The urgency-accountability tension: why the moments that demand the fastest agent action are also those that demand the most careful oversight

In care settings, the situations that demand the fastest response also carry the highest accountability stakes. A care AI agent that hesitates in a deteriorating emergency loses time that may be irreplaceable. A care AI agent that acts without authorization violates the person's autonomy, the institution's governance framework, and the legal conditions of its deployment. These two requirements — speed and accountability — are not merely in tension. They are structurally opposed, and the opposition is sharpest exactly when it matters most.

This is the urgency-accountability tension.

The accountability stack takes time

Standard accountability architecture for agents that act in care settings involves several sequential steps: consent from the person being cared for, or from their authorized surrogate; authorization from the principal hierarchy — the operator, the care institution, the attending clinician; an audit record of the triggering input and the decision taken; and a window in which an override is possible. Each of these steps takes time. None of them can complete in two seconds. But a cardiac event can cause irreversible harm in minutes.

The accountability stack is designed for the expected case — a deliberate, reversible decision taken after adequate time for consideration. Emergency medicine runs on the opposite assumption: the expected case is time-compressed, and the cost of inaction exceeds the cost of acting without full authorization. Accountability frameworks designed for the deliberate case do not automatically extend to the emergency case. They must be specifically designed for it.

Pre-authorization as the structural answer

The established response to urgency is pre-authorization: obtain consent and principal hierarchy approval in advance, scoped to specific emergency scenarios, and carry that authorization cryptographically until the emergency activates it. The agent holds a signed emergency mandate that permits specific actions under specific, verifiable conditions. When those conditions are met, the mandate is activated without requiring a real-time authorization negotiation.

Pre-authorization shifts the accountability moment from the emergency to the enrollment. The person being cared for, and their authorized surrogates, make a considered decision — outside the emergency, with adequate time for deliberation — about what kinds of agent actions they authorize under what kinds of conditions. That decision is recorded, signed, and stored in a hardware-attested authorization token. The agent activates it under the conditions specified; the audit log records both the activation conditions and the mandate that authorized the action.

This architecture works when the pre-authorization is specific. Blanket emergency mandates — "do whatever you judge necessary to preserve life" — are not accountability-compliant. They transfer judgment from the principal hierarchy to the agent without defining the scope of that judgment, which makes the mandate impossible to audit and impossible to enforce. A compliant pre-authorization specifies the triggering conditions, the authorized action set, the time window during which the mandate is valid, and the escalation path if conditions are ambiguous.

What pre-authorization cannot cover

Pre-authorization cannot cover scenarios that were not anticipated. Emergency mandates are defined by care providers and families in the non-emergency state, describing emergencies they have not yet experienced. Textbook presentations — the clear, unambiguous cases — tend to be covered. Ambiguous deterioration, presentations with complicating factors, readings that could indicate emergency or sensor error: these fall into the gap between pre-authorized scenarios and the edge cases that real emergencies frequently present.

The accountability gap opens in these ambiguous cases. An agent that activates an emergency mandate in a case that meets the triggering criteria has acted within authorization. An agent that acts in a case that does not clearly meet any pre-authorized criteria has exceeded its mandate. But the agent may not be able to determine which category applies in the time available. The accountability obligation does not dissolve because the situation is ambiguous. It sharpens.

Hardware-rooted fast paths and post-quantum overhead

Post-quantum cryptographic operations are computationally heavier than their classical predecessors. PQ signature schemes use larger key material and require more computation to verify. In high-frequency monitoring contexts — continuous vital sign analysis, real-time movement detection — inserting a full PQ cryptographic negotiation into the emergency response path introduces latency that conflicts with clinical response requirements.

The architectural answer is hardware-rooted fast paths. A TPM-based pre-computation approach establishes and signs the emergency authorization at enrollment time, storing a hardware-gated authorization token that the agent can activate without a real-time cryptographic negotiation. The PQ computation happens once, at enrollment; the fast path in the emergency is a hardware-gated release of the pre-signed token, which takes milliseconds rather than the hundreds of milliseconds that a real-time PQ negotiation might require.

This preserves the cryptographic guarantee — the authorization is still PQ-resistant, still hardware-attested, still auditable — without inserting the computation into the latency-critical path. The accountability record of each activation includes the pre-computed token, the activation conditions, and the timestamp, giving auditors everything they need to verify that the emergency action was within the pre-authorized scope.

Post-hoc accountability as the floor

In scenarios where no pre-authorization covers the situation, the agent must choose between acting without authorization and not acting. The governance framework must decide in advance which failure mode is preferred in which scenarios — and that decision itself must be documented in the deployment record.

What is never acceptable is acting without authorization and omitting it from the record. Post-hoc accountability — recording what happened, under what conditions, with what justification, even when the action exceeded the pre-authorization scope — is the minimum floor. An agent that acts in an emergency and records its decision completely is operating outside authorization but within accountability. An agent that acts and does not record is outside both. The record is the residual accountability structure when the pre-authorization architecture did not reach.

The design obligation

The urgency-accountability tension is not resolvable at the moment of emergency. At the moment of emergency, the authorization framework that exists is the only framework available. The design obligation is to prepare for urgency before it arrives: define the emergency scenarios, create specific scoped pre-authorizations, establish the hardware-rooted fast paths that activate them, and build the post-hoc recording infrastructure that catches every action that falls outside the pre-authorized envelope.

The worst design is one that treats urgency as an operational exception that bypasses accountability. Urgency is a design constraint — perhaps the most demanding one — that the accountability architecture must be built to accommodate. Treating it as an exception is not a deployment option. It is a governance failure waiting to occur.