Air Canada Got Sued for Their Chatbot's Wrong Answer. Here's How to Prevent It.

The chatbot said yes. The policy said no.

In 2022, Jake Moffatt went to Air Canada’s website to ask about bereavement fares. His grandmother had passed away, and he needed to fly from Vancouver to Toronto.

He used Air Canada’s chatbot. It told him he could book a full-fare ticket now and apply for a bereavement discount retroactively within 90 days.

He did exactly that. He booked the flight, attended the funeral, and submitted a refund request.

Air Canada denied it. Their actual bereavement policy required passengers to apply before booking, not after. The chatbot had given him the wrong answer.

Air Canada argued the chatbot was a “separate legal entity”

When Moffatt took Air Canada to the British Columbia Civil Resolution Tribunal, the airline’s defense was remarkable: they argued the chatbot was a separate entity responsible for its own statements, and that only the airline’s official written policies should count.

The tribunal rejected this entirely.

The ruling was unambiguous: Air Canada is responsible for all information on its website, including information provided by its chatbot. The company cannot create a tool, put it on its website, and then disclaim responsibility when that tool gives wrong advice.

Air Canada was ordered to compensate Moffatt for the fare difference — approximately CAD $812.

The dollar amount was small. The precedent was not.

Why this matters for every company with a chatbot

The Air Canada case isn’t an isolated incident. It’s part of a growing pattern of chatbot liability:

• FTC v. DoNotPay (2024) — $193K settlement for falsely claiming its AI chatbot could replace lawyers
• Garcia v. Character.AI (2024) — Family sued after teen’s interactions with chatbot led to tragedy
• Raine v. OpenAI (2025) — Wrongful death lawsuit alleging ChatGPT manipulation
• Seven families v. OpenAI (2025) — Pattern of chatbot harm litigation in California

And the regulatory landscape is about to change everything:

The EU AI Act — enforcement begins August 2026

The EU AI Act (Regulation 2024/1689) requires customer-facing AI systems to be transparent, auditable, and traceable. Non-compliance penalties:

• Up to €15M or 3% of global annual turnover for transparency violations (Article 50); up to €35M or 7% for prohibited AI practices
• Transparency obligations for customer-facing AI took effect August 2, 2026 (Article 50)
• Full high-risk AI system requirements enforce August 2, 2026 (Chapter III)

This isn’t just about lawsuits anymore. It’s about regulatory compliance. Every company with a customer-facing chatbot serving EU users needs to demonstrate that their AI produces auditable, verifiable outputs.

Consider the scale:

• Airlines handle millions of policy inquiries — refunds, cancellations, baggage, fare rules
• Banks field questions about loan terms, fee structures, account policies
• Insurance companies get asked about coverage, claims processes, exclusions
• Telecom providers answer questions about plan terms, cancellation fees, data limits
• E-commerce companies respond to queries about returns, warranties, shipping policies

Every one of these interactions is a potential liability event. The chatbot answers confidently. The customer relies on that answer. When the answer is wrong, the company owns it — chatbot or not.

The math is uncomfortable

A large enterprise might handle 10,000 chatbot conversations per day. If even 1% of those answers contain incorrect policy information, that’s 100 wrong answers every single day.

Each one is a customer who might:

• Request a refund or benefit they’re not entitled to (and you may have to honor it)
• File a complaint with a consumer protection agency
• Post the conversation on social media
• Take you to court, citing the Air Canada precedent

And 1% is optimistic. Large language models hallucinate at significantly higher rates when asked about specific policy details, edge cases, and conditional terms — exactly the questions customers ask.

The root cause: LLMs generate answers, they don’t verify them

The fundamental problem isn’t that chatbots sometimes get things wrong. It’s that the architecture of most AI chatbots has no verification step.

Here’s how a typical AI customer support chatbot works:

1. Customer asks a question
2. The LLM retrieves some context from a knowledge base
3. The LLM generates an answer based on that context
4. The answer is shown to the customer

Step 3 is where the risk lives. The LLM doesn’t check whether its generated answer actually matches the source documents. It produces text that sounds right — and sounds right is not the same as is right.

The Air Canada chatbot didn’t maliciously mislead Moffatt. It generated a plausible-sounding answer about a bereavement policy. It just happened to be wrong.

