Oversight is a capability that runs, not a gate you pass once

By Nathan Donaldson

A single tall translucent glass panel stands beside a continuous horizontal stream of faint procedural activity, quietly reading the flow as it passes, with one thin red line marking a single reading. Deep navy background, soft light, wide empty space.
Oversight that runs beside the work, not a gate above it.

Oversight is a capability that runs, not a gate you pass once

Most government systems are overseen the same way: an approval board signs off before go-live, an audit comes round once a year, and a compliance unit steps in when something has already gone wrong. Every part of that machinery makes the same quiet assumption: the thing being overseen changes slowly enough for a point-in-time check to stay true until the next one.

For most of the history of government software, the assumption has held. Once AI agents start doing the work, it stops holding. The place it breaks is layer 5 of Boost’s 5-layer model: oversight.

The model: substrate at layer 1 (identity, registers, data exchange, compute); internal coordination at layer 2; the citizen interface at layer 3; work-performance at layer 4 (eligibility, drafting, casework, modelling); and oversight at layer 5 (audit, agent registries, rules-as-code, a human in the loop, appeal, explainability). It is set out in full in the layers-and-planes piece. The one-sentence version: layers 2 to 4 are where agents do the work, and layers 1 and 5 decide whether that work lands safely.

The vision piece named what is probably the single biggest open question in the whole area: whether layer-5 oversight can keep up with layer-4 deployment at scale. Three pieces of public evidence make that question concrete. One is about the bottom of the model. Two are about the top.

Hand-drawn sketch-note diagram of three stacked bands. The bottom band is a heavy hatched slab with one slow long arrow, showing a substrate that changes over decades. The middle band is dense with many short rapid arrows, showing machine-speed activity. Above the whole stack runs a single continuous wavy red line, showing oversight as a capability that runs without stopping.
Three speeds: a substrate that changes over decades, work at machine speed, and oversight that must run continuously.

The bottom of the model is measured in decades

The US Government Accountability Office keeps the closest thing to a public ledger of how long government software actually lives. Its 2025 report on federal legacy systems (GAO-25-107795) found that the eleven most critical legacy systems in the US federal government are between 23 and 60 years old, and cost roughly US$754 million a year to operate. Modernisation is not riding to the rescue either: of ten critical systems flagged for modernisation in 2019, only three were finished by February 2025.

GAO writes that up as a liability, and from where they sit it is one. The same fact shows something else: the substrate is the most durable software there is. Identity systems, registers, the rails between agencies. Change at layer 1 is gated by planning, procurement and oversight, not by how fast anyone can produce code. That durability also explains how government oversight got away with being episodic for so long: an annual audit works well enough on a system that takes a decade to change.

Approving once doesn’t work on something that changes weekly

The top of the model has the harder problem. Schmitz, Rystrøm and Batzner looked at how public-sector organisations actually govern their systems today (“Oversight Structures for Agentic AI in Public-Sector Organizations”, arXiv 2506.04836, accepted at the REALM workshop at ACL 2025). Their description of the current state: “siloed compliance units and episodic approvals rather than continuous, integrated supervision”. The approval board, the annual audit, the sign-off at go-live.

Agents break the assumption that machinery relies on. Once systems act at machine frequency, the paper argues, approval-by-committee cannot keep up; the communication costs are, in their words, “already prohibitive”. An annual audit of a system that changes weekly is an audit of something that no longer exists.

Their prescription is the interesting part. Not a bigger central compliance unit. Oversight that is “centrally coordinated, but diffused”: pushed out to the operational teams whose work the agents are doing, and running continuously beside the work rather than periodically above it. Logs and audit trails alone don’t get you there; continuous oversight is what turns “mechanical visibility into accountability at the operational level”. That is layer 5 of the model, reached from a different starting point. Not a gate you pass once. A capability that runs.

The oversight bill moves with the autonomy dial

The third piece of evidence is newer, and its status matters. “The Stochastic Gap” (Pal and Bhattacharya, arXiv 2603.24582, March 2026) is a v1 preprint, not yet peer-reviewed. Its mathematical result stands on its own; its empirical demonstration is one simulated agent on a real purchase-to-pay event log of 251,734 cases. A well-built early result, not settled science.

What it formalises is a question deterministic systems never had to ask. A deterministic workflow does the same thing every time, so you can test it once and trust the test. Replace it with an agent and you have behaviour spread across possibilities. The question that matters, the paper argues, is not whether an agent’s next step “appears plausible” but whether the whole trajectory “remains statistically supported, locally unambiguous, and economically governable”.

Two findings matter here. First, the blind spots grow as the work gets described more realistically: on the same workflow, moving from a 42-variable description to a 668-variable one raised the share of next-step decisions with no statistical support underneath them from about 1.7 percent to about 12.5 percent at the longer horizon the paper tests. A system can look well covered at the level of situations while carrying real blind spots at the level of decisions. Second, the central result: “the same quantities that delimit statistically credible autonomy also determine expected oversight burden”. In plain words, the dial that sets how much you can safely let an agent decide is the same dial that sets how much its oversight costs. Autonomy and oversight cost are not two budgets. They are one number, read from two sides.

The paper says nothing about Boost’s model. Connecting its result to layer 4 and layer 5 is Boost’s bridge, not the authors’. Boost thinks the bridge holds, and you should know who built it.

What this means for the model

Put the three pieces together and the model’s claim about layer 5 gets clearer. The bottom of the model changes at the speed of decades. The middle, once agents do the work at layers 2 to 4, acts at the speed of machines. Oversight is the layer that has to hold those two speeds together, and the evidence says it cannot do that as a point-in-time gate. It has to run continuously, beside the work, and its cost rises with every unit of autonomy the middle is granted.

That has a practical consequence for anyone planning investment. Most of the attention goes to the visible middle: the caseworker’s assistant, the eligibility checker, the drafting tool. The model’s ordering points the other way.

An agent’s work can be redone if it goes wrong. The accountability for work already done cannot be rebuilt after the fact. Accountability is a record plus a capability: the trail of what was called, by whom, on whose authority, and the people and structures able to act on that trail while it still matters. Neither part can be added to a running system retrospectively. The layer to fund first is the one that cannot be bolted on later.

The open questions

Can continuous, diffused oversight actually be paid for? The third paper’s result says the oversight bill rises with the autonomy granted. Nobody has yet shown whether a working regime exists where a highly autonomous layer 4 is affordable to watch, or whether the oversight bill quietly eats the efficiency gain. Boost thinks the affordable regime exists but is narrower than the enthusiasm suggests, and that finding it is real design work at layer 5, not something a procurement template will hand you.

What does diffused oversight look like inside a real agency? Schmitz, Rystrøm and Batzner say where the responsibility should sit: with the operational teams whose work the agents are doing. They do not say what the role looks like in practice: who staffs it, what those teams can see, what they are able to stop. Their own survey of current practice says that machinery does not exist yet.

What would prove this wrong

A government running work-performance systems at high autonomy under episodic oversight, with accountability demonstrably intact, measured from July 2026. If that evidence arrives, the model is wrong about layer 5, and Boost will revise it. Until it arrives, layers 1 and 5 are where the money should go first.

Sources and further reading

Make a bigger impact tomorrow