This article deals with establishing the criminal responsibility, through the model of commission by omission, of autonomous weapon systems (AWS) users in situations where failures to suspend AWS-driven attacks have caused a war crime. The author tackles the question of whether an omission to stop such an AWS may amount to the actus reus of war crimes of unlawful attacks and does so by establishing how the doctrine of commission by omission can be applied on the basis of the grave breaches regime in the First Additional Protocol to the Geneva Conventions and the Rome Statute of the International Criminal Court. In deconstructing the status of commission by omission under both these legal frameworks, this article analyses whether the substantive conditions of commission by omission, namely, the legal duty to act and the capacity to act, are met. The author suggests that ‘human control’, manifested in the ability to supervise, intervene and stop an AWS-driven attack, should be considered a necessary pre-condition for the imputation of criminal responsibility in at least some expected scenarios of AWS use. In the absence of such human control, there would be no accountability for unlawful attacks, including indiscriminate attacks, caused by AWS, which would lead to impunity for such crimes. On the one hand, the attribution of responsibility by omission has, therefore, crucial implications for closing the ‘responsibility gap’ within this context. On the other hand, based on the analysis of ‘control’ as the key principle for criminal responsibility by omission, the author argues that an additional treaty obligation should be adopted to ensure human control over AWS and preserve accountability for potential unlawful attacks.