The Accountability Question

: When Building AI Decisions Have Human Consequences, Who Answers?

By James Waddell | President, Cognitive Corp | IFMA ITC Board Member

March 2026

The Question Nobody Wants to Answer

Sometime in the next twelve months, an autonomous building AI system will make a decision that causes measurable harm to a person. Not a theoretical harm. Not a privacy concern. A physical, documented consequence that a regulator, a legislator, or a lawyer will investigate.

When they ask “who decided this?” the answer will reveal the biggest gap in the entire smart building industry: nobody is accountable for autonomous building AI decisions. Not the vendor who sold the system. Not the facilities team who deployed it. Not the CTO who approved the purchase. Not the board who set the efficiency targets.

The accountability question is not about blame. It’s about governance. And right now, for the vast majority of autonomous building AI systems operating across healthcare, data centers, government housing, and critical infrastructure, the governance doesn’t exist.

Three Environments Where Accountability Is Non-Negotiable

Healthcare: Where Building Decisions Are Patient Safety Decisions

ECRI, the nation’s leading patient safety organization, ranked insufficient AI governance as the #2 patient safety threat for 2025. Not insufficient AI technology. Insufficient AI governance.

In a hospital, building AI doesn’t just optimize energy. It controls the environment in which patient care occurs. Surgical suite temperature. ICU air pressure. Pharmacy cold storage. Blood bank refrigeration. Neonatal unit humidity. Each of these systems is governed by regulatory standards — CMS, Joint Commission, state health departments — that assume a human made the decision.

A major hospital system operating 191 hospitals and 2,400 ambulatory sites across 20 states faces a staggering governance challenge. Each hospital has a unique regulatory profile. Each state has different AI disclosure requirements (California requires disclosure of AI in patient care; Texas requires written consent). Each building system is connected to patient outcomes in ways that energy optimization algorithms don’t understand.

When an autonomous HVAC system shifts load to optimize campus energy and a surgical suite temperature drifts outside its tolerance window, the accountability question cascades: Did the AI know it was controlling a surgical environment? Was there a human override available? Did the facilities team have real-time visibility? Was the Joint Commission audit trail intact?

Today, the answer to most of these questions is no.

Data Centers: Where Milliseconds of Downtime Cost Millions

Global data center operators manage hundreds of facilities across dozens of countries, each running autonomous cooling and power distribution systems. AI workloads have driven rack densities from 10kW to 100kW — a tenfold increase that makes autonomous cooling not optional but essential.

When these operators deploy AI-driven cooling optimization, they achieve real results: PUE improvements from 1.39 to 1.2, hundreds of megawatt-hours saved annually. But the governance question is harder than the technology question.

Consider: an AI cooling system manages power distribution across a facility hosting customers whose SLAs guarantee 99.999% uptime. The AI reallocates cooling capacity from one zone to another based on thermal modeling. Zone A overheats for 47 seconds. A customer’s critical workload degrades. The SLA is breached.

Who’s accountable? The operator deployed the AI. The vendor designed the algorithm. The customer contracted for specific conditions. The regulator (in Europe, under the EU AI Act) requires quality management documentation for high-risk AI systems. Nobody in this chain was specifically responsible for that 47-second decision.

Now multiply this by 270 facilities in 36 countries with different regulatory frameworks. The governance complexity is enormous — and most operators are deploying autonomous systems faster than they’re building governance frameworks.

Military Housing: Where Congress Is Watching

Military housing operators manage tens of thousands of homes across dozens of installations, serving military families under the watchful eye of Congress, the DoD, and independent compliance monitors. Post-2019, the accountability environment for military housing is arguably the most intense in all of real estate.

As these operators invest in energy efficiency — millions of dollars in HVAC upgrades, solar installations, and smart building technology — the path toward autonomous building management is clear. AI-driven energy optimization, predictive maintenance, and load balancing across installations could deliver significant savings.

