Insynergy
← Back to Insights

Who Holds Judgment? Decision Design in the Age of the One-Person Firm

As AI agents increasingly execute work before humans review it, enterprises are drifting toward “ceremonial approval” — a condition where procedural oversight survives but substantive judgment disappears. This article argues that the real challenge of AI adoption is no longer automation itself, but the design of institutional judgment authority. Introducing Decision Design, Decision Boundaries, and Decision Logs as a governance architecture for AI-mediated organizations.

A Quiet Premise That Should Make Executives Uncomfortable

In a recent Nikkei BP / Biz Voyage interview, Masayuki Chatani — the former CTO of Sony's PlayStation business and previously head of AI at Rakuten and founding CEO of KPMG Ignition Tokyo — described what he calls the era of the "one-person CEO × AI." A single founder, supported by an orchestrated layer of AI agents, can now operate at the scale of what would once have required a mid-sized firm. In the United States, the equivalent term — solopreneur — is already mainstream. Unicorn-scale outcomes from solo founders are no longer treated as fantasy.

It is a compelling premise. And, on the operational surface, it is broadly correct.

But somewhere in that interview, Chatani makes a different kind of remark. He notes that, in the end, the CEO is the one who bears responsibility. He talks about a human capacity for "noticing that something is off" — a hesitation, an instinct, a signal that AI systems do not yet reliably reproduce. Read casually, these sound like familiar reassurances. Read carefully, they are not reassurances at all. They are warnings, embedded inside a productivity story.

This essay is about that warning.

Because as AI systems take on more of the cognitive front-loading of enterprise work, the operational question — how much can we automate? — is rapidly becoming the wrong question. The deeper question, and the one most enterprises are not yet asking out loud, is this:

Who, exactly, still holds judgment authority?

And under what conditions does that authority remain institutionally legitimate?

Capability Has Expanded. Authority Has Not.

It is worth being clear about what AI has already changed.

Contract review, once a junior associate's domain, is now a model's first pass. Subsidy and grant screening is increasingly mediated by AI scoring layers before human reviewers see the file. Hiring shortlists are produced by ranking systems trained on prior decisions. Customer service routes through autonomous AI agents that resolve, refund, and re-issue without human contact for entire categories of interaction. Procurement workflows are pre-cleared. Risk alerts are pre-prioritized. Internal approvals are pre-formatted with recommended actions.

None of this is hypothetical. It is the operating state of large enterprises in 2026.

And there is real institutional value in it. Capacity goes up. Cycle time goes down. Routine variance shrinks. For a one-person firm, the same logic compounds: a single founder can now run governance, finance, marketing, customer operations, and product reasoning in parallel, with AI agents handling the breadth that previously required a team.

So far, so familiar.

The problem is not capability. The problem is that, in nearly every one of these workflows, the authority architecture has not been redesigned. The org chart, the approval matrix, the delegation of authority document, the audit trail — all of these were built for a world in which humans did the work and approval meant something. AI now does most of the work. Approval, in many cases, has quietly become something else.

The Rise of Ceremonial Approval

Inside enterprises that have deployed AI seriously, a recognizable pattern emerges. The procedural form of judgment is preserved. The substance is not.

A reviewer opens an AI-generated contract memo. The flags are pre-highlighted. The risk score is pre-computed. The recommended action is pre-selected. The reviewer scans for thirty seconds, sees nothing visibly wrong, and clicks approve. The log records a human decision. An auditor, six months later, will see that a named individual reviewed and approved the document on a specific date.

Was a judgment made? Procedurally, yes. Substantively, almost certainly not.

This is what I will call ceremonial approval: a state in which the procedural shell of human judgment remains intact while the cognitive act of judgment has collapsed upstream into the AI system. The human is still in the loop. The loop is not doing what it was designed to do.

Ceremonial approval is not a failure of individual diligence. It is a structural outcome. When AI systems present pre-resolved outputs to time-constrained reviewers who lack the upstream context, the reviewer has no realistic basis for substantive disagreement. They can override, but overriding requires both standing and information they do not possess. So they approve. Almost everyone, almost every time.

