The Accountability Void.
Exploring why AI deployment has outpaced accountability assignment.
On August 2, 2026, the EU AI Act reaches full enforcement. For the first time in any major jurisdiction, organisations deploying high-risk AI systems are legally required to assign human oversight responsibilities to a named individual — someone with the specific competence to understand the system’s outputs and the actual authority to act when something goes wrong. Under corporate law, directors who consciously disregard significant AI governance obligations now face personal liability, not just organisational exposure.
The regulation is forcing an answer to the question most organisations have not asked. Not “do we have a responsible AI policy?” — 89% of organisations now do, according to Stanford’s 2026 AI Index.
But the harder question: who, specifically, is personally accountable when an AI-driven decision causes harm to a specific person?
These are not the same question. One is answered by a document. The other requires a name, a defined scope, and a consequence attached to that name. Organisations have produced documents at scale. They have not produced names.
The accountability void is the gap between those two things — and it is, right now, one of the most consequential and least examined structural problems in AI deployment.
How the void forms
The accountability void is not the product of deliberate evasion. It is the product of how AI deployment actually happened — through a series of individually reasonable decisions that collectively produced an unreasonable result.
When organisations began embedding AI into consequential workflows — screening job applications, scoring creditworthiness, triaging medical records, flagging compliance risk — they typically did so by treating AI output as an input to a human decision. The framing was: the AI recommends, the human decides. The human reviewing the recommendation was accountable for the decision. The AI was a tool, not a decision-maker. This framing made the accountability architecture feel settled.
But as AI capability expanded and the volume of AI-assisted decisions grew, the human review step became faster, more cursory, and less substantive.
What had been genuine evaluation became ratification. The AI recommendation increasingly was the decision. The human approval was a procedural step — performed, in many cases, without the time, the contextual information, or the technical understanding required to meaningfully evaluate what the AI had concluded.
The accountability architecture never moved. It still formally points at the human decision-maker — who is now on the legal hook for a decision they did not meaningfully make. The practical decision-making sits with a system that has no legal subjectivity and cannot be held accountable.
The void is the space between these two positions: formal accountability assigned to a human, practical authority exercised by an algorithm.
What makes the void structurally stable — and therefore dangerous — is that it is invisible as long as everything works. The AI recommendation is accepted. The human ratifies. The outcome is fine. No audit trail reveals that the human didn’t actually evaluate the recommendation; they simply processed it. The void is only exposed at the moment it matters most: when the AI is wrong, the harm is real, and someone needs to answer for it.
The evidence: incidents rising, response quality falling
Stanford’s 2026 AI Index provides the most comprehensive quantitative picture of how this void is developing. The AI Incident Database recorded 362 documented AI incidents in 2025 — up 55% from 233 in 2024. The rate of increase significantly outpaces the growth in AI deployment, suggesting that the tail-risk exposure is growing as a proportion of the deployed base, not just in absolute terms.
More telling than the incident count is what happened to organisational response capability in the same period. The share of organisations rating their own AI incident response as “excellent” dropped from 28% in 2024 to 18% in 2025. The organisations deploying more AI are, by their own assessment, becoming less capable of handling its failures.
Simultaneously, the Foundation Model Transparency Index dropped from an average score of 58 in 2024 to 40 in 2025. The systems that organisations are deploying are becoming less transparent about their own workings at exactly the moment when those organisations need to be more accountable for the outcomes those systems produce.
When the void becomes a lawsuit
The legal exposure of the accountability void moved from theoretical to concrete in 2025. In May, a US federal court certified a nationwide collective action in Mobley v. Workday. Workday’s AI-powered hiring platform was accused of systematically screening out applicants over 40, using a model that evaluated skills alignment and provided ranked recommendations to employers. Applicants received automated rejections without any disclosed AI involvement.
A parallel case targeting Eightfold AI raised the same structural question: applicants were scored and rejected without knowing AI was involved, without access to the criteria, and without a meaningful mechanism for human review. The legal question at the centre of both cases is the accountability void made concrete: if a candidate is scored and rejected by an AI system, and the human reviewer never substantively evaluated the underlying case, who is accountable for the outcome?
“The rapid deployment of AI systems at scale could create substantial responsibility gaps, increasing the likelihood of damages, losses, and wrong expectations.”
— London Business School, “The Governance Gap at the Heart of the AI Boom” (2025)
The policy illusion
89% of organisations now have a formal responsible AI policy. The documents are real. The governance intentions are, in many cases, genuine. The problem is structural: responsible AI policies are written at the organisational level. Accountability for a specific decision affecting a specific person must sit at the individual level.
Organisations have the former. They almost universally lack the latter.
Grant Thornton’s 2026 AI Impact Survey found that most organisational AI governance frameworks remain internal guidelines with no external verification, no shared standards, and no mechanism for assigning individual accountability to specific AI systems. They specify what the organisation believes about AI use. They do not specify who is personally responsible when a specific AI output causes a specific harm.
Three archetypes of nominal accountability
The Policy Owner has genuine accountability for the policy’s existence. They have no meaningful accountability for the specific outputs of specific AI systems. When a specific AI decision causes harm, they can point to the policy’s existence; they cannot answer for the decision.
The Approving Manager signed off on deployment. Their ongoing accountability for specific outputs is formal rather than substantive. Their accountability is institutional — they said yes to the system — but not individual: they did not make the decision that produced the harm.
The Human in the Loop is the formal oversight mechanism. In practice, they are processing volume that makes genuine evaluation impossible. A recruiter reviewing 400 AI-screened candidates in a day cannot meaningfully evaluate 400 AI recommendations. Their formal accountability is intact; their practical capacity to exercise it is not.
What genuine accountability looks like
Genuine accountability for an AI system requires four specific elements.
First, a named individual — not a team, not a policy document — with defined scope.
Second, the competence to understand those outputs: the named individual must have access to the system’s logic, training, known failure modes, and performance data.
Third, the authority to act: the named individual must have the formal power to override, pause, or escalate without requiring multiple levels of approval.
Fourth, a defined consequence: what happens, specifically, when the named individual fails in their oversight function?
Most organisations have zero of these four elements specified for most of their AI systems.
The EU AI Act is forcing all four for high-risk systems. The rest remains in the void.
The closing uncomfortable truth
The accountability void will not resolve itself through continued policy development. It will resolve — in most organisations — through a serious failure that forces the question of who is personally accountable into a context where the answer can no longer be deferred.
The organisations best positioned when that moment arrives are those doing the unglamorous work now: naming the humans accountable for specific AI systems, equipping them with the competence and authority their role requires, and attaching a consequence to that accountability that is real rather than nominal.
Most organisations have a responsible AI policy. Most organisations cannot name the specific human accountable for a specific AI output that harmed a specific person.
One is a document. The other is governance. The document exists. The governance hasn’t arrived yet.


