Responsible AI Platform

Who is responsible when an AI agent makes mistakes?

··12 min read

A customer service agent of an airline promises a passenger a discount that does not exist in the fare conditions. The passenger books, requests the discount and is turned down: "the chatbot made that up." The Canadian tribunal that heard this case in 2024 (Moffatt v. Air Canada) needed little time: what the agent promised counts as a promise by the company. Replace the chatbot with a modern AI agent that autonomously places orders, grants refunds or shortlists candidates, and the question becomes urgent for every boardroom: who is responsible when such an agent makes a mistake?

The direct answer: the organisation that deploys the agent remains responsible for the decisions and processes in which that agent operates. The EU AI Act contains no separate category for AI agents and therefore no separate responsibility regime. Agents fall under the ordinary system of the regulation, which distributes obligations across a chain of roles: the provider of the underlying model, the provider of the agent platform, and the deployer that puts the agent into a business process. On top of that, the GDPR, in particular Article 22 on automated decision-making, applies in full today. "The AI did it" is not a defence under either framework.

No separate agent regime, but a clear division of roles

The definition of an AI system in Article 3(1) of the AI Act explicitly mentions "varying levels of autonomy". An agent that independently plans, calls tools and executes actions is therefore not a borderline case but a textbook example of what the regulation covers. How the AI Act as a whole applies to agentic AI is covered in our pillar on agentic AI under the EU AI Act. For the responsibility question, the division of roles matters most: who in the chain carries which obligations?

The chain: three roles, three sets of obligations

The model provider

Virtually every agent runs on a general-purpose AI model (GPAI). The provider of that model, think OpenAI, Anthropic or Google, has carried the GPAI obligations since 2 August 2025: technical documentation, information for downstream parties, a training data summary and a copyright policy. The European Commission published guidelines in July 2025 on the scope of those obligations. Enforcement and fines sharpen from 2 August 2026. Important for the responsibility question: the model provider is responsible for the model, not for what your agent does with it inside your process.

The platform provider

Whoever places an agent platform or ready-made agent on the market is the provider of that AI system. That party must ensure the system meets the applicable requirements, including, from 2 August 2026, the transparency obligations of Article 50: people who interact with an agent must know they are dealing with AI, and content generated by the agent must be identifiable as such. If the agent is used for a high-risk application under Annex III, the system follows the high-risk route, with 2 December 2027 as the intended date (shifted via the Digital Omnibus, which has not yet been published in the Official Journal and is therefore not final).

The deployer: your organisation

The organisation that puts the agent into a business process is the deployer. That is the role boards and legal counsel should watch most closely, because this is where the consequences of mistakes land. The deployer must use the agent in accordance with the instructions for use, arrange appropriate human oversight, retain relevant logs and, for high-risk applications, monitor and report incidents. And regardless of any AI Act obligation: the decision the agent prepares or executes remains a decision of the organisation.

Why "the AI did it" is not a defence

The Air Canada case illustrates the principle: an agent acts within the processes, systems and mandate of the organisation that deploys it. Whatever the agent promises, orders or decides is attributed to that organisation. Towards customers and contract parties this plays out in civil disputes; towards regulators it plays out in supervisory proceedings. Anyone who hides behind the model when facing the data protection authority or, soon, the AI regulator will get the same response as an employer hiding behind an employee: you designed this process, you should have organised oversight. The AI Act underlines this with fines via the regulator of up to 35 million euros or 7 percent of worldwide turnover for prohibited practices, and up to 15 million euros or 3 percent for most other infringements.

For boards this yields a simple rule of thumb: treat every action of an agent as if an employee had performed it. Would you let a junior employee sign contracts autonomously without a four-eyes check? No? Then do not grant that authority to an agent either.

