Skip to main content
COMPEL Body of Knowledge
Get Certified Platform
AITE M1.1-Art31 v1.0 Reviewed 2026-04-06 Open Access
M1.1 Foundations of AI Transformation
AITF · Foundations

Responsible-AI Architecture Patterns

Responsible-AI Architecture Patterns — AI Strategy & Vision — Advanced depth — COMPEL Body of Knowledge.

13 min read Article 31 of 48

This article names the six responsible-AI patterns the architect encounters most often in enterprise work, shows where each pattern lives in the reference architecture, and walks the assessment an architect performs to confirm a design’s pattern coverage.

Pattern 1 — Consented data

The first pattern concerns the data the system uses: training data, retrieval corpora, user-supplied data, logged data. The architectural commitment is that each piece of data is present in the system with a traceable legal and ethical basis for being there.

Concrete architectural controls:

  • Corpus provenance manifest. Every document in a retrieval corpus has recorded origin, consent status, and licence. The retrieval registry (Article 21) carries this manifest.
  • Consent capture at ingestion. User uploads include a clear consent path; the consent is stored with the document and is available for later review or withdrawal.
  • PII classification and redaction. Inbound data is classified by PII category (Article 15) and redacted according to policy before it enters persistent stores.
  • Right-to-deletion plumbing. A documented path to remove a user’s data from every store including the retrieval index. GDPR Article 17 and comparable rights elsewhere are operational, not just contractual.
  • Training-data exclusion flags. Data marked non-trainable is held out of any downstream fine-tuning or further training. The Samsung incident in 2023 — internal source code pasted into ChatGPT and thereby ingested into the provider’s systems — illustrates what the failure looks like when these flags are absent at the boundary.1

Pattern 2 — Confidence disclosure

The second pattern concerns how confident the system is in its output and whether that confidence is exposed to the user. Users over-trust AI outputs systematically; the architecture compensates by surfacing uncertainty.

Concrete controls:

  • Confidence score on outputs. Where the model can produce a calibrated confidence (classifier, routing decision), the score is exposed in the response.
  • Hedging in generated text. Prompts instruct the model to hedge when appropriate; response validators check for unwarranted certainty in high-stakes domains.
  • Visual cues in UX. Confidence is surfaced through colour, icons, or text at the UX layer per the UX specification the architect contributes to.
  • Distinct handling for low-confidence outputs. A low-confidence classification may be routed to human review (see Pattern 4) rather than returned directly.

Pattern 3 — Explanation surface

The third pattern concerns how the system explains its outputs to the user or to an auditor. Explanation is not always natural for LLM outputs but several surfaces exist and the architect builds them in.

Concrete controls:

  • Citations for RAG outputs. Every claim that comes from retrieved content carries a citation back to the source passage. Citation accuracy is itself an eval metric (Articles 11, 12).
  • Contributing-feature explanations for classical-ML portions. Where the system combines an LLM with a classical model (for example, a credit-decisioning assistant), feature-level explanations for the classical component are produced via SHAP, LIME, or the in-framework equivalent.2
  • Decision-path logging. The trace log (Article 13) captures the chain of retrievals, tool calls, and model steps that produced the output so an auditor can reconstruct it.
  • User-facing explanations. The UX surfaces the explanation the user needs — “here’s what I found” rather than a raw trace dump. Different audiences need different explanation depths.
  • Refusal-reason messages. When the system refuses, it explains why at the granularity policy allows.

Pattern 4 — Human-in-the-loop escalation

The fourth pattern is the explicit routing of certain decisions or outputs to human review. Human-in-the-loop is not a fallback for failures; it is a designed capability that certain use cases require.

Concrete controls:

  • Escalation criteria. The architecture names the conditions under which the output routes to a human: low confidence, high stakes, specific domains, user-initiated escalation, or regulatory requirement.
  • Review queue infrastructure. A queue with SLA, tooling, and reviewer role definitions. The review tool shows the user input, the system output, and the reasoning trace.
  • Reviewer decision capture. Decisions, with reasons, are captured for audit and for eval set expansion.
  • Oversight dashboards. Aggregate views for oversight staff to see patterns in escalated cases.
  • UX affordances. The user can request escalation directly where appropriate.