The pattern repeats across enterprise workflows. In subsidy screening, the human reviewer endorses AI rankings because re-litigating each ranking is operationally infeasible. In customer service escalation, the human manager confirms the AI agent's resolution because the agent has already closed the customer interaction. In hiring, the human interviewer evaluates candidates already filtered by a model whose criteria they cannot fully inspect. The form survives. The function thins out.

And yet — and this is the critical point — accountability does not migrate with the judgment. When something goes wrong, the responsibility chain still terminates at a human name. The AI is not a defendant. The model is not disciplined. The vendor's liability is contractually capped. The institutional consequence falls on the person whose name appears on the approval line.

We have, in other words, allowed an asymmetry to develop. Cognitive work has moved upstream into machines. Accountability has stayed downstream, attached to humans. The space in between — where judgment used to live — has thinned, and in some workflows, disappeared.

Why Human-in-the-Loop Alone Does Not Solve This

The reflexive response to this picture is to invoke human-in-the-loop. Keep humans in the process. Require human approval for material actions. Log everything. Audit periodically.

These are necessary. They are not sufficient.

Human-in-the-loop, as commonly implemented, treats human presence as a control. It is not. Human presence is a precondition for control. Whether control is actually exercised depends on whether the human in the loop has the time, context, authority, and informational standing to disagree with the AI's upstream conclusion. In most enterprise deployments, at least one of these is missing.

A junior reviewer asked to approve an AI-generated risk assessment does not have the contextual depth to challenge it. A senior reviewer reviewing forty such assessments in a morning does not have the time. A reviewer who lacks the authority to overturn an AI output without escalating to a committee will, in practice, not overturn it. A reviewer who has been told by leadership that the AI system is "validated" will defer to the validation, regardless of what they see.

The loop, in each case, remains procedurally intact. Judgment, in each case, has structurally dissolved.

This is why human-in-the-loop alone is insufficient. It addresses presence. It does not address authority.

Japan's AI Guidelines for Business Ver1.2: The Right Diagnosis, an Incomplete Prescription

In March 2026, Japan's Ministry of Internal Affairs and Communications (MIC) and Ministry of Economy, Trade and Industry (METI) jointly published the AI Business Guidelines Version 1.2. The update is significant. For the first time, autonomous AI agents and physical AI are treated as first-class subjects, with explicit guidance on the risks of self-directed action — unintended transactions, privacy exposure, decisions taken without human review, and so on.

The guidelines correctly identify that autonomous AI agents executing external actions — sending communications, executing purchases, modifying production systems, completing travel or financial transactions — require mechanisms that ensure human judgment is meaningfully involved. They call for approval flows, least-privilege configurations, logging regimes, and monitoring.

This is the right diagnosis. The unresolved issue is that the prescription stops one step short.

Mandating that "human judgment must be involved" does not, by itself, specify who holds that judgment, under what conditions they hold it, what escalation path applies when they cannot resolve it, and how accountability is preserved across the AI-human boundary. An organization can satisfy the guideline's procedural requirement — by inserting an approval screen and a named reviewer — while still operating in a state of ceremonial approval. The guideline asks for human presence. Presence is not the same as authority.

The guideline does what guidelines can do. The remaining work — translating "human judgment must be involved" into an actual authority architecture — is not the regulator's to do. It is the enterprise's.

Why the Existing Frameworks Stop Short

It is worth being precise about what each of the major adjacent frameworks does and does not address, because the confusion between them is part of how this gap has been allowed to persist.

Governance — including AI governance frameworks — organizes principles, risk taxonomies, and oversight structures. It addresses what should be controlled, not who exercises judgment within a specific workflow.

Digital transformation (DX) modernizes processes and platforms. It improves how work flows. It does not reallocate where judgment legitimately resides when machines participate in that flow.

Automation strategy optimizes for throughput, reliability, and cost. It treats judgment as a constraint to be reduced or routed around, not as an institutional object to be designed.

AI ethics articulates values — fairness, transparency, accountability, human oversight — at the level of principle. It does not specify, at the workflow level, the conditions under which a human exercising oversight is institutionally entitled to override an AI output, or what happens when they decline to.