Making human oversight concrete

Article 14 of the AI Act requires human oversight for high-risk systems, but it is the practical anchor for all autonomous agents. Oversight of an agent that executes hundreds of actions a day cannot consist of "someone glances at it occasionally". Make it concrete:

  • Approval thresholds: actions above a defined impact level (amount, number of people affected, external communication) require explicit human approval before execution.
  • Spend limits and mandates: give the agent a technically enforced maximum per transaction and per period, just like a procurement mandate for an employee.
  • Escalation routes: define when the agent must stop and hand over to a human, for example on complaints, legal questions or anomalous patterns.
  • Kill switch: someone must be able to pause the agent immediately, with a designated role authorised to do so.
  • Periodic review: sample-based checks of executed actions, not just incident handling.

Oversight only works if the supervising staff understand what the agent does and where it can go wrong. That touches Article 4 of the AI Act: since 2 February 2025, organisations must take measures to ensure sufficient AI literacy among staff working with AI systems. Not a fine-based provision in itself, but an obligation to take measures and a precondition for credible oversight; platforms such as LearnWize are built for exactly this.

GDPR Article 22 applies today

If the agent takes decisions with legal effects or similarly significant effects on individuals, think rejecting a job applicant, refusing a claim or preparing a credit decision that is effectively determinative, GDPR Article 22 applies. That article is not waiting for anything: it applies now. Data subjects have a right to human intervention, and that intervention must be meaningful. An employee who approves every agent recommendation within three seconds is, according to the EDPB guidelines on automated decision-making, not human intervention but a rubber stamp. If you put a human in the loop, give that human the information, time and authority to deviate.

Logging as your evidence base

When an agent makes a mistake, the first question any lawyer asks is: what exactly happened, and who or what took which decision? Without logging, that question cannot be answered. For high-risk systems the AI Act explicitly requires logging and retention, but beyond that it is simply your evidence base. Record at minimum: the instruction the agent received, which tools and data sources it called, which actions it executed, which human approved or intervened where, and which model version and configuration it ran on. Organisations that have this in order can reconstruct an incident, remediate and demonstrate that oversight worked. Organisations that do not stand empty-handed before regulator and counterparty.

Contractual arrangements with your agent vendor

The division of roles in the chain must be mirrored contractually. When procuring an agent platform, ask at minimum:

  • Which role does the vendor claim under the AI Act, and which documentation comes with it (instructions for use, intended purpose, limitations)?
  • How is Article 50 met: disclosure towards end users and marking of generated content?
  • Which logging does the platform provide, and for how long is it exportable and retainable?
  • Which configuration options exist for approval thresholds, mandates and escalation?
  • How are model swaps and updates announced, and can you freeze a version for critical processes?
  • Who carries which responsibility when mistakes occur, and how are indemnification and remediation arranged?

The Article 25 trap: building or white-labelling your own agents

Anyone who builds an agent on a GPAI model, places a procured agent on the market under their own name or brand, substantially modifies the system, or shifts the intended purpose towards a high-risk application can become a provider themselves under Article 25, with the full accompanying set of obligations. This is the trap for organisations that "quickly build an agent" on an API and then roll it out broadly or offer it to clients. Where exactly that line is crossed is covered in our analysis on when you become a provider under Article 25.

What to assign internally this month

For boards and legal counsel it comes down to five actions: map which agents are running and who in the chain holds which role; determine per agent whether decisions with legal effects are involved (then Article 22 applies today); make human oversight concrete with thresholds, mandates and escalation; arrange logging and contracts; and appoint one owner who manages this on an ongoing basis. Organisations that want to approach this in a structured way, from inventory to oversight model, can turn to the agentic AI governance approach of Embed AI.

The core message to remember: responsibility follows the role in the chain, but the consequences of mistakes land with the organisation that deploys the agent. Whoever grants autonomy must organise oversight. That is not a future obligation; it is the standard today.

Frequently asked questions about responsibility for AI agents

Sources

EUR-Lex: Regulation (EU) 2024/1689 (AI Act) (accessed July 2026)
European Commission: AI Act Service Desk: implementation timeline (accessed July 2026)
EDPB / Article 29 Working Party: Guidelines on automated individual decision-making and profiling (WP251) (accessed July 2026)