EU AI Act Article 14 makes human oversight a legal requirement for high-risk systems.3 The architectural pattern predates and exceeds the legal floor.

Pattern 5 — Fallback behaviour

The fifth pattern concerns what the system does when the AI component cannot serve the user as intended. The absence of a designed fallback means the user experiences ambiguous or broken behaviour.

Concrete controls:

  • Hierarchy of fallbacks. Preferred response; degraded AI response; non-AI fallback; escalation to human. The system tries these in order depending on the failure class.
  • Graceful degradation per failure mode. Model unavailable -> scripted answer plus contact path. Validator failure -> retry with a stricter prompt; if still failing, degrade. Cost-cap exceeded -> degrade to a cheaper model; if the cheaper model does not suffice, hand off.
  • User-transparent fallback state. The user is told, in appropriate language, that the AI is not available or is operating in reduced mode. No silent substitution.
  • Fallback as default. The system assumes the AI will be unavailable sometimes and designs fallback as a first-class path, not as an afterthought.

Air Canada’s 2024 chatbot case, where an AI-generated response made a policy commitment that the airline initially refused to honour and was held liable for, illustrates what a missing fallback and unclear policy posture can cost.4 A well-designed fallback would have routed ambiguous policy questions to a human before the response was sent.

Pattern 6 — Refusal design

The sixth pattern concerns how the system refuses: when, what it says, and how it logs the refusal. Refusal is not failure; refusal is a feature. A system that never refuses either has no policy or is violating one.

Concrete controls:

  • Refusal taxonomy. Categorised refusal reasons (unsafe content, out-of-scope, policy-restricted, regulatory-restricted, unknown confidence). Categories are tracked.
  • Refusal language. The refusal message is neither hostile nor opaque. It tells the user the category and the user’s recourse. Different categories have different messages.
  • Refusal rate monitoring. An unexpected spike in refusals is an incident (Article 20). A refusal rate of zero is also an incident (the policy is not being enforced).
  • Appeal or override path. For certain categories the user can contest the refusal through a defined channel. Overrides are logged and reviewed.
  • Consistent policy layer. The refusal rules live in a policy layer (the guardrail service from Article 14 and Article 24), not scattered in prompts.

Apple Intelligence’s published architecture takes a distinctive refusal posture — on-device processing, conservative refusal on anything outside bounds, privacy-preserving fallback to cloud — that illustrates a consumer-grade refusal pattern at scale.5

Composing patterns

The six patterns do not compose independently; they reinforce each other. A complete responsible-AI package typically connects them as follows:

  • Consented data (Pattern 1) underwrites everything else; without it, other patterns cannot be trusted.
  • Confidence disclosure (Pattern 2) feeds human-in-the-loop (Pattern 4) through escalation criteria.
  • Explanation (Pattern 3) is required at refusal (Pattern 6) and at low-confidence escalation (Pattern 4).
  • Fallback (Pattern 5) covers the failure modes that refusal (Pattern 6) does not address.

The architect reads a design and asks, for each pattern, whether it is implemented and whether it integrates with its neighbours. Patterns are design constraints; composition is the architect’s craft.

Pattern-to-use-case fit

Not every pattern is equally important for every use case. A rough fit matrix:

Use caseConsented dataConfidenceExplanationHITLFallbackRefusal
Customer support chatHighMediumMediumHigh (for escalations)HighHigh
RAG search over internal KBHighMediumHigh (citations)LowMediumMedium
Credit-decisioning assist (EU high-risk)Very highHighHighVery highHighHigh
Code assistantMediumLowMediumLow (unless sensitive code)MediumMedium
Marketing copy draftMediumLowLowLowLowMedium
Clinical-note summarisationVery highHighHighVery highHighHigh

Governance mapping

Responsible-AI patterns map cleanly to regulation and standards.

EU AI Act: Article 10 (data governance) -> Pattern 1. Article 13 (transparency) -> Patterns 2, 3, 6. Article 14 (human oversight) -> Patterns 4, 5. Article 15 (accuracy and robustness) -> Patterns 5, 6.3

NIST AI RMF: MAP 1.1 (context) establishes which patterns apply. MEASURE 2.3 (performance with human-AI configurations) covers Pattern 4. GOVERN 1.6 (inventory of AI) and MAP 3.2 (explanation) cover Patterns 3 and 6.6

ISO/IEC 42001: Clause 7.5 (documented information) covers Patterns 1 and 3. Clause 8.2 (system lifecycle) covers the full pattern set. Annex A controls on data and AI system lifecycle overlap directly.

