An AI model can write code, analyze a document, send a message, change a system's configuration. It does this on its own — it picks a solution, makes hundreds of small decisions a human never sees. Which raises a question that sounds philosophical but is entirely practical: when AI does something harmful, who is responsible?
The answer we arrived at in practice — and which the direction of regulation confirms — is simple: the human who issued the instruction is responsible, not the tool that carried it out. But the principle alone is not enough. Below we show why it is right and, more importantly, how to turn it from a declaration into a mechanism that actually works.
The knife analogy — and its limit
A knife can slice bread or wound a person. No reasonable person blames the knife — the one who held it is responsible. AI works similarly: it is a tool executing a goal set by a human. The direction, context and boundaries are defined by whoever gives the instruction — and it is that person who bears responsibility for the outcome.
There is, however, a difference that must not be overlooked: scale. A knife acts within one arm's reach. AI with decision-making autonomy can perform the same action a thousand times, in many places at once, in seconds. This does not change who is responsible — it changes how seriously the moment of issuing the instruction must be treated. With a knife, the consequence of a mistake is local. With AI acting at scale, it is not.
That is why the responsibility of the instructing party is not a convenient way to offload blame onto a human. It is the recognition that the point where a human gives a command is the critical point — and that the system must be built so that this point is deliberate, visible and controlled.
What the law says
This is not just our intuition. The European AI Act organizes obligations around the human and the company that deploy and use AI (the provider and the deployer), not around the model as an independent "actor." Legally, a model is not an entity that can bear responsibility — the one who launched it for a specific purpose is. The direction is consistent worldwide: regulate the use and the user, not the tool itself.
The practical takeaway for anyone deploying AI: you must understand the scope of autonomy of the system you launch — what it can do on its own and what it cannot — because you are responsible for what it does.
The principle is not enough — it has to be built in
This is where the difference between talking about responsibility and enforcing it begins. You can write "the operator is responsible for the AI's actions" into a policy, and nothing will come of it if the AI does everything silently and the human learns of the consequences after the fact.
In our systems, responsibility is not a clause — it is a mechanism. Built from three elements:
1. Classification of actions. Before anything happens, every possible action belongs to one of three classes:
- reversible — the AI does it on its own (e.g. preparing content, analysis, a draft),
- irreversible — only with the explicit consent of a human (publishing, deleting data, sending something outside, changing a live system),
- prohibited — always refused, no matter how the instruction is phrased.
Ordinary, reversible work flows without friction. But at the threshold of every no-return decision stands a human.
2. One-time consent (the gate). Irreversible actions require a one-time consent token, issued exclusively by a human operator. The AI has no way to grant itself such consent. This is a control point where the decision deliberately returns to a human.
3. The ledger. Every such decision — who approved what, and when — goes into a permanent ledger. Responsibility without a trace is empty; with a ledger it becomes auditable. After the fact you can always reconstruct who made the decision and on what basis.
The result: "the instructing party is responsible" stops being a slogan and becomes something visible in the logs.
Honestly about the limits
- The gate is convention and audit, not a sandbox. It is not hard technical isolation — its strength is discipline and a trail, not physical impossibility. The system assumes a trusted environment under supervision.
- Responsibility requires an operator. There is no "fully autonomous AI that answers for itself" — because no such entity exists, technically or legally. The human is part of the construction, not a gap in it.
- The mechanism does not replace judgment. Classifying actions and the gate help make a decision deliberately — but whether the instruction was wise remains on the human's side.
Summary
The human who issued them is responsible for the instructions given to AI — that is clear and legally grounded. The difficulty lies not in the principle but in enforcing it: easy to write, hard to make actually work. Our answer is to move responsibility from the policy document into a mechanism — classification of actions, a gate on irreversible ones, a ledger of decisions. This turns responsibility from a declaration into something you can verify.
It is also a distinction worth remembering when choosing an AI provider: don't just ask "does it work," ask "where is the human in this system, and what is recorded." If the answer is "the AI handles everything by itself" — that is not an advantage. That is a gap.
MafiaAI — a team of people and AI agents building tools, websites and solutions. We build responsibility into what we make — we don't just add it in the footer. t8.pl