You Can Outsource the Model. You Can't Outsource the Liability.
Eighteen months from now, a company much like yours will discover that the AI system it is proudest of has quietly started making decisions it cannot defend, cannot explain, and cannot prove it ever controlled. No one will have done anything wrong. That is what will make it so dangerous.
Here is how it happens. You deploy a model to do something valuable, screen applicants, price a policy, approve a transaction, flag a case for review. You test it carefully. It performs beautifully. It goes live to quiet applause, and everyone moves on to the next thing.
Then the world around the model drifts, the way the world always does. Customer behavior shifts. An upstream data feed changes format. A vendor silently updates its own model. Your system's behavior degrades by degrees, too slowly for anyone to notice, until it is routinely making a class of decision that is wrong, biased, or against the law. And because no one owns the ongoing question of whether it still works, no one is watching.
Eventually something surfaces it. A complaint. A journalist. An auditor. A regulator. A lawsuit. And in that moment, the most important thing about your AI system will not be how accurate it was on the day you launched it. It will be whether you can answer three questions, under oath if necessary: who owned this system's risk, how did you monitor it, and when it changed, who approved it continuing to run.
Most companies cannot answer those questions today. That gap, between deploying AI and being able to account for it, is about to become one of the defining business risks of the decade. This article is about why, and what to do before it reaches you.
The comfortable lie in most boardrooms
Ask almost any executive team whether they have AI governance and they will say yes. They are mostly wrong, and the data shows it. In Deloitte's enterprise survey, 87 percent of executives claimed to have AI governance frameworks, yet fewer than 25 percent had actually operationalized them across their organization.[1] A separate industry study found that while 79 percent of businesses are using or planning to use agentic AI, only 48 percent have any framework to govern and limit its autonomy.[2]
That distance, between the governance people believe they have and the governance that would survive an audit, is where the risk lives. And three forces are now converging to close it, whether organizations are ready or not.
The three forces converging at once
Individually, each of these is manageable. Arriving together, inside the same short window, they change the operating environment for anyone deploying AI at scale.
One: the EU AI Act now has teeth. This is not a future consultation paper. Prohibited AI practices have been enforceable since February 2025, and obligations on general-purpose AI models since August 2025.[3] In June 2026, the EU formally adopted the Digital Omnibus, which set firm dates for the rest: the heaviest obligations for high-risk systems, covering exactly the use cases enterprises care about, credit scoring, insurance pricing, medical devices, hiring, biometrics, and critical infrastructure, now apply from December 2, 2027 for standalone systems and August 2, 2028 for AI embedded in regulated products.[3][4] Crucially, this is a deferral, not a reprieve: August 2, 2026 remains a live enforcement date for transparency obligations, general-purpose AI penalties, and market-surveillance powers.[4] The penalties are the part that focuses attention: up to 35 million euros or 7 percent of global annual turnover, a higher ceiling than GDPR.[3] And the Act reaches across borders. If your AI touches someone in the EU, it applies to you regardless of where you are headquartered.
Two: ISO/IEC 42001 has become the standard buyers ask for. Published in 2023, it is the first certifiable management system standard for artificial intelligence.[5] That word, certifiable, is what changes the game: an accredited body can audit you and issue a certificate, and your customers, partners, and procurement teams can now demand it by name. They increasingly do. Microsoft is among the technology leaders pursuing certification, and analysts describe ISO 42001 as moving "from differentiator to table stakes" in enterprise procurement.[5][6] Several US state laws, including the Colorado AI Act and the Texas Responsible AI Governance Act, now treat alignment with recognized frameworks as evidence of reasonable care.[6][7] It is becoming the ISO 27001 of AI.
Three: NIST AI RMF has become the common language. The US National Institute of Standards and Technology's AI Risk Management Framework, with its Govern, Map, Measure, and Manage functions, is the shared vocabulary that regulators and mature organizations use to operationalize AI risk.[8] Its reach is quiet but pervasive: the FTC, CFPB, FDA, SEC, and EEOC all reference NIST principles in their enforcement guidance, and NIST publishes an official crosswalk mapping the framework directly to ISO 42001.[8] When your regulator, your auditor, and your enterprise customer all speak the same four functions, a structured program becomes the default expectation, not the exception.
