Air Canada was held liable for its chatbot's bad answer

In February 2024, a Canadian tribunal ruled that Air Canada had to honor a refund its support chatbot invented. The damages were small. The precedent — that companies are responsible for what their AI tells customers — was global.

What happened

Jake Moffatt asked Air Canada's website chatbot about bereavement fares after his grandmother's death. The bot told him he could book full fare and apply for a retroactive bereavement refund within 90 days of travel. Air Canada's actual policy required the discount to be requested before travel. The airline refused the refund.

The British Columbia Civil Resolution Tribunal sided with Moffatt and rejected Air Canada's defense — that the chatbot was "a separate legal entity that was responsible for its own actions" — calling it a "remarkable submission." Damages: about CA$812 (CA$650 plus interest and fees).

The fact that the chatbot's answer contradicted Air Canada's policy page elsewhere on the same website did not absolve Air Canada. The tribunal: "It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot."

Why the tiny dollar figure is the wrong story

Coverage focused on the CA$812 ruling. The real story is the precedent: every customer-facing chatbot in every jurisdiction with a small-claims tribunal now has a citation against it. That's why this case showed up in BBC, Washington Post, Reuters, and global business-law outlets — far out of proportion to the dollar amount.

For an enterprise running a chatbot at scale, the exposure compounds:

• One tribunal-level loss per quarter on a 100M-user product is a constant operational tax.
• Class certifiability is the next legal frontier — multiple plaintiffs receiving the same incorrect answer.
• Insurance coverage for "AI-generated misrepresentation" is not yet standard.

The root cause

Air Canada's bot wasn't malicious. It was probably correct on millions of queries. It was wrong on this one because:

1. The prompt that generated the answer wasn't versioned, reviewed, or grounded against the official policy text.
2. There was no "approved by legal" sign-off step before the bot went live for fare-related queries.
3. There was no "if a regulator-relevant error is found, roll this entire question class back to a safer prompt within 5 minutes" mechanism.

This is the exact gap that prompt governance closes.

What would have changed it

A versioned prompt registry with approval workflow turns the bereavement-policy answer into a controlled, auditable artifact:

• Owned by the policy team — not buried in application code.
• Reviewed and signed off by legal before the version is marked "approved."
• Versioned — every change traces back to a person, a date, and a reason.
• Fetched at runtime by the bot via an API token, so updates don't require a redeploy.
• Rollback in seconds when a problem is found — not a weeks-long vendor patch cycle.

What you should do this quarter

1. Inventory every customer-facing prompt your apps use today. They're probably hard-coded strings or scattered across config.yaml files.
2. Move each into a versioned registry with named owners.
3. Require legal review for any prompt that touches policy, fare, refund, eligibility, or contractual language.
4. Wire your apps to fetch the current approved version at runtime — not at deploy time.
5. Test the rollback path. If you can't pull a prompt offline in 60 seconds, you don't have a control.