topics, sensitive categories or value thresholds.
8. The decision is hard to reverse
Human approval matters most where a mistake cannot be easily undone. Publishing a public statement, sending a legal notice, rejecting a candidate, changing pay, deleting files, suspending a customer account or sending private information to the wrong person can have consequences after the technical error is fixed.
Practical approval point: if reversal is difficult, expensive, embarrassing, unfair or legally risky, keep a human approval step.
Decision matrix: where to place the approval gate
| Risk signal | Example | Recommended approval design |
|---|---|---|
| Customer-facing | AI drafts quote follow-up, refund response or complaint reply | Human approves before send; templates for low-risk acknowledgements |
| Money or value | Payment, refund, discount, credit note or payroll change | Human approval required; apply financial delegations and segregation of duties |
| Employment or people | Recruitment screening, performance notes, rostering or termination | AI assists only; qualified human decides and documents rationale |
| Personal/sensitive data | Customer file, employee data, health information, IDs | Human checks output and disclosure risk; apply privacy and access controls |
| Source-of-truth write-back | CRM, ERP, accounting, payroll, inventory or product database update | Start with draft/proposed update; approve write-back until proven |
| Agentic tool use | AI can email, use APIs, delete files, browse systems | Least privilege; approval before high-impact or irreversible calls |
| Bulk action | Mass email, data clean-up, ticket closure | First-batch approval, sampling, rate limits and exception review |
| Low-risk internal | Internal meeting summary or read-only knowledge lookup | No formal approval if read-only, source-linked, reversible and monitored |
Four practical approval models
| Model | When it suits | Example |
|---|---|---|
| Draft only | New, sensitive or unproven workflow | AI drafts a supplier email; staff edit and send manually |
| Approve every item | High-stakes or early-stage workflow | Manager approves every refund |
| Exception-based | Workflow is tested and rules are clear | AI sends routine acknowledgements but escalates complaints, legal language or high-value cases |
| Post-action review | Low-risk, reversible, high-volume actions | AI tags tickets or routes enquiries, with periodic sample checks |
| Bounded autonomy | Rare for SMEs; only after testing, monitoring, rollback and clear limits | AI closes duplicate internal tickets under a strict policy and audit log |
A sensible SME pathway is to start with draft-only or approve-every-item, collect real performance data, then move to exception-based approval only where the evidence supports it.
Examples for common SME workflows
| Workflow | Where AI helps | Human approval point |
|---|---|---|
| Lead follow-up | Reads enquiry, drafts reply, suggests next step | Approve before send unless simple acknowledgement |
| Document processing | Extracts fields from invoices, forms or contracts | Verify key fields before accounting, CRM or payroll update |
| Customer support | Summarises thread and drafts response | Approve replies involving complaints, refunds, privacy, warranties or legal language |
| Review responses | Drafts public reply in brand tone | Owner or manager approves before posting |
| Internal knowledge | Answers staff questions from approved docs | No approval for source-linked answers; escalate when unsure |
| Monthly reporting | Pulls data and drafts summary | Manager reviews before distributing outside the team |
| Payments and refunds | Flags exceptions and prepares paperwork | Authorised person approves the transaction |
How to design an approval step that actually works
- Name the business owner. Every AI workflow needs a person accountable for what it does.
- Define the controlled action. Write down exactly what the AI cannot do without approval: send, publish, pay, refund, update, delete.
- Set thresholds. Use value, customer type, sensitivity, confidence, topic and system permissions to decide when approval is mandatory.
- Show evidence to the reviewer. Include source documents, extracted fields, confidence indicators and the final action that will occur.
- Make rejection easy. Reviewers must be able to edit, reject, return for more information or escalate.
- Keep an audit trail. Record inputs, AI output, reviewer, decision, final action and time.
- Train the approver. The person reviewing must know what the AI can and cannot do, what data is allowed, and when to escalate.
- Review the approvals. High rejection rates, repeated edits or frequent escalations are signs the workflow needs improvement.
Common mistakes
- Putting approval at the end of a workflow after the AI has already acted.
- Asking junior staff to approve decisions they would not be allowed to make without AI.
- Only showing the AI output, not the source evidence.
- Moving from human approval to full automation without production data.
- Forgetting to review approval logs and rejected outputs.
- Treating internal AI workflows as risk-free even when they use employee, customer or financial data.
SME checklist
Make human approval mandatory if the answer is yes to any of these:
- Could the output affect a customer, employee, contractor or supplier?
- Could it move money, change a price, issue a refund or affect payroll?
- Could it create a public, legal, regulatory or contractual commitment?
- Does it use personal, sensitive or confidential information?
- Will it write to, delete from or change a source-of-truth system?
- Can the AI agent send messages, call APIs, access files or update software?
- Would a mistake be hard to reverse or explain?
- Could one error scale across many records, customers or staff?
- Is the workflow new, untested or based on inconsistent data?
- Would a reasonable customer or employee expect a person to check the outcome?
FAQ
Is human in the loop the same as human approval? Not always. Human in the loop can mean a person supervises, reviews or trains. For business workflows, the important question is whether the human can stop or change the action before it affects someone or something important.
Does human approval remove legal risk? No. It is a control, not a shield. The business remains responsible for its systems, staff decisions, customer communications and legal obligations.
Can approval be exception-based? Yes, after the workflow has been tested and the business understands what normal cases look like. The AI can process routine items and escalate unusual, high-value, sensitive or out-of-policy cases.
Who should approve AI outputs? The approver should be the person or role that would normally be accountable for the action. AI should not downgrade the level of authority required.
References
- National AI Centre, "SME AI Pulse," December 2025–February 2026.
- AI.gov.au, "Implementing AI safely and responsibly," 2024-2026.
- AI.gov.au, "AI implementation guidance," 2024-2026.
- AI.gov.au, "Australian laws and AI," 2024-2026.
- Office of the Australian Information Commissioner, "Guidance on privacy and generative AI," October 2023 and subsequent updates.
- OAIC, "Small business and the Privacy Act."
- OAIC, "Australian Privacy Principles guidelines — APP 11."
- National AI Centre, "AI Adoption Guidance for Australian Business."
- Australian Cyber Security Centre, "Artificial Intelligence for Small Business," December 2024.
- OWASP, "LLM Application Security Top 10," 2025-2026.
- OWASP, "LLM AI Cybersecurity and Governance Checklist."