Why an agent with no named owner is a project waiting to stall

When something the agent does goes wrong and no one owns the answer, the project does not get fixed, it gets frozen. Clear accountability is what keeps an incident from becoming a cancellation.

B

Balagei G Nagarajan

4 MIN READ


An incident alert pointing to an empty owner box, with the project frozen behind it
ISO/IEC 42001 names defined roles, responsibilities, and authorities as required.
— from “Why an agent with no named owner is a project waiting to stall”

Key facts.

  • In Moffatt v Air Canada (2024 BCCRT 149), the British Columbia Civil Resolution Tribunal found the airline liable for negligent misrepresentation by its chatbot and rejected its claim that the chatbot was a separate entity, so organizational accountability for an agent is legally settled.source
  • ISO/IEC 42001:2023, the AI management system standard, requires defined roles, responsibilities and authorities for AI systems, that's the accountability an unowned agent lacks.source
  • The MIT NANDA State of AI in Business 2025 report found only about 5% of enterprise AI pilots reach measurable financial impact and weak ownership of what an agent does is one of the reasons programs stall before they get there.source

Why does a missing owner stall the project?

When an unowned agent acts badly the fix has nowhere to land, so the program freezes; a stronger model does not assign ownership, and Moffatt v Air Canada shows the firm answers. (source)

Something goes wrong. An incident requires a decision: fix and continue, pause, or accept and defend. If nobody owns the agent, there's nobody with authority to make that call. What happens instead is that everybody waits for somebody else to decide. The default outcome is: freeze it. That freeze is often the end of the program. Not because the agent couldn't be fixed. Because the organization couldn't decide who would fix it. Air Canada found out the hard way that the liability lands on the company whether or not there's a named owner. The owner's absence doesn't remove the responsibility. It just removes the person who can act on it before it becomes a legal or reputational problem.

A better model doesn't fix the ownership gap. It might reduce how often incidents happen. It can't decide who acts when one does. ISO/IEC 42001 names defined roles, responsibilities, and authorities as required. Those are human choices. An agent shipped without them is one incident away from the freeze, whatever model is underneath it.

Swimlane of an incident response: with an owner it routes to fix or defend, without an owner it dead-ends in a freeze

What does real ownership of an agent require?

A named person, not a committee and not the vendor. They need authority to pause, change, or defend the agent when something goes wrong. No committee needed, no escalation chain to work through. A defined scope, so the owner knows what they're accountable for. A review cadence so the owner is engaged before the incident, not summoned by it. That's it. ISO/IEC 42001 calls this out explicitly. It's not a big structure. It's cheap to define and expensive to skip. The agents that survive an incident are the ones where the alert had a name on it. The ones that stall are the ones where it didn't.

ElementUnowned agentOwned agent
Incident responseDefaults to freezeRouted to a decision-maker
AuthorityDiffuseNamed, with power to act
BoundaryUnclearDefined and accountable
EngagementOnly at the incidentReviewed on a cadence

The Pattern Intelligence Layer gives the owner something concrete to be accountable for. Behavior, boundary adherence and failure patterns are tracked at the pattern level. The named owner reviews real signals on a cadence and acts on an incident with evidence rather than guesswork. Reliability at the pattern level is what turns accountability from a name on an org chart into a working response.

Frequently asked questions

Can't the vendor be accountable for the agent's behavior?
Not to your customers or regulators. Moffatt v Air Canada shows the deploying organization is liable for its agent, so ownership has to sit inside your organization with a named person.

Why does an incident freeze the whole program?
Because without an owner, no one has the authority to decide whether to fix, pause or defend the agent, so the cautious default, stopping, takes over and often becomes permanent.

Does a safer model remove the need for an owner?
No. A better model lowers incident frequency but cannot decide the response when one happens. That decision needs an accountable owner, which ISO/IEC 42001:2023 calls for explicitly.


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.