Back to Blog
AI Governance

Why an AI Agent Can Never Be Your DRI

Simon Willison's take on "Directly Responsible Individuals" is a reminder that accountability doesn't scale to agents — and that gap is now a governance problem, not a philosophical one.

PyramidLedger Research4 min read
Share

Key Takeaways

  • The "Directly Responsible Individual" (DRI) model, coined at Apple and documented in GitLab's public handbook, assigns one named person as ultimately accountable for a project's success or failure.
  • Simon Willison argues an LLM-powered agent should never hold that role, because accountability requires the capacity to answer for an outcome — something a model cannot do.
  • As agents take on more delegated work inside organisations, teams need an explicit, human-held DRI for every agent-touched workflow, not an implicit assumption that "the AI handled it."
  • This maps directly onto emerging AI governance requirements like ISO/IEC 42001, which expect documented human accountability for AI system outcomes.

In a recent post, Simon Willison revisits a simple but under-examined piece of organisational design: the Directly Responsible Individual, or DRI. The clearest definition he found is in GitLab's public handbook, which traces the term to Apple. A DRI is the one named person "ultimately accountable for the success or failure of a specific project, initiative, or activity." Other people can work on it; the DRI is who the buck stops with.

Willison's point is narrow but sharp: an LLM-powered agent should never be assigned that role. Accountability, in the sense the DRI model requires, is something only a human can hold — a model cannot be held to account for a bad outcome in any way that changes future behaviour, carries consequence, or restores trust with the people affected.

Why this matters beyond org design

This isn't just a management-theory observation. It lands squarely on a problem AI security and governance teams are already dealing with: as agentic systems get delegated more autonomous work — triaging tickets, drafting code, executing multi-step tasks against production systems — organisations can drift into treating the agent as if it owns the outcome. It doesn't, and it structurally can't. Someone still has to be answerable when an agent approves a bad transaction, merges an insecure change, or acts on a poisoned instruction buried in a document it was asked to summarise.

That drift is quiet. Nobody formally decides "the agent is now the DRI." It happens by omission: a workflow gets automated, the human reviewer step gets skipped for speed, and six months later no one can say who actually owns the risk when the agent gets it wrong.

The practical fix: name the human, not the agent

The corrective is unglamorous but concrete: every workflow where an agent has meaningful autonomy — tool access, write permissions, spend authority, customer-facing output — should have an explicit, named human DRI, documented alongside the agent's scope and guardrails. This is also where AI governance frameworks are heading. ISO/IEC 42001, the AI management system standard, expects organisations to demonstrate human accountability and oversight for AI system decisions, not just technical controls. A clear DRI mapping for agentic workflows is a concrete, auditable way to satisfy that expectation rather than a box-ticking policy statement.

There's also a security angle specific to agents that a plain org chart doesn't capture: an agent's "decisions" can be manipulated by inputs it processes — a prompt injection in a fetched webpage, a malicious tool response, a poisoned document. If no human is clearly accountable for reviewing what an agent does with its permissions, that manipulation surface goes unmonitored by design, not by accident.

What we'd recommend teams check

  • For every agent with tool access or write permissions, is there a named human DRI, not just a team or "the AI platform"?
  • Are agent actions with real-world consequence (spend, deploys, customer communication) gated behind a human approval step, or does the agent execute unsupervised?
  • Is agent scope (what tools, what data, what actions) documented anywhere an auditor — or an incident responder — could actually find it?

None of this requires slowing agents down across the board. It requires making explicit what Willison's post makes implicit: accountability is a human property, and treating it otherwise is a governance gap that shows up exactly when something goes wrong.

Frequently Asked Questions

What is a Directly Responsible Individual (DRI)?

A DRI is a management concept, coined at Apple and documented publicly in GitLab's handbook, naming one specific person as ultimately accountable for the success or failure of a project or activity — even though others may work on it alongside them.

Can an AI agent be a DRI?

No. As Simon Willison argues, accountability requires the capacity to be held to account for an outcome, which is a human property. An AI agent can execute tasks within a workflow, but the DRI for that workflow must remain a named human.

How does this relate to AI governance standards like ISO 42001?

ISO/IEC 42001 expects organisations to demonstrate human oversight and accountability for AI system outcomes. Assigning an explicit human DRI to every agent-touched workflow is a concrete way to evidence that requirement rather than relying on an implicit assumption of human control.

Sources

  1. 1Directly Responsible Individuals (DRI)Simon Willison
  2. 2Directly Responsible Individuals (DRI)GitLab Handbook
  3. 3Directly Responsible Individuals (DRI)Simon Willison
Share

Read next