Put them together and the message is unambiguous. The era of deploying AI without a defensible governance trail is closing.
The liability nobody put on the balance sheet
If the frameworks feel abstract, the courts are making them concrete. The single most important development for any executive to understand is not a regulation at all. It is a pattern of cases answering one question: when your AI gets it wrong, who pays?
Start with the simplest example. In 2024, a grieving customer asked Air Canada's website chatbot about bereavement fares. It gave him a confidently worded answer that was simply wrong, telling him he could claim the discount retroactively when the airline's policy did not allow it. When he sued, Air Canada's defense was, in the tribunal's own word, "remarkable": it argued the chatbot was "a separate legal entity that is responsible for its own actions."[9] The tribunal rejected that outright, ruling the chatbot was simply part of Air Canada's website and the company was liable for what it said.[9] The damages were small; the precedent is not. A company is accountable for what its AI tells a customer, and "the bot did it" is not a defense.
Now scale that principle up. In Mobley v. Workday, a case in the US federal courts, a job applicant alleged that an AI-powered screening tool rejected him from more than one hundred roles on the basis of age, race, and disability. In 2024 the court declined to dismiss the case; in May 2025 it certified a nationwide collective action potentially reaching a vast pool of applicants; and in March 2026 the judge again rejected the vendor's motion to dismiss, sending the case into discovery.[10][11] The detail that should make every CEO sit up is the theory the court accepted: it allowed claims to advance against the software vendor itself, treating the AI tool as an "agent" of the employers who used it.[10][11]
Together these cases dismantle the two assumptions most companies are quietly relying on:
- "We bought it, so the vendor is responsible." The agent theory says the deployer owns the decision the AI makes on its behalf, and the vendor can be pulled in too. Everyone in the chain is exposed.
- "The algorithm did it, not us." Regulators are blunt: the EEOC's position is that a lack of intent is no defense, and an employer is fully liable if an AI tool produces a discriminatory selection rate, even one it never designed or understood.[12]
"The algorithm did it" is not a legal defense.
And the exposure is widening on every side:
- New laws, new grounds to sue. A patchwork of US state statutes, from Colorado's algorithmic-discrimination law to consumer-protection rules on AI pricing, is creating fresh private rights of action.[7][13]
- Insurance is pulling back. Insurers are writing AI-specific exclusions into policies, so an AI loss can land directly on the company's own balance sheet rather than its coverage.[13]
- The cost is real and quantified. Analysts estimate AI-related failures in financial services alone run into tens of millions of dollars per case, before counting reputational damage.[13]
The pattern is unmistakable: you can outsource the model, but you cannot outsource the liability.
Why this is a CEO problem, not a compliance problem
Here is where most leaders make their mistake. They hear "regulation," route it to legal and quality, and move on. That instinct is exactly backwards. The Air Canada and Workday cases did not turn on a compliance technicality; they turned on accountability, and accountability sits with the chief executive. There are three reasons a CEO cannot delegate this:
- It is a velocity problem. Ungoverned AI does not move faster; it stalls. Every meaningful deployment gets stuck in an ad hoc review, or ships without one and becomes an incident waiting to happen. The companies with a repeatable governance capability are the ones that can say yes to new AI use cases quickly and safely, because the guardrails already exist. Governance is not the brake, it is what lets you take your foot off the brake.
- It is an enterprise-value problem. Acquirers now run AI governance diligence. Insurers price it. Enterprise customers demand it in security questionnaires, and certification shortens sales cycles.[6] Weak AI governance is starting to behave the way weak cybersecurity did a decade ago: a discount on your valuation, a failed audit in a deal, a contract you cannot win.