But in this environment, “autonomous” doesn’t mean the same thing it means in a commercial office building. Every installation has a base commander with authority over facility decisions. Congress has legislated reporting requirements for housing conditions. The DoD has specific standards for temperature, humidity, and livability that differ from commercial standards.

When a senator’s office receives a call that heating was reduced in military family housing during a cold snap, the accountability question isn’t academic. It’s legislative. And “the AI optimized energy use” is not a viable answer.

Why the Accountability Gap Persists

The accountability gap isn’t accidental. It’s structural.

AI vendors define their systems as “tools” — advisory, not autonomous — to limit liability. But in practice, these systems make thousands of decisions per hour without human intervention.

Facilities teams deploy AI for operational efficiency. They’re evaluated on energy savings and uptime, not on governance frameworks for autonomous decisions.

Regulators haven’t caught up. Building codes, healthcare standards, and infrastructure regulations were written for human-operated buildings. They don’t account for AI.

Procurement processes focus on features and cost. Governance is not a line item in most RFPs. Nobody asks “who’s accountable when your AI makes a decision that harms someone?”

The result is a growing inventory of autonomous building AI systems operating in regulated environments without governance, without accountability chains, and without the ability to answer the most basic question: who decided?

Five Requirements for Answering the Accountability Question

1. Decision Attribution. Every autonomous decision must be attributable to a responsible party — the operator, the vendor, or a specific governance framework. The accountability chain must be defined before deployment, not after an incident.

2. Contextual Explainability. The AI’s decision must be explainable in the vocabulary of the regulator, the patient, the customer, or the legislator who will ask about it. A machine learning confidence score is not an explanation. An audit trail showing the decision logic, the constraints it operated within, and the human override points available — that’s an explanation.

3. Human Override Architecture. For every safety-critical autonomous decision, there must be a defined human override mechanism — not just a kill switch, but a governance layer that determines which decisions require human approval and which can proceed autonomously based on risk classification.

4. Consequence Awareness. The AI must understand (or be governed as if it understands) the consequences of its decisions in human terms. Shifting chiller load is a thermal engineering decision. Shifting chiller load in a building with a surgical suite is a patient safety decision. The governance framework must encode this distinction.

5. Proactive Regulatory Alignment. The governance framework must be mapped to every regulatory context the building operates within — and updated as regulations evolve. The EU AI Act. CMS. FRA. State AI disclosure laws. Fire codes. The framework must speak every regulator’s language.

The Building Constitution Answer

The Building Constitution framework was designed to answer the accountability question before it’s asked. Three pillars:

Explainable AI ensures every autonomous decision is logged with reasoning that maps to the regulatory framework it operates within. When a Joint Commission auditor asks about a temperature excursion, the trail exists. When an EU AI Act compliance officer reviews cooling optimization decisions, the documentation is there.

Human-in-the-Loop ensures safety-critical decisions are escalated to human decision-makers before execution. The AI recommends. The human approves. The governance framework defines the boundary.

Bias Mitigation ensures autonomous optimization doesn’t disproportionately impact vulnerable populations — patients in a hospital wing, military families in housing, small customers in a data center.

The Clock Is Running

The EU AI Act’s high-risk system requirements take effect in August 2026. ECRI has already sounded the alarm for healthcare. Congressional oversight of military housing has never been more intense. Data center operators are deploying autonomous AI faster than any sector.

The accountability question is coming. The organizations that answer it proactively will be the ones that shape the standards. The ones that wait will be the ones explaining to a regulator, a legislator, or a courtroom why nobody was accountable when the AI made a decision that hurt someone.

The choice isn’t whether to build governance. The choice is whether to build it now, on your terms — or later, on theirs.

—

James Waddell is President of Cognitive Corp, an AI enablement company focused on governed autonomy for the built environment. He serves on the IFMA International Technology Council Board and has published extensively on AI governance for facility management, including for the IFMA Technology Community.