The Air Canada Precedent: Your Chatbot Is Your Liability

In February 2024, the British Columbia Civil Resolution Tribunal ordered Air Canada to pay $812 plus costs to a customer who had been given incorrect information by the airline's AI chatbot. The chatbot had told him he could apply for a bereavement fare retroactively. That policy did not exist. Air Canada argued it was not responsible for what its chatbot said.

The tribunal disagreed. According to the ruling, as reported by Forbes, Air Canada was responsible for all information on its website — including information provided by its AI chatbot — and could not escape liability by claiming the chatbot was a "separate legal entity."

The dollar amount was small. The precedent was not.

What the Ruling Actually Established

The legal reasoning in the Air Canada case is straightforward, but organizations deploying customer-facing AI have been slow to internalize it:

You own what your AI says. An AI chatbot deployed by your organization, operating under your brand, answering questions from your customers, is making representations on your behalf. The fact that the representation was generated by a model rather than written by a human does not change who made it.

"The AI was wrong" is not a defense. Air Canada's defense essentially argued that the customer should have known not to trust the AI. The tribunal rejected this. Customers interact with chatbots because organizations deploy them as authoritative information sources. If they are not reliable, they should not be deployed for that purpose.

The gap between what the AI says and what your policy actually is represents your legal exposure. Every factual claim your chatbot makes — about pricing, policy, availability, terms, warranties, timelines — is a potential liability if it is incorrect.

The Scale of the Risk

Air Canada paid $812. That number understates the actual risk by several orders of magnitude.

Consider: if your e-commerce chatbot gave 500 customers incorrect shipping policy information that led them to make purchasing decisions they would not otherwise have made, the aggregate exposure is not $812. If your healthcare organization's AI assistant provided incorrect coverage information to plan members, the exposure involves potential regulatory action, not just individual claims.

The Air Canada ruling applies to the smallest chatbot deployment. The principle scales with the size of your customer base and the nature of the decisions your chatbot influences.

Common Failure Modes to Audit Now

Hallucinated Policy Claims

Language models hallucinate. It is a well-documented behavior, not a rare edge case. When asked about specific policies, pricing, or terms, models will sometimes produce confident, plausible, incorrect answers — particularly when the information was not clearly present in their training or context.

Mitigation: Ground customer-facing AI exclusively in verified policy documents loaded via retrieval-augmented generation. Test extensively with adversarial questions designed to elicit hallucinated policy claims. Audit outputs regularly.

Outdated Information in the Knowledge Base

A chatbot trained on or connected to last year's documentation will confidently state last year's policies. If prices, coverage terms, or service availability have changed, the chatbot will not know — unless the knowledge base is kept current.

Mitigation: Implement version-controlled knowledge base updates synchronized with policy changes. Document the update process and assign ownership.

Scope Creep Beyond Designed Boundaries

Chatbots deployed for one purpose (customer service FAQs) often receive questions far outside their intended scope (specific warranty interpretations, regulatory compliance questions, medical advice). When they answer those out-of-scope questions with apparent confidence, the liability follows.

Mitigation: Define the explicit scope of what the chatbot is designed to answer. Implement clear escalation paths for out-of-scope queries. The chatbot's response to "I don't have information about that — here's how to reach a specialist" is safer than an improvised answer.

Missing Disclosure

Many jurisdictions now require disclosure that users are interacting with an AI rather than a human. The EU AI Act includes this as a transparency requirement for general-purpose chatbots. Some US state consumer protection regulations include similar requirements.

Mitigation: Ensure your chatbot clearly identifies itself as AI in its initial interaction and in response to direct questions about its nature.

The Governance Controls That Reduce Exposure

Pre-deployment testing against known policy. Before a customer-facing chatbot goes live, test it systematically against every factual claim in your policies. Document the results. Remediate failures before deployment.

Production monitoring for factual accuracy. Implement sampling of chatbot conversations with review against current policy. Flag conversations where the chatbot's response diverges from verified fact.

Incident response plan for chatbot misinformation. When a chatbot provides incorrect information at scale — the AI equivalent of a website publishing incorrect pricing — you need a response plan: how to identify affected customers, what correction or remedy to offer, how to update the model.

Legal review of chatbot persona and scope. Have legal counsel review what the chatbot claims it can help with and what disclosures are in place. The Air Canada case is now precedent that legal teams cite in this review process.

The AI Canada ruling was a preview of a category of litigation that is growing. The organizations that build governance controls around their customer-facing AI now will be far better positioned than those that wait for the tribunal.

Deploying customer-facing AI and want to reduce your legal and reputational exposure? Talk to JP Stratton.