AI agents now automate the execution of certain tasks and decisions in business. But one question remains: who takes responsibility when they act?
The first uses of generative AI were in assistance. Agents mark a breakthrough: they no longer only help to decide, they execute and trigger actions.
This shift shifts a key boundary: that between recommendation and action.
This development raises a question that is still largely underestimated: who is responsible for their decisions and their actions? The IT department which controls the systems, the business teams which define the objectives, the data teams which design the models, or the legal departments responsible for guaranteeing compliance? Everyone intervenes, but no one takes complete responsibility.
What is at stake is not ownership, it is delegation: companies now authorize systems to act without having clearly defined who bears the consequences.
Behind this question lies a strategic choice. The adoption of agents goes beyond the technological question and becomes an organizational decision that will determine whether these systems create an effect of scale… or a new fragmentation of operations.
Systems that run without clear supervision
For decades, enterprise IT architecture was based on relatively stable logic. The infrastructures supported the applications, the applications manipulated the data and the users made the decisions.
AI agents change this balance. They constitute a new software layer capable of orchestrating actions across multiple systems. They interpret instructions, mobilize data and act directly via interfaces or APIs. They no longer content themselves with producing information: they produce effects.
This capability transforms agents into true digital operators. Their impact directly depends on the systems to which they are connected. An agent limited to an internal documentation tool remains relatively harmless. An agent connected to a CRM, a customer database or a billing system can influence critical operations.
For example, an agent responsible for qualifying leads can automatically redirect sales opportunities. A configuration error does not just produce a bug: it directly degrades turnover.
Adoption is growing rapidly. About 35% of companies already use AI agents in some functions and 44% plan to deploy them soon. However, less than half say they have a clear framework to govern their governance. The gap between technological adoption and organizational maturity is therefore already beginning to appear.
As soon as systems make decisions and execute actions, the question of responsibility becomes central.
Centralization vs. autonomy: a debate that misses the point
As companies scale up, they face a well-known tension. Should we keep control over the agents via the IT department, or let the business teams move forward more quickly independently?
Centralizing makes sense and allows you to control access to data, secure interactions with critical systems, as well as keep track of automated actions. In a regulatory context reinforced by the AI Act in Europe in particular, this requirement becomes essential.
But too much centralization can quickly become a hindrance and the most relevant use cases often emerge in the field, where the processes are imperfect and the irritants are clearly identifiable.
Letting professions experiment freely accelerates innovation, but at the cost of a very real risk. That of seeing the appearance of a multitude of agents developed without coordination, connected to sensitive data and sometimes invisible to the IT department. A situation reminiscent of shadow IT, except that these systems do not observe, they act.
But this debate is ill-posed. Centralizing or decentralizing does not answer the essential question: who is responsible for the decisions made by the systems?
A still unclear chain of responsibility
Today, responsibility is distributed without actually being assigned. The technical teams develop, the business lines use, the compliance functions supervise. But no one is explicitly responsible for arbitrating between local performance and global impact. This point becomes critical when agents optimize specific indicators. An agent can improve a conversion rate while degrading the customer experience or creating operational risks.
In this context, this transformation gives rise to new roles. Some companies are starting to recruit AI architects responsible for designing agentic architectures and supervising their deployment. Others are seeing the emergence of specialized profiles by function, in RevOps, growth, analytics or digital teams, which design agents directly integrated into business processes.
It remains to be seen where to position them. In the IT department, to maintain control of the systems? In the professions, to stay as close as possible to uses?
The mirage of the hybrid model
Faced with these tensions, many companies are converging towards a hybrid model: a centralized platform, combined with business autonomy. On paper, this balance seems relevant. In fact, it often masks an absence of decision on responsibility.
Today, few organizations explicitly designate someone responsible for the decisions made by agents. In the event of an error, responsibility is diluted between technical teams, business lines and control functions. Governance exists in the plans, but disappears in the execution. An organization must define what an agent is authorized to do, within what limits, and in which cases a decision must be validated or escalated to a human. She must also be able to supervise her actions and audit their effects.
This model is based on a clear distinction between the technical platform and business uses. The agentic infrastructure remains under the responsibility of a central team, often attached to the IT department. This team manages data access, security mechanisms, action supervision and audit tools.
Business teams retain responsibility for use cases and operational results. They define what the agent must accomplish and evaluate the value generated.
But this model only works if explicit responsibility is assigned in the event of failure. Until a role is clearly mandated to respond to automated decisions, the hybrid organization becomes a dilution of responsibility rather than a balance.
A responsibility to be explicitly reassigned
AI agents will quickly establish themselves as a key component of digital operations. Their deployment poses less of a technological question than a governance issue.
Companies have learned to structure responsibility for IT systems. They have not yet structured that of the systems that act.
In the years to come, the advantage will go to companies that can clearly organize delegation and responsibility. Because technological autonomy does not eliminate human responsibility: it makes its absence immediately visible.
