GovCompass
Nederlands
The GovCompass-7

Element 6 of the GovCompass-7

Accountability

For every system and every decision there is an identifiable party who is answerable, with the authority and information to act.

What it means

Accountability is the property that for every AI system and every AI decision there is an identifiable party who is answerable for it, with the authority and the information needed to discharge that responsibility. It is the element that binds the other six together, because a control without an owner is not a control. The EU AI Act expresses accountability through the allocation of obligations between providers and deployers, the documentation and record-keeping duties of Art. 26, and the registration requirements that make high-risk systems visible to supervisors.

Accountability has a structural dimension and an evidential dimension. Structurally, it requires a clear allocation of roles: who owns each system, who performs oversight, who signs off on deployment, who is answerable to the board and to the regulator. Evidentially, it requires that the discharge of these responsibilities leaves a trail. An organisation that cannot say who approved a given model, or cannot produce the records of how it was governed, has an accountability failure regardless of how well it performed on the other six elements.

Why it matters

Accountability is the element a supervisory authority tests first, because it is the gateway to everything else. The opening question in any examination is "who is responsible for this system, and show me the evidence of how it was governed". An organisation that answers that question crisply, with named owners and a coherent record, signals a programme under control. An organisation that cannot answer it signals the opposite, and invites the deeper scrutiny that surfaces every other weakness. Diffuse accountability, where everyone is vaguely responsible and no one is specifically answerable, is the most common root cause of governance failure.

Governing accountability

The controls establish ownership before deployment and preserve the evidence of governance throughout the lifecycle. This element depends heavily on the discipline of record-keeping, which is unglamorous and routinely neglected.

Control layerControl
PreventiveMaintain an AI inventory that names, for every system, the accountable owner, the oversight function, and the risk classification. Allocate roles formally: system owner, oversight personnel, approver, and the executive answerable to the board. Require documented sign-off before any high-risk system enters use, and verify EU database registration where Art. 49 and Art. 26.8 apply.
DetectiveAudit the inventory for completeness, including the shadow AI that enters through procurement and departmental tooling without governance. Verify that documentation and records are current, not merely present. Review whether named owners are discharging their responsibilities or holding the title in name only.
CorrectiveWhere a system is found without an owner, assign one and bring it into governance before continued use. Where the record is incomplete, reconstruct it and fix the process that allowed the gap. Treat a recurring documentation failure as a programme-level issue, not an individual lapse, and address the underlying process.