- It is a license-to-operate problem. In regulated industries, and increasingly in unregulated ones facing litigation and reputational risk, governance decides whether an AI system is allowed to exist in production at all. Get it wrong and your most promising AI initiative becomes your largest liability, sometimes literally.
Put plainly: the CEO owns the AI the way the CEO owns the balance sheet. You do not have to understand every model, but you are answerable for what all of them do. When a regulator, a board member, or a journalist asks "who is accountable for this system," the honest answer, in a well-run company, is you, by way of the person you named.
The shift underneath all of it
To understand why all of this is happening now, you have to see the technological shift the regulation and the courts are chasing.
For a decade, enterprise AI mostly made predictions. A model scored a lead, flagged a transaction, ranked a result. A human stayed in the loop and acted on the output. A wrong prediction was an error you could catch.
Agentic AI changes the physics.
AI used to predict. Now it acts.
Today's systems call tools, move data, trigger payments, send communications, and coordinate with other agents, often with no human reviewing each step. A wrong prediction is an error. A wrong action is an incident. The blast radius is fundamentally different, and it is why regulators, standards bodies, the courts, and your own risk exposure have all escalated at once. Notably, none of the three major frameworks was originally designed for autonomous agents, which is why organizations deploying them must extend their governance to cover cascading failures, scope creep, and the attribution gaps that appear when software acts on its own.[13] Hold onto this shift. Everything downstream, in every industry, follows from it.
The framework: four regimes, one system
Here is the mistake I see even sophisticated organizations make. They treat each regime as a separate program. A team for the EU AI Act. A separate effort for ISO 42001. A NIST mapping exercise somewhere else. And in regulated industries, a disconnected quality or risk function on top. That is slow, expensive, and it still leaves gaps between the programs where the real failures happen.
The organizations getting this right do the opposite. They recognize these are not four problems. They are four layers of one control system, and the published crosswalks between them prove how much they overlap.[8][13] Build the program once and it satisfies all of them.
The EU AI Act and peer regulation set the legal floor: what you must do to be allowed to operate. ISO/IEC 42001 provides the certifiable management-system backbone, the audited evidence that your governance actually functions. NIST AI RMF supplies the operating model: how you govern, map, measure, and manage risk day to day. And your industry's own regime, GxP in life sciences, model risk management in banking, adds the domain-specific rigor a general framework cannot. Build these as one integrated control framework and each investment reinforces the others. Build them as four silos and you pay four times and are still exposed. I call this the AI Governance Convergence Model, and it is the spine of everything that follows in this series.
The AI Governance Readiness Checklist
If you do nothing else after reading this, run your organization against these ten questions. They are deliberately blunt, and they map directly to what regulators, auditors, and courts now expect. A confident yes to all ten puts you ahead of most peers. Any no is a place to start on Monday.
- Inventory. Do you have a complete, current inventory of every AI system in use, in development, and in procurement, including the ones a single team spun up without telling anyone?
- Risk classification. Is each AI system classified by risk and mapped to the regulatory categories that apply to you, so you know which are high-risk?
- Ownership. Does every high-risk AI system have a single, named, accountable owner with the authority and the mandate to stop it?
- Impact assessment. Have you assessed and documented each significant system's impact on people, including fairness across protected groups, before deployment?
- Human oversight. Are the points where a human must review or approve defined, enforced in the system rather than just in policy, and genuinely effective, especially for adverse decisions?
- Data governance. Can you evidence the quality, provenance, and representativeness of the data behind your consequential models, including data from third-party vendors?
- Monitoring and drift. Do you monitor deployed systems for drift and degradation in production, with alert thresholds and a defined response, not just a launch-day validation?
- Change control. When a model, prompt, tool, or vendor version changes, does it pass through change control, with defined triggers for re-assessment?
- Vendor accountability. For every third-party AI tool, have you run a bias or performance audit, and do your contracts include indemnification for algorithmic harm?
- Evidence trail. Could you produce, today, the documentation an auditor, a regulator, or a plaintiff's attorney would ask for on your highest-risk AI system?
If it is not documented, it does not exist.