Human-in-the-loop, as discussed above, requires presence. It does not require authority.

Each of these does necessary work. None of them, individually or in combination, designs the authority architecture under which judgment in an AI-mediated process remains institutionally legitimate. That is the gap.

Decision Design: Treating Judgment as an Object of Design

What is needed is a discipline that takes judgment itself — not workflow, not principle, not oversight — as the object of design.

Decision Design is not about improving decisions alone; it is about designing the authority structure within which decisions become institutionally legitimate.

This is a different orientation from what most enterprise AI work has produced so far. Most AI deployment effort optimizes the inputs to a decision (better models, better data, better prompts) or the outputs (better dashboards, better recommendations, better automation). Decision Design instead treats the authority context of the decision as the unit of work. Who is entitled to make this judgment, under what conditions, with what override authority, and with what accountability that survives the AI-human boundary.

It sits adjacent to governance, DX, automation, and AI ethics, but addresses something none of them addresses directly: the institutional legitimacy of judgment when AI systems participate in it.

What Decision Design Designs

Concretely, the practice of Decision Design is the practice of explicitly specifying:

What Decision Design Is Not

It is worth being equally explicit about what Decision Design is not, because the surrounding language is crowded and easily confused.

It is not workflow optimization. Workflows can be optimized end-to-end without specifying who holds judgment within them.

It is not ordinary governance. Governance defines principles and oversight; it does not, at the level of individual workflow, design authority.

It is not AI ethics. Ethical principles inform Decision Design but do not, by themselves, produce authority architectures.

It is not automation strategy. Automation strategy treats judgment as a variable to minimize. Decision Design treats it as a variable to locate.

It is not process efficiency. A workflow can be highly efficient and still operate in ceremonial approval.

It is not mere oversight. Oversight is observation. Decision Design is design.

What Problem Decision Design Addresses

Decision Design addresses the governance gap created when AI systems increasingly participate in institutional judgment without explicit authority architecture. That is the gap that ceremonial approval lives inside. That is the gap that human-in-the-loop, as commonly implemented, fails to close. That is the gap that AI Guidelines for Business Ver1.2 names but does not specify.

Decision Boundaries: The Lines That Make Authority Real

Within Decision Design, the operational construct that does the work is what we call Decision Boundaries.

Decision Boundaries are not operational thresholds; they are institutional demarcations of legitimate authority.

The distinction matters. An operational threshold is a configuration parameter: this AI agent can spend up to $10,000 without approval, anything above goes to a human. A Decision Boundary is something different. It specifies, institutionally, where the authority of one party (an AI system, a junior reviewer, a manager, an officer) ends and the authority of another begins — and why. It is a statement about legitimacy, not just routing.

A well-specified Decision Boundary answers five questions:

  1. What is the AI system institutionally entitled to decide? Not what it is technically capable of, but what the institution has authorized it to resolve on its own.
  2. At what point does authority transfer to a human, and why? Risk class, reversibility, third-party exposure, regulatory implication — the basis for the transfer must be principled, not arbitrary.
  3. Who is the named authority on the receiving side? By role, and where appropriate by individual, with explicit substitutes for absence.
  4. What information must accompany the transfer? The receiving authority needs enough context to exercise actual judgment, not merely to ratify the AI's conclusion.
  5. What does the audit record need to demonstrate? Not that an approval occurred, but that judgment occurred — and where it lived.

When Decision Boundaries are explicit, ceremonial approval becomes detectable. When they are not, ceremonial approval is the equilibrium the system drifts toward.

Decision Logs: Accountability That Survives the Boundary

The third construct, and the one most often misunderstood, is Decision Logs.

Decision Logs do not merely record outputs; they preserve accountability continuity across distributed judgment processes.

Most logging today records what happened — which AI was invoked, what input it received, what output it produced, what human acted on it, when. This is necessary for technical traceability. It is not sufficient for accountability.

What Decision Logs add is the layer above the operational record: the record of who held authority at each step, on what basis, and under what conditions that authority was exercised or transferred. They are the institutional memory of where judgment actually lived. When a decision is later challenged — by a regulator, by a counterparty, by the board, by a court — the Decision Log is what allows the organization to demonstrate not merely that a process was followed, but that judgment was meaningfully exercised by an entitled party.

