Which Automations Need Human Approval? 5 That Do, 5 That Don't.

Whether a workflow step needs human approval depends almost entirely on what the action does in the world, not on how good the AI is.

An AI that drafts a wrong reply costs you the second it takes to delete the draft. An AI that sends that same reply could cost you a deal you've been working for months, and you don't find out until the prospect goes quiet. Same model, same prompt, same workflow shape. Different blast radius.

Get this wrong in either direction and it costs you: too many approval steps and you've replicated the manual work you were trying to escape; too few and you've handed control of your client relationships to a probabilistic system with no safety net.

Here's a practical framework for thinking about where the line should be, with ten concrete examples to make it tangible.

Two variables that determine the answer

Before going through the list, it helps to have a consistent way of evaluating any step: blast radius (how bad is the outcome if the AI gets this wrong?) and reversibility (can you undo it easily?).

Small blast radius, easy to reverse: strong candidate for autonomous execution. Large blast radius, hard to reverse: needs a human checkpoint before it fires, regardless of how confident the AI seems.

That framing handles most workflow automation approval decisions cleanly. Where it doesn't is the middle, steps with a medium blast radius and partial reversibility. More on those at the end.

Five that should always have approval

1. Outbound emails to clients, prospects, or partners.

Once an email is sent, it's sent. The recipient has seen it, formed an impression, and possibly already replied. If an AI misclassified a prospect as a warm lead and sent an aggressive follow-up, that email can't be unsent. If it responded to a support complaint with a generic template, it can't take back the irritation it caused. The Air Canada chatbot case is the extreme version: an autonomous chatbot committed to a refund policy that didn't exist, Air Canada tried to disclaim responsibility, and a tribunal held them liable anyway. Outbound communication creates commitments. Those deserve a human eye before they leave your account.

2. CRM deal stage or contact data changes.

Your pipeline is a record of where things actually stand. If an AI incorrectly advances a deal from "proposal sent" to "verbal agreement" because it misread an email tone as positive, your forecasting and follow-up cadence both adjust to a false signal. By the time you notice, you might have delayed reaching out to close, missed a check-in, or sent premature onboarding materials. CRM data drives behavior downstream, and corrupted data corrupts every decision it informs.

3. Social media posts.

Public content carries a different blast radius than internal records. A post that goes out at the wrong time, in the wrong tone, or in response to something that just shifted context can be deleted, but not before people have seen it, or screenshotted it. For solopreneurs where your personal brand and your business brand are the same thing, a single off-tone automated post can do disproportionate damage. The approval step here takes fifteen seconds. The alternative is monitoring every queue every day and hoping nothing fires at a bad moment.

4. Invoice or payment-related actions.

Any automation that creates, sends, or modifies financial documents needs a human checkpoint. Sending an invoice to the wrong client, for the wrong amount, or at the wrong billing interval is the kind of mistake that surfaces awkwardly, sometimes weeks later when reconciliation reveals the discrepancy. Payment automations carry legal and accounting implications that a misclassification can't simply be "corrected" without a paper trail. Keep this class of actions fully supervised until the workflow has a long, clean track record.

5. Calendar invites or scheduling on your behalf.

An AI that sends a meeting invite to a prospect you weren't ready to approach, books two meetings at the same time, or schedules a call before you've confirmed availability creates commitments that require awkward cancellations to undo. Calendar actions are technically reversible, but the impression left by botched scheduling isn't. For service-based solopreneurs, how you handle scheduling is part of how clients assess your professionalism.

Five that can run autonomously from day one

1. Internal Slack or notification messages to yourself.

If the AI sends you a wrong notification, you dismiss it. No external impact, no commitment made, no relationship affected. Internal alerts, summaries, and status updates are exactly what automation was made for. Let them run.

2. Logging to a spreadsheet or database.

Writing a record that an event occurred, a form submission came in, a call happened, or a task completed carries minimal risk. The log entry can be corrected, deleted, or ignored. Even a systematic misclassification produces a fixable dataset, not an external consequence. If your workflow ends in writing to a log, it doesn't need approval.

3. Email labeling and folder organization.

Sorting incoming emails into folders, applying labels, or flagging for follow-up affects only your own inbox. The worst outcome is a mislabeled email you have to find manually. Let the AI sort your inbox and review the categorization rules occasionally, not every individual action.

4. Creating drafts (not sending them).

Having the AI draft a reply, prepare a document, or generate a proposal is genuinely useful precisely because nothing goes out until you review it. The draft is the output; you're still the one who decides whether and how it gets used. This is a good pattern for getting AI help with outbound communication while keeping the actual send gated.

5. Data formatting and file transformations.

Converting a CSV to a specific format, reformatting a report, extracting structured data from an uploaded document: these are deterministic operations where the AI's role is parsing and transforming, not deciding. If the transformation is wrong, the input file still exists and you run it again. Nothing external changes.

The gray zone: where a track record earns autonomy

Between these two categories is a range of steps where the right answer depends on context and history. Routing a new lead to a specific pipeline stage might be low-risk if you have a high volume of clearly-defined lead types and a simple routing rule, or high-risk if your pipeline stages drive automated follow-up sequences that are hard to interrupt.

Confidence scoring handles this precisely. Start those gray-zone steps in supervised mode, approval required. As executions accumulate, you'll see which inputs the AI handles consistently and which ones it struggles with. The steps that earn a clean track record can graduate to autonomous execution. The ones that don't stay in your queue, where they belong.

This is the core logic behind the automation trust ladder: you don't have to decide up front whether a step is safe enough to automate fully. You start supervised, collect evidence, and make the decision based on actual performance rather than theoretical confidence.

Worth noting: approvals on Rills are always free. Adding a review step to a gray-zone action doesn't increase your bill. The cost of being cautious is just your time reviewing, which shrinks as patterns emerge. There's no financial pressure to skip oversight on steps you're not sure about.

A simple rule of thumb

When you're building a new workflow and you're not sure whether a step needs approval, ask: if the AI gets this wrong, who finds out and how quickly?

If the answer is "I find out immediately and fix it in under a minute with no external impact," let it run. If the answer is "a client finds out before I do," add the approval step. That covers most cases without much analysis.

Approvals are always free on Rills, so human review never costs you a credit. You only pay for the actions that create real value. Start building and gate the steps that deserve it.