Open standards & artifacts for accountable systems.

Specification sheet

Permanent link /mechanisms/patterns/kill-switch

MEC-05 Kill switch for runaway automation

Pre-authorized halt paths with named stewards, thresholds, and restoration drills so harms stop in seconds.

Where it fits

Filters and handoffs

Tagged for Governance, Friction with validator handshakes. Includes 3 steps, 3 reusable assets, and 4 snippet blocks.

Scholarly metadata

Authorship

Contact: research@ethotechnics.org

Publication details

  • Published: Dec 3, 2025
  • Last updated: Jan 9, 2026
  • Version: v1.1.0
  • DOI: Pending Zenodo deposit

License: CC BY-SA 4.0

Credit Ethotechnics Institute, include the page title + version, and link to the canonical permalink.

Archive snapshot: Wayback capture

Changelog

  • v1.1.0 · 2026-01-09 — Added citation metadata, mechanisms-level authorship details, and structured usage guidance.
  • v1.0.0 · 2025-12-03 — Initial public mechanisms release.

Copy citation (APA/BibTeX)

Cite this page Formats: APA, MLA, Chicago, BibTeX, RIS

Version

v1.1.0

Last updated

Jan 9, 2026

DOI

Pending Zenodo deposit

APA

Ethotechnics Institute Research Team. (2026). MEC-05 Kill switch for runaway automation. Ethotechnics Institute. https://ethotechnics.org/mechanisms/patterns/kill-switch

MLA

Ethotechnics Institute Research Team. "MEC-05 Kill switch for runaway automation." Ethotechnics Institute, 2026, https://ethotechnics.org/mechanisms/patterns/kill-switch.

Chicago

Ethotechnics Institute Research Team. "MEC-05 Kill switch for runaway automation." Ethotechnics Institute. Jan 9, 2026. https://ethotechnics.org/mechanisms/patterns/kill-switch.

BibTeX

@misc{mechanism_kill-switch,
  title={MEC-05 Kill switch for runaway automation},
  author={Ethotechnics Institute Research Team},
  year={2026},
  howpublished={Ethotechnics Institute},
  url={https://ethotechnics.org/mechanisms/patterns/kill-switch},
  version={v1.1.0}
}

RIS

TY  - WEB
TI  - MEC-05 Kill switch for runaway automation
AU  - Ethotechnics Institute Research Team
PY  - 2026
UR  - https://ethotechnics.org/mechanisms/patterns/kill-switch
ER  -

Specification overview

At-a-glance details for planning and handoffs.

Capture the scope, assets, and validator handshakes before diving into the steps.

Spec essentials

What ships with this mechanism

  • 3 steps with checklist-ready owners.
  • 3 reusable assets for briefs and runbooks.
  • 4 reuse-ready snippet blocks.
  • 3 glossary anchors for shared terms.

Filters & validators

Where this spec sits in the system

Tagged in 2 filters with 2 linked validators.

Glossary anchors

Link back to the definitions.

Jump to the glossary terms that frame this mechanism.

Steps

Put the mechanism in motion.

Start with the field cues, then use the assets to keep the work legible.

3 steps with checklist-ready owners, plus linked assets for handoffs.

Assets

Keep outputs reusable.

Link or copy these assets into design docs, runbooks, and briefs so the mechanism travels with the work.

Kill switch runbook

Documents triggers, authorized operators, and post-halt messaging.

Rollback checklist

Confirms data, access, and user impact are stable before resuming.

After-action log template

Captures what tripped the switch and how to tighten thresholds or observability.

Reuse-ready snippets

Copy policy, audit, and incident language.

Use these snippets in requirements, audits, and postmortems with the mechanism permalink.

Policy requirement

Policy requirement (MEC-05 Kill switch for runaway automation)
- Maintain a pre-authorized halt path with a named roster and protection from retaliation.
- Publish tripwires tied to moral performance indicators and time-to-halt targets.
Reference: https://ethotechnics.org/mechanisms/patterns/kill-switch

Product requirement

Product requirement (MEC-05)
- The kill switch is reachable within one operational step from monitoring dashboards.
- Halt events emit receipts with owner, trigger, and restoration checklist links.

Audit evidence checklist

Audit evidence checklist (MEC-05)
[ ] Kill switch runbook names authorized operators and triggers.
[ ] Drill logs demonstrate time-to-halt performance.
[ ] Rollback checklists show safe restoration steps.

Postmortem trigger

Postmortem trigger (MEC-05)
Trigger review when time-to-halt targets are exceeded or the kill switch is unavailable.

Example usage

Containing a runaway recommendation loop

A concrete scenario to help teams see how the pieces fit together.

How it plays out

Operations staff notice a spike in appeals and trip the kill switch, freezing recommendations, routing cases to humans, and restoring with updated thresholds before re-enabling automation.

Anti-patterns

Common failure cases and counterfactuals

Use these to avoid superficial compliance and clarify what success requires.

Kill switch without rehearsal

A halt path exists but no drills confirm that it works under pressure.

Counterfactual: Teams rehearse halts and document restore steps with time-to-halt targets.

False-positive warning: Simulation is acceptable when production drills are risky, but it must be documented.

Single-point approval

Only one person can trigger the halt, creating dead zones off-hours.

Counterfactual: A pre-authorized roster can halt automation without retaliation risk.

False-positive warning: Small teams can assign a primary/secondary if coverage is explicit.

Validators

Pair validators with this mechanism.

Use these tools to size risk and keep the stewardship path visible.

Validator

Maintenance Simulator

Tabletop simulation that plays through outages, maintenance windows, and handoffs to stress-test coverage.

Validator

Burden Modeler

Quantifies task load, cognitive friction, and risk exposure so you can reroute toil before it burns people out.