What to do next: an action plan for leaders
You do not need to become an expert in AI regulation. You need to set five things in motion, in this order.
- Commission the inventory this quarter. You cannot govern what you have not mapped, and more than half of organizations still lack a basic AI inventory. Make it a named deliverable with a deadline, covering every system in use, in build, and in procurement.
- Classify by risk and name an owner for each high-risk system. Assign a single accountable executive to each, with the authority to intervene. Ambiguous ownership is where accountability quietly evaporates.
- Adopt the convergence model as your operating structure. Use NIST AI RMF to design the risk controls, ISO 42001 as the certifiable management system that produces the evidence, the EU AI Act as the legal floor, and your industry's regime for domain rigor. One program, four requirements satisfied.
- Rebuild validation for AI that changes. Replace one-time, launch-day sign-off with continuous monitoring, drift detection, and defined re-validation triggers. This single shift closes the most common and most dangerous gap.
- Fix vendor accountability before your next renewal. Demand bias audits and transparency from AI vendors, insist on a documented human checkpoint for adverse decisions, and negotiate indemnification for algorithmic harm into every contract. The terms you sign today decide who pays tomorrow.[9][14]
The companies gearing up their governance today will spend the next two years shipping AI with confidence. The ones waiting for the rules to settle will spend those years unable to deploy, or deploying blind into the liability described above. AI governance is becoming the license to operate. The only real question is whether you build it on your timeline, or on your regulator's, your customer's, or a plaintiff attorney's.
Frequently asked questions
Is a company legally liable for what its AI chatbot tells customers?
Yes. In Moffatt v. Air Canada (2024), a tribunal held Air Canada liable for incorrect information its website chatbot gave a customer, rejecting the airline's argument that the chatbot was a separate legal entity responsible for its own actions. The principle: a company is accountable for what its AI tells a customer, and "the bot did it" is not a defense.
Can an AI vendor be held liable for discrimination caused by its software?
Potentially, yes. In Mobley v. Workday, US federal courts allowed discrimination claims to proceed against the software vendor itself under an "agent" theory, treating the AI screening tool as an agent of the employers that used it. The court declined to dismiss the case in 2024, certified a nationwide collective action in May 2025, and again rejected the vendor's motion to dismiss in March 2026. Both the deployer and the vendor can be exposed.
When do the EU AI Act's high-risk obligations take effect?
Following the Digital Omnibus formally adopted in June 2026, the heaviest high-risk obligations apply from December 2, 2027 for standalone systems and August 2, 2028 for AI embedded in regulated products. This is a deferral, not a reprieve: August 2, 2026 remains a live enforcement date for transparency obligations, general-purpose AI penalties, and market-surveillance powers.
What are the penalties under the EU AI Act?
The EU AI Act allows fines of up to 35 million euros or 7 percent of global annual turnover for the most serious violations, a higher ceiling than GDPR. The Act also has extraterritorial reach: it applies if your AI affects someone in the EU, regardless of where your company is headquartered.
What is the difference between the EU AI Act, ISO/IEC 42001, and the NIST AI RMF?
They are complementary layers of one control system, not competing choices. The EU AI Act is binding law that sets the legal floor. ISO/IEC 42001 is the first certifiable AI management-system standard and provides audited evidence that governance works. The NIST AI RMF (Govern, Map, Measure, Manage) is the voluntary operating model for managing AI risk day to day. Published crosswalks map them to each other, so a single program can satisfy all three.
What is the AI Governance Convergence Model?
The AI Governance Convergence Model is a framework by Prashant Akhawat that treats four control regimes as four layers of a single system rather than separate programs: the EU AI Act and peer regulation (the legal floor), ISO/IEC 42001 (the certifiable management-system backbone), the NIST AI RMF (the operating model), and an organization's own industry regime such as GxP or model risk management (domain-specific rigor). Built once as one framework, each layer reinforces the others.
Why is AI governance a CEO responsibility rather than a compliance task?
