This preprint develops the concept of guardrail laundering as a diagnostic category for AI governance, human oversight, and machine-mediated institutional decision-making. It argues that safeguards, uncertainty notices, refusal policies, audit trails, escalation procedures, or human-review requirements do not by themselves prove that responsible control has returned. In some systems, such safeguards may instead increase the apparent legitimacy of an action while lacking usable structural power to alter the action path before it binds. The article names this failure guardrail laundering. The paper situates guardrail laundering within a threshold account of action. It draws on the concepts of pre-action capture and binding point to examine the interval before institutional action becomes materially or procedurally difficult to reverse. Pre-action capture describes the seizure or pre-structuring of attention, interpretation, available motion, institutional possibility, and technical affordance before an actor experiences itself as choosing. A binding point marks the last inspectable locus at which an action path can still be refused, revised, delayed, narrowed, or contested before it becomes difficult to reverse. Guardrail laundering occurs when a safeguard appears before or at this point, but does not preserve the interval in which judgment could still change what happens next. The article distinguishes guardrail laundering from adjacent concepts such as ethics washing, automation bias, rubber-stamping, audit ritual, safety theatre, and weak human-in-the-loop design. Its central claim is that the decisive question is not whether a human, warning, review layer, policy statement, or audit record is present, but whether that mechanism can still alter the action path before authorization. A safeguard that lacks alterability but does not increase apparent legitimacy is merely ineffective; a safeguard that increases legitimacy while preserving usable alterability is not laundering. Guardrail laundering requires both effects: legitimacy without operative alteration. Through an illustrative composite triage scenario and an analysis of delegated AI action, the paper shows how a system may display caution while leaving denial, closure, escalation, deprioritization, or downstream routing unchanged. The composite case is hypothetical in narrative form but not speculative in structure: it abstracts recurring features from documented welfare automation, risk scoring, weak contestation routes, default asymmetries, and post-binding appeal structures. The article also explains how delegated action can move the binding point upstream into permissions, defaults, procurement choices, data pipelines, vendor configurations, or tool access before any visible human reviewer appears. The paper argues that meaningful human oversight cannot be inferred from human presence, review records, warning language, or formal accountability alone. Oversight becomes meaningful only where it can still function as a living brake: a safeguard capable of delaying, refusing, revising, narrowing, contesting, redirecting, or reopening the action path before binding. This does not require maximizing interruption or creating procedural paralysis. Rather, it requires preserving ordinary routes of alteration before a decision becomes signable through the ordinary workflow. The article is diagnostic rather than certifying. It does not offer a compliance standard, technical control stack, or empirical audit protocol. Instead, it provides a conceptual test for identifying when safeguards remain operative and when they become merely ceremonial. Its contribution is to shift the evidence of responsible AI governance from the presence of safeguards to their pre-binding alterability: whether they can change the frame, narrow the recommendation, delay execution, open contestation, or return judgment before action binds.
Emre Ertuhi (Tue,) studied this question.