Sector regulation: Financial services (SR 11-7 in the US, SS1/23 in the UK) map to explanation (Pattern 3) and human oversight (Pattern 4) specifically for model-risk contexts. Healthcare regulation (FDA guidance on clinical decision support) maps to refusal, fallback, and human oversight specifically.

Worked example — a hiring-assistant pattern package

A hiring-assistant use case at a multinational employer. Annex III of the EU AI Act classifies this as high-risk.3 The full pattern package the architect specifies:

  • Pattern 1 (consented data): candidate data with GDPR-compliant consent; CVs handled as the candidate’s data with right-to-deletion plumbing; training data for the model’s ranking component is sourced only from candidates who opted in to research use.
  • Pattern 2 (confidence disclosure): ranking scores shown with confidence ranges; recruiters trained not to treat scores as binary.
  • Pattern 3 (explanation surface): every ranking carries a summary of the strongest signals and a link to the candidate’s evidence; decision-path logging retained for two years per Article 12.
  • Pattern 4 (human-in-the-loop): no candidate is rejected solely by the system; recruiters review every ranking above a threshold and document their final call.
  • Pattern 5 (fallback): when the ranking service is unavailable, recruiters proceed with a standardised CV-review template; no rankings are imputed post-hoc.
  • Pattern 6 (refusal): the system refuses to produce ranking when candidate data is incomplete below a threshold, and explains what is missing; refusals logged and monitored.

The pattern package is not small. It is proportionate to the risk and to the regulatory posture. A hiring assistant without all six patterns in place is not shippable under EU AI Act obligations.

Anti-patterns

  • Responsible-AI as a separate team’s responsibility. Patterns implemented as a bolt-on after the architecture is otherwise set often do not integrate cleanly. Patterns are architecture, not policy.
  • Confidence theatre. Displaying confidence scores that are not calibrated gives users false information. The scores must reflect real model uncertainty.
  • Citations that do not support the claim. RAG citations that look right but do not contain the cited content are worse than no citations. Citation accuracy is a first-class eval metric.
  • Escalation queue with no SLA. A HITL pathway with no bound on review time is not an escalation, it is a black hole. Queues have SLAs or they fail silently.
  • Refusal with no category tracking. A refusal without a category cannot be monitored for policy drift. Every refusal has a reason code.
  • Fallback as marketing language. Documents that describe “graceful degradation” without specifying what happens in practice are a liability. The fallback behaviour is spelled out and tested.

Summary

Responsible-AI is implemented as a pattern language of six architectural patterns: consented data, confidence disclosure, explanation surface, human-in-the-loop escalation, fallback behaviour, and refusal design. Each pattern has concrete architectural controls and plugs into the reference architecture from Article 1. The pattern package’s shape depends on the use case risk; high-risk use cases need the full set at high strength. The six patterns map to the EU AI Act, NIST AI RMF, ISO/IEC 42001, and sector regulation in predictable and defensible ways.

Key terms

  • Responsible-AI pattern
  • Confidence disclosure
  • Human-in-the-loop escalation
  • Refusal design
  • Corpus provenance manifest

Learning outcomes

After this article the learner can: explain six responsible-AI patterns; classify four use cases by required patterns; evaluate a design for pattern completeness and integration; design a responsible-AI pattern package for a given high-risk use case.

Further reading

Footnotes

  1. Korean and international press coverage of Samsung internal ChatGPT leak (April 2023).

  2. Lundberg & Lee, “A Unified Approach to Interpreting Model Predictions” (SHAP, NeurIPS 2017); Ribeiro et al., “Why Should I Trust You? Explaining the Predictions of Any Classifier” (LIME, KDD 2016).

  3. Regulation (EU) 2024/1689 (AI Act), Articles 10, 13, 14, 15; Annex III.4 (employment). 2 3

  4. Moffatt v. Air Canada, British Columbia Civil Resolution Tribunal (February 2024); press coverage in Reuters, BBC.

  5. Apple, “Introducing Apple Intelligence” technical documentation (2024).

  6. NIST AI Risk Management Framework (AI 100-1).