The legal question that will define the next decade of enterprise AI is not "can AI be liable?" It is "who is liable when AI acts autonomously, and how do you prove it?"
The answer depends entirely on the quality of the governance infrastructure surrounding the AI system. With adequate infrastructure, the chain of authority from the governance policy to the specific action is provable and auditable. Without it, liability is ambiguous — and ambiguity in legal proceedings defaults to the party with the deepest pockets and the most exposure.
The Attribution Gap
Traditional software systems have a well-understood liability model. A bug causes a financial loss. The loss traces to the bug. The bug traces to a code change. The code change traces to a developer, a review process, and a deployment record. The chain of attribution is documentable, if not always clean.
AI systems deployed autonomously break this chain. When an AI agent declines a loan application, approves an insurance claim, restricts a trading position, or executes a customer-facing communication, the decision traces not to a specific line of code but to the combination of model weights, system prompt, governance configuration, and context window at the time of the inference. None of these are static. All of them can change independently.
This is the attribution gap: the gap between "an AI made a decision" and "I can prove what governance framework authorized that decision and why."
Reconstructing the exact conditions under which a specific decision was made — weeks later, in response to a regulatory inquiry — is often not possible with existing logging practices.
Why the Gap Is Growing
The attribution gap grows as AI systems become more autonomous. A chatbot that assists a human decision-maker has a human in the attribution chain. The human reviewed the AI's output and made the final decision. Legal exposure attaches to the human's judgment, informed by the AI's assistance.
An agent that executes a multi-step workflow autonomously, within a governance envelope approved by a human at task initiation, has removed the human from each individual decision. The governance envelope is doing the work that human review previously did. If the governance envelope cannot be proven — if there is no verifiable record of what the envelope specified and that it was actively enforced — the attribution chain ends at "the AI did it."
An organization that cannot prove its governance configuration was actively enforced at the time of a disputed decision will have difficulty defending the decision legally. The plaintiff's position is straightforward: the system made an unsupervised decision. Your governance framework either permitted it or failed to prevent it. Either way, you are responsible. Demonstrate otherwise.
What Deterministic Proof Looks Like
An organization with adequate governance infrastructure can respond to a disputed decision with the following artifact chain:
- The signed decision record. A cryptographically signed record containing the canonical hash of the input, the governance rule set version hash, the verdict (ALLOW/MODIFY/BLOCK), the specific rules that triggered, and the timestamp. The signature proves the record was produced by the governance system at the stated time.
- The rule set archive. The exact rule set in effect at the time of the decision, referenced by the hash in the decision record. The archive proves what rules were active.
- The chain continuity proof. The hash chain linking the decision record to the genesis record, proving no records were inserted, deleted, or modified in the period preceding the decision.
- The input archive. The canonical input that was evaluated, referenced by the hash in the decision record. The archive proves what the system was evaluating.
- The independent replay. Running the input against the archived rule set on an isolated machine produces the same verdict as the signed record. The replay requires no access to the live system.
This artifact chain answers the liability question precisely: this input was presented to this governance configuration at this time and produced this verdict, and the record proving it cannot have been altered. The decision was within the authorized governance envelope or it was not. The record is the proof.
What the Absence of This Infrastructure Implies
An organization without this infrastructure, facing a disputed decision, is in a fundamentally different legal position. Its evidence is:
- Log files, which may or may not have been altered, which cannot be independently verified, and which describe what the system produced but not the governance state that governed it.
- Configuration documentation describing what the governance framework was intended to do, which does not prove it was doing it at the time of the decision.
- Attestation from system administrators that the governance configuration was active and unchanged, which is verbal assertion rather than cryptographic proof.
This is the position of most current AI deployments. Verbal assertion and unverified logs are not the same as signed, chain-linked, independently replayable governance records. In a legal proceeding, the difference is significant.
The Regulatory Landscape
Regulatory pressure is moving in one direction on this question. EU AI Act Article 12 requires logging "to the extent appropriate to the purpose" for high-risk AI systems — a deliberately flexible standard being clarified through guidance to mean governance-quality records, not mere output logs. GDPR Article 22 grants individuals rights related to automated decisions, which presupposes that automated decisions can be explained and their basis demonstrated.
In the US, sector-specific regulators — OCC, CFPB, FDIC, SEC — are developing AI governance examination frameworks that will require documentation of governance configurations, evidence that those configurations were actively enforced, and the ability to demonstrate this evidence for historical decisions. SR 11-7 is the template.
None of these frameworks explicitly require the specific architecture of signed, hash-chained, replayable governance records. But each of them implicitly requires the capability that only that architecture provides: the ability to prove, not merely assert, what happened in an AI-governed decision.
The Procurement Decision
For CISOs, general counsel, and chief compliance officers evaluating AI governance infrastructure, the hidden liability question is the one that should drive the evaluation. Not "does the system block bad content?" but "when a decision is challenged two years from now, what can you prove?"
The infrastructure that answers this question exists. It requires deterministic enforcement, cryptographic record signing, hash-chain linking, and offline replay capability. Organizations that deploy AI in regulated workflows without this infrastructure are accumulating liability that they cannot yet see — because the disputes have not yet arrived.
They will.