How to Design an AI Incident Response Process
AI incidents are not IT incidents. When a system produces a wrong, discriminatory, or harmful output systematically, the incident may have been occurring for weeks before anyone notices, the harm distributed across thousands of individuals, and the cause difficult to isolate. AI incident response requires its own framework.
Key Takeaways
- AI incidents differ from IT incidents: they may be invisible (plausible wrong outputs), distributed across many individuals, and impossible to investigate without pre-designed logging.
- EU AI Act requires deployers of high-risk systems to report serious incidents — death, serious injury, or violations of fundamental rights — to national market surveillance authorities.
- The five-step process: Detection and Triage → Containment → Investigation → Remediation and Notification → Post-Incident Review.
- Investigation depends entirely on logging quality — a system without sufficient audit trail cannot be investigated, and the inability to investigate is itself a compliance failure.
- Post-incident review findings must feed back into the model card and the AI governance framework — incidents are a governance signal, not just an operational problem.
AI incidents are not IT incidents. When a system goes offline or a database is corrupted, the incident is visible, bounded, and usually reversible. When an AI system produces a wrong, discriminatory, or harmful output — and does so systematically — the incident may have been occurring for weeks before anyone notices. The harm may be distributed across thousands of individuals. The cause may be difficult to isolate, and the organisation's understanding of what happened may depend entirely on logs the system was designed to produce.
This is why AI incident response requires its own framework — designed for the specific failure modes and evidence requirements of AI systems — rather than an adaptation of existing IT incident management.
What Counts as an AI Incident
An AI incident is any event in which an AI system produces an output, takes an action, or fails to act in a way that causes or risks causing material harm, regulatory exposure, or reputational damage. This definition is broader than most organisations initially assume.
It includes: discriminatory outputs affecting protected classes; incorrect decisions in consequential contexts (credit, employment, healthcare); privacy violations arising from AI output; failures that trigger regulatory notification requirements; and outputs that are materially incorrect at a rate or scale that would constitute a systemic failure.
Under the EU AI Act, providers and deployers of high-risk AI systems have obligations to report serious incidents — defined as incidents resulting in death, serious injury, significant property damage, or violations of fundamental rights — to the relevant national market surveillance authority within a defined timeframe.
The Five-Step Incident Response Process
Governance Reference
AI Incident Response — Five-Step Process
EU AI Act requires serious incident reporting for high-risk AI systems
Detection & Triage
Identify that an incident has occurred. Classify severity: serious (regulatory notification), significant (internal escalation), or low-severity anomaly.
Containment
Pause or restrict the affected system if severity warrants. Weigh business impact against compliance and harm risk.
Investigation
Reconstruct what happened and why using audit logs. Depends entirely on logging quality — a system without an audit trail cannot be investigated.
Remediation & Notification
Address the root cause. Determine notification obligations — to affected individuals, regulatory authority, internal stakeholders.
Post-Incident Review
What failed in design, monitoring, or governance? Changes required to prevent recurrence. Feeds directly into model card and governance framework.
Logging must be specified in the architecture phase. Retrofitting adequate audit trail capability after an incident is expensive, often incomplete, and may be too late.
Step 1 — Detection and Triage. Identify that an incident has occurred or may be occurring. This requires monitoring mechanisms to surface anomalous outputs: human feedback channels, automated performance monitoring, statistical drift detection. Classify severity: serious incident (regulatory notification threshold), significant incident (internal escalation), or low-severity anomaly.
Step 2 — Containment. Depending on severity, this may require pausing or restricting the affected system. The containment decision involves business impact (cost of pausing) weighed against compliance and harm risk (cost of continuing). For high-risk systems operating in consequential decision contexts, the threshold for containment should be lower than most organisations default to in practice.
Step 3 — Investigation. Reconstruct what happened and why. This depends entirely on the quality of the system's logging. A system without an adequate audit trail — capturing inputs, outputs, and the decision path for affected transactions — cannot be investigated. The inability to investigate is not just a practical problem; for high-risk systems under the EU AI Act, it is a compliance failure in its own right.
Step 4 — Remediation and Notification. Address the root cause: model update, data correction, rule addition, deployment parameter change. Determine notification obligations — to affected individuals, to the relevant regulatory authority, to internal stakeholders. Document the remediation actions taken and their expected effect.
Step 5 — Post-Incident Review. What failed in the system's design, monitoring, or governance that allowed this incident to occur? What changes are required to prevent recurrence? This review should feed directly into the system's model card and into the organisation's AI governance framework. Incidents are a governance signal, not merely an operational problem to be resolved and closed.
The Logging Requirement
An AI incident response process without adequate logging is a framework built on sand. The system cannot be investigated because the evidence does not exist.
The EU AI Act requires that high-risk AI systems produce logs sufficient to reconstruct the system's behaviour over a relevant period and to provide evidence of correct operation. The specification of what "sufficient" means for a given system — what is logged, at what granularity, for how long — is part of the system's governance design. It must be specified during the architecture phase, before implementation begins. Attempting to retrofit adequate logging into a deployed system after an incident is expensive, often incomplete, and may be too late.
Imagine Works designs AI governance frameworks including incident response processes for enterprise AI deployments. Book a governance discovery call.
Related Service
AI Governance & Risk Design
Designing the governance framework and risk architecture that keeps your AI systems compliant, auditable, and board-ready — before regulation forces the issue.
Explore this serviceMore Insights
More on AI Governance
AI Procurement: What to Demand in a Vendor's Governance Documentation
When organisations procure traditional software, the governance due diligence checklist is mature. AI procurement is different — the systems are not deterministic, their outputs depend on training data and deployment context the buyer does not control, and the consequences of inadequate due diligence are higher. Here is what to ask.
What Is an AI Model Card — and Why Every Enterprise AI System Needs One
Every AI system has a design history: what data it was trained on, what it was optimised for, where it performs well and where it does not. Almost none of this is documented in a way that the people operating or affected by the system can access. A model card changes that.
General-Purpose AI Models and the EU AI Act: What the August 2025 Obligations Mean
The EU AI Act's General-Purpose AI provisions became enforceable in August 2025. For organisations using foundation model APIs, fine-tuning GPAI models, or building products on large language models, the obligations are direct and material. Here is what changed and what it requires.