
Key facts.
- In Moffatt v Air Canada (2024 BCCRT 149), the British Columbia Civil Resolution Tribunal found the airline liable for negligent misrepresentation by its chatbot and rejected its claim that the chatbot was a separate entity, so organizational accountability for an agent is legally settled.source
- ISO/IEC 42001:2023, the AI management system standard, requires defined roles, responsibilities and authorities for AI systems, that's the accountability an unowned agent lacks.source
- The MIT NANDA State of AI in Business 2025 report found only about 5% of enterprise AI pilots reach measurable financial impact and weak ownership of what an agent does is one of the reasons programs stall before they get there.source
Why does a missing owner stall the project?
When an unowned agent acts badly the fix has nowhere to land, so the program freezes; a stronger model does not assign ownership, and Moffatt v Air Canada shows the firm answers. (source)
Something goes wrong. An incident requires a decision: fix and continue, pause, or accept and defend. If nobody owns the agent, there's nobody with authority to make that call. What happens instead is that everybody waits for somebody else to decide. The default outcome is: freeze it. That freeze is often the end of the program. Not because the agent couldn't be fixed. Because the organization couldn't decide who would fix it. Air Canada found out the hard way that the liability lands on the company whether or not there's a named owner. The owner's absence doesn't remove the responsibility. It just removes the person who can act on it before it becomes a legal or reputational problem.
A better model doesn't fix the ownership gap. It might reduce how often incidents happen. It can't decide who acts when one does. ISO/IEC 42001 names defined roles, responsibilities, and authorities as required. Those are human choices. An agent shipped without them is one incident away from the freeze, whatever model is underneath it.

What does real ownership of an agent require?
A named person, not a committee and not the vendor. They need authority to pause, change, or defend the agent when something goes wrong. No committee needed, no escalation chain to work through. A defined scope, so the owner knows what they're accountable for. A review cadence so the owner is engaged before the incident, not summoned by it. That's it. ISO/IEC 42001 calls this out explicitly. It's not a big structure. It's cheap to define and expensive to skip. The agents that survive an incident are the ones where the alert had a name on it. The ones that stall are the ones where it didn't.
| Element | Unowned agent | Owned agent |
|---|---|---|
| Incident response | Defaults to freeze | Routed to a decision-maker |
| Authority | Diffuse | Named, with power to act |
| Boundary | Unclear | Defined and accountable |
| Engagement | Only at the incident | Reviewed on a cadence |
The Pattern Intelligence Layer gives the owner something concrete to be accountable for. Behavior, boundary adherence and failure patterns are tracked at the pattern level. The named owner reviews real signals on a cadence and acts on an incident with evidence rather than guesswork. Reliability at the pattern level is what turns accountability from a name on an org chart into a working response.
Frequently asked questions
Can't the vendor be accountable for the agent's behavior?
Not to your customers or regulators. Moffatt v Air Canada shows the deploying organization is liable for its agent, so ownership has to sit inside your organization with a named person.
Why does an incident freeze the whole program?
Because without an owner, no one has the authority to decide whether to fix, pause or defend the agent, so the cautious default, stopping, takes over and often becomes permanent.
Does a safer model remove the need for an owner?
No. A better model lowers incident frequency but cannot decide the response when one happens. That decision needs an accountable owner, which ISO/IEC 42001:2023 calls for explicitly.