Because it determines business velocity, enterprise value, and license to operate, and because accountability for AI outcomes sits with the chief executive. The CEO owns the AI the way the CEO owns the balance sheet: not by understanding every model, but by being answerable for what all of them do and by naming an accountable owner for each high-risk system.
Coming next in the CXO Intelligence Series on Governance
References and further reading
- Deloitte, State of Generative AI in the Enterprise — reported that 87% of executives claim AI governance frameworks while fewer than 25% have operationalized them (cited in GAICC, "What ISO 42001 Solves for U.S. Organizations," 2026).
- Vanta, The State of Trust Report 2025 — 79% of businesses are using or planning agentic AI; only 48% have a framework to govern its autonomy.
- European Commission, Regulatory framework for AI and AI Act implementation timeline (digital-strategy.ec.europa.eu); EU AI Act (Regulation (EU) 2024/1689). Penalties up to EUR 35M or 7% of global turnover.
- Council of the EU, "Artificial Intelligence: Council gives final green light to simplify and streamline rules" (June 29, 2026); Gibson Dunn, White & Case, and Covington client alerts on the Digital Omnibus, which defers high-risk Annex III obligations to December 2, 2027 and Annex I to August 2, 2028 while keeping August 2, 2026 live for transparency, GPAI, and market surveillance.
- ISO/IEC 42001:2023, Information technology — Artificial intelligence — Management system; Schellman and industry commentary on adoption, including Microsoft's certification progress.
- GAICC, "What ISO 42001 Solves and Why It Matters for U.S. Organizations in 2026"; TruvoCyber, "ISO 42001 vs AIUC-1 vs NIST AI RMF" (2026) — on procurement expectations and "table stakes" status.
- Wiley, "2025 State AI Laws Expand Liability, Raise Insurance Risks" and "2026 State AI Bills"; Colorado AI Act; Texas Responsible AI Governance Act (TRAIGA).
- NIST, AI Risk Management Framework (AI RMF 1.0) and the Generative AI Profile (NIST AI 600-1); NIST-to-ISO 42001 crosswalk. GAICC, "NIST AI Risk Management Framework: A Complete Guide" (2026).
- Moffatt v. Air Canada, 2024 BCCRT 149 (British Columbia Civil Resolution Tribunal, February 14, 2024); CBC News and Forbes coverage — the tribunal rejected Air Canada's argument that its chatbot was "a separate legal entity" and held the airline liable for negligent misrepresentation by its AI.
- Holland & Knight, "Federal Court Allows Collective Action Lawsuit Over Alleged AI Hiring Bias" (2025); Forbes, "A Federal Judge, A 1967 Law And A Billion Rejected Job Applications" (May 2026) — Mobley v. Workday, Inc., N.D. Cal. No. 3:23-cv-00770; motion to dismiss denied on an "agent" theory (2024), nationwide ADEA collective certified May 16, 2025, further motion to dismiss rejected March 6, 2026.
- Quinn Emanuel, "When Machines Discriminate: The Rise of AI Bias Lawsuits" (2025); Mobley v. Workday, Inc., 2025 WL 1424347 (N.D. Cal. May 16, 2025), collective action certification.
- EEOC guidance on AI and disparate impact; U.S. Equal Employment Opportunity Commission enforcement position that lack of intent is no defense.
- Wiley, "2025 State AI Laws Expand Liability, Raise Insurance Risks" (2025); Elevate Consult, "The Cost of Inaction" (2026) — on new private rights of action, AI-specific insurance exclusions, and the per-case cost of AI failures in financial services.
- GAICC, "Global AI Governance Comparison 2026: EU AI Act vs NIST AI RMF vs ISO/IEC 42001" — on framework convergence and the gap for agentic AI.
- Angela Reddock-Wright, "AI-Driven Hiring Bias: The Next Frontier of EEOC Enforcement" (2026) — on vendor liability and the value of documented human review and indemnification.
Educational reference, not legal advice. Regulatory details and case status reflect the position as of July 2026 and continue to evolve; verify specifics against current sources for your jurisdiction before acting.