Conference Program

iSAQB Software Architecture Gathering 2026

  • Full-Day Workshop (6h)
  • Introductory
  • 19 Nov 2026
  • 09:00-17:00
  • INNSiDE Meliá Berlin: Room 1

Accountability, Agency and the Humans Left Holding the Liability

by Louise Humpington

Please note: This workshop will take place at the hotel INNSiDE Meliá Berlin (Chausseestraße 33, 10115 Berlin) which is located right next to the Titanic Chaussee Berlin, our main venue.

AI is no longer a research concept. It books travel, executes trades, screens job applicants, approves credit, and manages customer interactions, often with no human reviewing the individual decision before it is made. 2025 was the year the technology arrived for the masses. 2026 is the year organisations are discovering what they actually authorised. 2027 is the year that will see the financial fallout of governance failures which could make or break companies.

The accountability problem is not subtle. When AI systems causes harm, whether that is a discriminatory hiring decision, a wrongful credit refusal, or a safety-critical failure, the question of who is responsible is genuinely difficult to answer. The agent acted. No single human made the call. The decision may have emerged from a chain of micro-authorisations, none of which looked consequential at the time. Traditional liability frameworks were built on the assumption that a human made a decision, and that a traceable chain of causation could be reconstructed. AI breaks both assumptions simultaneously.

The legal exposure is already crystallising. California AB 316, which took effect on 1 January 2026, explicitly forecloses the defence that an AI system’s autonomous operation removes liability from the deployer. The EU’s new Product Liability Directive, due for implementation by December 2026, treats software (including AI), as a product subject to strict liability if found defective. Colorado’s AI Act, effective June 2026, requires annual impact assessments for high-risk AI deployments. Workday is currently facing a potential class action covering 1.1 billion job applications rejected by its AI screening tools. The risks of harm have already arrive, and if they are not adequately managed, they represent a potentially significant bottom line liability.

Singapore’s IMDA Model AI Governance Framework for Agentic AI, released at Davos in January 2026, introduced the concept of Meaningful Human Control (defined as the combination of human understanding, intervention capacity and traceability), precisely because existing frameworks were not designed for systems that can act, iterate and escalate permissions without human authorisation at each step. OWASP’s Top 10 for Agentic Applications 2026, developed with input from more than 100 industry experts, identifies agent goal hijacking, identity and privilege abuse, and cascading failures as the most critical systemic risks. None of these are technology problems in isolation. They are governance problems that technology has made urgent.

This session makes the case that the accountability gap in AI is not an edge case or a future concern. It is a present and measurable liability, and it sits partly with the people in this room: the developers, architects and technical leads who are designing the systems and making the scoping decisions that determine what AI can touch, what it can escalate, and what it will never be asked to justify.

What Attendees Will Take Away

Attendees will leave with a working framework they have already begun to apply to their own systems.
• A clear account of the current legal and regulatory landscape for AI accountability, including what existing frameworks do and do not cover, and where the exposure sits for developers and deployers specifically.
• An understanding of the Meaningful Human Control concept and how to audit whether it actually exists in their systems, or whether it has been designed out incrementally through a series of individually reasonable decisions.
• A structured approach to identifying where accountability in their systems is assumed rather than assigned, and the language to take that gap upward, to the people whose job it is to care about it before the audit happens.
• A practical exercise in mapping the permission and escalation architecture of a representative system, identifying the points at which the chain of human oversight breaks down, and asks: who in this organisation can actually see what the tool is doing, and does that person have the authority to stop it?
• An honest account of who absorbs the cost when systems fail, and why the communities most affected by those failures are also the least represented in the rooms where the systems are designed. Not a values argument, but one about the accuracy of systems built without the full range of failure modes in view, which produce failures that were entirely predictable to people who were not in the room.
• An Overview of why Diversity, inclusion and psychological safety are no longer ‘nice to haves’. They are the foundation upon which safe systems are build and the mechanisms needs to ensure that governance is preventative and not a remedial ‘mop up’ operation.