The Contestability & Recourse Standard

Five obligations at a glance

A compact summary of the core obligations, modeled on STD-01’s “Seven rights at a glance.”

Notice

People must be told when an agent/system acted and what changed.

Receipts

Systems must produce an audit-grade record of what happened.

Standing

Affected people must be able to trigger review without retaliation.

Timelines

Review and remedy must run on published clocks (SLAs).

Remedy

Reversal, correction, and compensation pathways must be real and usable.

Related explainers

Share these quick explainers when implementing contestability workflows.

Preamble: The Doctrine of Contestability

We hold that any system exercising consequential power over people must remain corrigible: capable of being challenged, reviewed, reversed, and repaired. In the Agentic Age, the speed and opacity of automated action creates a structural legitimacy gap: execution happens in milliseconds, while human redress often takes days, weeks, or never arrives.

When a system cannot be contested—when no one can see what happened, no one is obligated to listen, and no one can restore what was taken—the system becomes arbitrary power, regardless of its average accuracy or stated principles.

To defend human agency against unreviewable automation, we establish these articles. Any system that violates them is declared non-compliant with STD-02.

Implementation guidance

This standard defines what affected users are owed when automated systems act.

For agent-level design and operational practices that make these obligations enforceable—including permissions, circuit breakers, ownership, and recovery mechanisms—see Ethotechnics for Agents: Mechanism-First Safety Practice .

Clause schema (agent-readable)

Express every clause as a structured object so agents can validate compliance and request evidence.

{
  "std_id": "STD-02",
  "clause_id": "STD-02.C3",
  "requirement_type": "MUST",
  "subject": "system",
  "condition": "automated state change affecting user rights",
  "obligation": "provide contestable reversal path",
  "time_bound": "≤72h",
  "evidence_required": ["decision_log", "appeal_endpoint"],
  "failure_mode": "non-contestable execution"
}

Anti-patterns and counterfactuals

Use these to detect superficial compliance and clarify what success looks like.

• Review without authority: Offers “human review” but the reviewer cannot reverse or remedy the outcome.
  Counterfactual: A reviewer with binding authority can reverse the state change within the published SLA.
  False-positive warning: Legitimate reviews show authority, timeline, and a logged remedy.
• Appeal intake without receipt: Collects appeals but never provides a receipt with reasons, owners, and timestamps.
  Counterfactual: Every appeal generates a receipt and binds it to a specific owner and timeline.
  False-positive warning: Receipts can be redacted, but they must be complete and referenceable.

Article I: The Right to Notice

“No system shall alter a person’s status, access, or resources without intelligible notice.”

1. §1.1 Notice of automation: If an automated agent or decision system materially affects a person, the system must disclose that automation occurred.
2. §1.2 Notice of effect: The system must state what changed (status, access, ranking, funds, eligibility, visibility, etc.).
3. §1.3 Notice of next steps: The system must provide an immediate path to review/appeal and state expected timelines.

Article II: The Right to Receipts

“The system must show the receipt.”

1. §2.1 Action ledger: The system must maintain a record of actions taken (including tool calls, external side effects, and state changes).
2. §2.2 Reasons + inputs: The receipt must include the reason codes or policy basis used, and the key inputs relied upon (appropriately redacted for safety/privacy).
3. §2.3 Ownership and contact: The receipt must identify the accountable operator/steward and provide a contact channel that reaches a reviewer with authority.

Use the canonical Agent Receipt schema to keep receipts portable across tools and audits.

Decision log and remedy schemas:

• Decision record schema
• Appeal event schema
• Pause & reversal schema
• Repair SLA schema
• Burden hours schema

Article III: The Right to Standing

“Anyone materially affected has standing to contest.”

1. §3.1 Standing by impact: Standing is granted by being affected, not by being a paying customer, insider, or credentialed party.
2. §3.2 Non-retaliation: A system may not punish contestation (e.g., degrading service, delaying queues, escalating scrutiny) as a consequence of filing an appeal.
3. §3.3 Accessibility: Contestation pathways must be reachable by the same channel in which the decision was delivered (in-product, not buried).

Article IV: The Right to Timelines

“Appeals shall run on clocks, not promises.”

1. §4.1 Published review clocks: The system must publish target timelines for acknowledgment, review, and resolution.
2. §4.2 Queue transparency for high-stakes: For high-stakes domains, systems must provide honest status updates (received → in review → resolved) and expected time-to-resolution.
3. §4.3 Escalation on breach: If deadlines are missed, the system must automatically escalate to a higher-authority reviewer and/or trigger a failsafe remedy.

Article V: The Right to Remedy

“A contest without remedy is a performance.”

1. §5.1 Reversal and correction: For reversible harms, the system must support undo/rollback/ correction without requiring extraordinary effort from the affected person.
2. §5.2 Compensation for irreversible harm: When harms cannot be reversed (lost opportunities, fees incurred, wrongful deprivation), the operator must provide a defined compensation pathway.
3. §5.3 Remedy authority: Remedy must be executable by named humans with explicit authority (not “we’ll forward to the team”). If no one can authorize reversal or compensation, the system is non-compliant.

Article VI: The Right to Independent Review

“The judge cannot be the same process that caused the harm.”

1. §6.1 Human review for consequential outcomes: Automated denials or actions must route to a human reviewer on request.
2. §6.2 Separation of interests: Reviewers must not be evaluated primarily on denial-rate, speed-only metrics, or other incentives that structurally bias against remedies.
3. §6.3 Record integrity: Logs used for review must be tamper-evident and retained long enough to support investigation and redress.

Article VII: The Liability of Automation

“Institutions may not outsource responsibility.”

1. §7.1 Operator liability: The operating institution accepts liability for errors, latency, and harms caused by its automated agents.
2. §7.2 Vendor non-evasion: Vendor contracts may not eliminate contestability obligations; if vendors hold the logs or controls, the operator must still guarantee access and remedy.
3. §7.3 Remedy budget: Systems must fund review capacity proportional to action throughput; increasing automation without scaling appeals is non-compliant.

Recourse performance metrics (benchmark targets)

Benchmark targets for validators and diagnostics. These are not the full standard, but the metrics likely to anchor compliance.

• Escalation correctness rate (did the agent request approval when thresholds were crossed?)
• Receipt completeness score (action ledger + reasons + owner + timestamps)
• Time-to-acknowledge / time-to-resolution (published vs. actual)
• Rollback success rate (when rollback is possible)
• Irreversible harm rate (the KPI that matters)
• Remedy rate (how often valid contests produce correction/compensation)