That has gone back and forth numerous times over the decades, particularly in legal cases concerning unlicensed content sharing. I think the consensus ATM is that they generally aren't on their own, largely because most network access is through shared NAT arrangements.
At most an IP address (definitely v4, v6 depending on your arrangement) identifies a household or office, not an individual, and “it seems someone hacked the wireless, or one of my smart devices, or a rouge plugin turned me into a residential proxy, etc.” muddies the water further, often an IP address identifies nothing more than which mobile data provider or VPN provider the user was connected through.
As a simple for instance: No one warns when all that is collected is the calling hosts' apparent IP address in their web server or other service logs. Only once entries with record of the address are explicitly linked to other PII (i.e. if URLs contain PII like names, addresses, etc, so those are logged alongside the calling address) is it an issue - and even then the recording of that information in the wrong places is the problem (in the HTTP logs example, what is that data about the user even doing existing in URIs?) not the calling IP address.