What self-verifying AI changes

What if there were a step between “generate answer” and “show to customer” — a step that checks every fact against the actual source document?

That’s what self-verifying AI does. Evidoc offers two deployment modes:

Shield Mode — zero latency, async verification

Your existing chatbot answers instantly. Evidoc monitors in parallel:

1. Customer asks a question
2. Your chatbot responds immediately (no delay)
3. Evidoc verifies the answer against your documents in the background
4. If a wrong answer is detected, Evidoc catches and corrects it within seconds
5. Every interaction is logged with the verification result

This is the easiest way to start — no changes to your chatbot architecture, zero latency impact.

Gate Mode — full verification before delivery

Evidoc becomes your chatbot’s knowledge backend:

1. Customer asks a question
2. The system retrieves relevant passages from your policy documents
3. An answer is composed from those passages
4. Every fact in the answer is checked against the source text
5. Unsupported claims are caught and removed
6. The verified answer — with citations to exact policy sentences — is delivered to the customer

If a claim can’t be confirmed from your documents, it doesn’t reach the customer. Full compliance from day one.

What this would have meant for Air Canada

If Air Canada’s chatbot had used self-verifying AI:

• The system would have retrieved the actual bereavement fare policy
• It would have checked the chatbot’s answer against that policy
• The claim “you can apply retroactively” would have failed verification — because the policy says otherwise
• The customer would have received either the correct answer or a response indicating the system couldn’t confirm the retroactive application option

No lawsuit. No precedent. No headlines.

The citation layer: proof your legal team can use

Self-verification alone isn’t enough. You also need an audit trail.

When a customer disputes what the chatbot told them, you need to show exactly which policy document, which section, which sentence the answer came from. Not a log of the LLM’s output — the actual source text the answer was verified against.

This is what citation-based verification provides:

• Every answer includes references to specific sentences in your policy documents
• The customer (or your legal team) can click a citation and see the exact sentence highlighted on the original document
• Every interaction is logged with the source it was verified against

This transforms your chatbot from a liability into an asset. Instead of “the chatbot said something, and we can’t prove what it was based on,” you have “the chatbot answered based on section 4.2 of our refund policy, and here’s the exact sentence.”

The regulatory tailwind

The Air Canada ruling isn’t the only pressure point. Regulation is making compliance mandatory:

• EU AI Act (Aug 2026) — Customer-facing AI must be transparent, auditable, and traceable. Fines up to €15M or 3% of global annual turnover for transparency violations; up to €35M or 7% for the most serious breaches.
• FTC enforcement (US) — The DoNotPay settlement ($193K) shows US regulators are actively pursuing false AI claims
• US state consumer protection laws — Multiple states are introducing AI disclosure requirements
• Industry regulators — Financial services, healthcare, and insurance regulators increasingly require that customer-facing AI produce auditable, traceable outputs

Self-verifying AI with source citations and a full audit trail isn’t just good practice — it’s becoming a legal requirement.

What to do now

If your company deploys an AI chatbot for customer support, ask these three questions:

1. Does your chatbot verify its answers against your actual policy documents before responding? If it uses an LLM to generate answers without a verification step, you have the same exposure Air Canada did.

2. Can you prove what source document any chatbot answer was based on? If a customer disputes an answer next month, can your legal team pull up the exact policy sentence the answer was derived from?

3. What happens when your chatbot doesn’t know the answer? Does it confidently generate something plausible, or does it acknowledge uncertainty? The safest chatbot is one that says “I’m not sure” rather than one that says something wrong with confidence.

If the answer to any of these is no, the Air Canada precedent applies to you.

---

How Evidoc solves this

Evidoc is a self-verifying AI engine built for exactly this problem. Upload your policy documents — refund policies, terms of service, warranty documents, service agreements. Every answer is verified against the source text before delivery, with citations to the exact sentence.

Start with Shield Mode to monitor your existing chatbot with zero disruption. Upgrade to Gate Mode when you’re ready for full verification before every response.

Both modes produce a complete audit trail — every answer logged with the source it was verified against. EU AI Act ready.

Your chatbot stays helpful. Your company stays protected. Your compliance team stays calm.

Try Evidoc Free →