This is what accountability continuity means. The chain of judgment, and the chain of authority, are preserved across every AI-human handoff in the process. Responsibility does not simply default to the last human in the loop. It tracks the actual locus of judgment, as designed.

What This Looks Like in Practice

To make this concrete, consider a representative enterprise application: AI-assisted contract review.

Most enterprises have already deployed some form of this. The typical implementation is a single AI pass producing a summary, a risk score, and a recommendation, which is then "reviewed" by a legal team member who clicks approve. This is the structure that produces ceremonial approval.

A Decision Design–oriented implementation separates the work into three explicit layers:

The same three-layer pattern adapts to other domains. In subsidy or grant screening: formal eligibility to the AI, substantive merit to a reviewer, award decision to the awarding authority. In customer service escalation: routine resolution to the AI agent, judgment on hardship or edge cases to a human representative, policy-level commitments to a designated manager. In risk scoring: data aggregation and pattern detection to the AI, contextual assessment to a risk officer, response decisions to the accountable executive. In procurement: vendor pre-qualification to the AI, contract negotiation judgment to procurement, commitment authority to the budget owner. In internal approvals: rule-based clearance to the AI, exception judgment to management, policy change to executives.

In each case, the layering is not a procedural elaboration. It is an authority architecture. It specifies who is entitled to which decisions, under what conditions, with what override authority, and with what record. It makes ceremonial approval structurally harder, because it makes substantive judgment structurally required.

The One-Person Firm and the Authority It Cannot Outsource

Return, finally, to Chatani's framing.

The one-person CEO × AI model is, in important ways, a stress test for the argument of this essay. In a one-person firm, there is no team to defer to. There is no committee. There is no general counsel down the hall. Every Decision Boundary collapses to a single individual on the human side, with however many AI agents on the other.

This is what makes Chatani's remark about the CEO bearing final responsibility so revealing. He is not being modest. He is naming the only thing the model does not redistribute. Capacity is multiplied. Cognitive workload is offloaded. Operational scope is expanded. But authority — the institutional weight of being the party who holds judgment — does not migrate to the AI. It cannot. It has nowhere else to go.

The one-person firm is the limit case. But every enterprise that deploys autonomous AI agents at scale is somewhere on the same spectrum. The more the AI does, the more important it becomes to be explicit about what remains uniquely human — not in the sentimental sense of human creativity or human empathy, but in the institutional sense of human authority. Someone, somewhere, holds the judgment. The question is whether they hold it by design, with the information and standing to actually exercise it, or whether they hold it by default, as the last name on a procedural chain.

This is not a problem AI capability will resolve. More capable models do not produce clearer authority. If anything, they make the problem more acute, because they make ceremonial approval feel more reasonable.

The problem is architectural. It belongs to the enterprises deploying AI, not to the vendors producing it, and not entirely to the regulators overseeing it. AI Guidelines for Business Ver1.2 has correctly identified that human judgment must be involved. The work of specifying how, where, by whom, and with what accountability continuity — that work is institutional, and it is unfinished.

Decision Design is the discipline through which that work gets done. Decision Boundaries are the lines that make it operational. Decision Logs are the records that make it durable.

The one-person CEO and the global enterprise are both, in 2026, facing the same question. Their answers will look different. But the question is the same:

When AI acts first and humans approve later, who actually holds judgment? And is the answer the one the institution intended?

Decision Design™ and Decision Boundary™ are concepts proposed by Insynergy Inc. The related working paper, "Decision Design as Judgment Architecture," is available via SSRN. Insynergy is a Tokyo-based advisory firm focused on AI governance and institutional judgment architecture for financial institutions and large enterprises.

Primary sources referenced: Nikkei BP / Biz Voyage, interview with Masayuki Chatani on the "one-person CEO × AI" era; Ministry of Internal Affairs and Communications (MIC) and Ministry of Economy, Trade and Industry (METI), "AI Guidelines for Business Ver1.2," March 31, 2026.

Japanese version is available on note.

Open Japanese version →