The travel industry has spent the last eighteen months building systems that can book flights, reserve hotels, and manage itineraries without a human in the loop. The infrastructure for autonomous transactions is arriving faster than anyone predicted. The infrastructure for when those transactions go wrong is barely a conversation.
That gap is the industry’s next serious problem.
The scale of what is being built is not in dispute. Visa expanded its Agentic Ready program globally in late April 2026. Mastercard and Santander completed Europe’s first live end-to-end AI agent payment within a regulated banking framework in March. American Express introduced an agentic commerce developer kit and made a commitment to cover erroneous purchases made by registered agents on its network. The card networks are moving. The airlines and hotel groups are moving. The TMCs are moving.
What is not moving at anything close to the same speed is the legal and operational framework for what happens when an AI agent books the wrong flight, misreads a fare rule, processes a payment the traveler did not intend, or makes a representation the supplier cannot honor.
Skift put the question plainly in March: the industry is spending billions on agentic AI, and no one has answered the most basic question of who pays when it gets it wrong.
The liability question has layers, and each one is harder than the one before it.
The first layer is contractual. Most technology agreements between AI platform providers and their enterprise customers place full responsibility for legal and regulatory compliance on the customer, not the vendor. The AI provider sets the capability. The airline, TMC, or OTA deploys it. When the agent makes an error, the deployer absorbs the consequence. As Clifford Chance noted earlier this year, this creates a direct contradiction: the supplier controls whether the AI agent behaves correctly, yet the customer carries the compliance exposure when it does not.
The second layer is legal. California enacted legislation effective January 2026 that forecloses one of the most anticipated defenses in AI liability cases. Under that law, a defendant cannot use an AI system’s autonomous operation as a defense to a liability claim. Saying the AI made the decision, not a human, does not reduce exposure. Colorado’s AI Act, effective June 2026, goes further, requiring deployers of high-risk AI systems to conduct annual impact assessments and maintain active risk management programs. The regulatory posture is tightening, and it is tightening around the deployer, not the technology provider.
The third layer is operational. When an AI agent books a transaction, the dispute process that exists to resolve contested charges was built entirely around human intent. Chargebacks require evidence of authorization. If the AI agent purchase cannot be traced to explicit user delegation, the transaction is legally fragile from the moment it is made. The cardholder who wakes up to a charge they did not consciously initiate has a strong dispute position regardless of whether they technically authorized the agent to act on their behalf. The merchant, in that scenario, loses. Not because of fraud, but because the authorization trail that card networks require was never built into the agent workflow.
Travel is a particularly exposed category.
High-value transactions, complex fare rules, time-sensitive rebooking scenarios, refund policies that vary by carrier and fare class, and post-booking servicing requirements that no current AI system handles cleanly. These are the same conditions that make errors both likely and expensive.
A corporate traveler whose AI agent rebooks them onto the wrong connection. A leisure booking where the agent selects a non-refundable fare because the refund condition was buried three API calls deep. A group booking where the agent processes payment before confirming seat availability, generating a charge against inventory that the airline subsequently cancels. Each of these scenarios sits in a liability gap that no contract currently covers clearly and no regulator has fully addressed.
The industry is also not operating in a consumer protection vacuum. Travelers are open to agentic booking, but they are not willing to absorb ambiguity around accountability. Research published in March found that the core adoption barrier for agentic travel booking is not concern about losing the enjoyment of planning. It is the operational risk: mistakes, privacy, and dispute resolution. Travelers want to know who fixes the problem when the agent gets it wrong. Currently, the honest answer is that nobody has fully decided.
The payments infrastructure is beginning to adapt, but unevenly.
American Express has made the clearest public commitment, covering erroneous purchases made by registered agents on its network. That is a meaningful step, but it applies only within the Amex ecosystem and only to registered agents operating under its developer framework. Visa’s Agentic Ready program establishes standards for how AI agents can authenticate and transact, but does not yet resolve the chargeback question for agent-initiated disputes that fall outside its defined parameters.
For African markets, the picture is harder still. The dispute resolution infrastructure that card networks provide in European and North American markets, including Verifi, Ethoca, and real-time issuer communication, has uneven coverage across the continent. A transaction that could be resolved through a pre-dispute notification in London may escalate to a full chargeback cycle in Nairobi or Lagos simply because the infrastructure that prevents it has not been deployed at the same depth. When agentic commerce arrives in those markets at scale, it will arrive without the safety net that the global frameworks assume.
None of this is an argument against agentic AI in travel. The capability is real, the efficiency gains are real, and the direction of the industry is not reversing. But the gap between deployment velocity and accountability infrastructure is not a minor technical footnote. It is a structural risk that the industry is collectively choosing to defer while the revenue opportunity is still being defined.
The organizations that will be positioned well when the first significant liability cases arrive are the ones that treated accountability as a design requirement, not an afterthought. That means agent authorization logs that create a verifiable intent trail, dispute workflows built for non-human transaction patterns, contract terms that distribute liability clearly between platform providers and deployers, and consumer-facing disclosures that tell travelers, in plain language, what the agent is authorized to do and what happens when it does something else.
The industry spent years arguing about who owned the customer in the NDC era. The agentic era introduces a harder question: who owns the error. The answer will be established in courtrooms and regulatory proceedings before it is established in industry standards. The organizations that wait for the standards will be the ones paying the legal fees.
