AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← AI Governance Playbook

Question 33 of 46

What do we do when an AI system causes harm or fails?

By Cody Maxwell · AI Governance Institute · March 2026

A structured incident response process for AI failures — from initial detection through containment, root cause investigation, regulatory notification, and prevention.

If you only do 3 things, do this:

  1. 1.Define what counts as an AI incident before one happens. If you're deciding whether something is an incident after it occurs, you've already lost time you needed for containment.
  2. 2.Containment is the first question: can the system be paused, the output recalled, or the decision reversed? These questions need pre-assigned answers. You don't have time to deliberate when something is actively going wrong.
  3. 3.Document the post-incident report even for near-misses. Regulators view documented incidents plus corrective action as evidence of a functioning governance program.

The Situation

Who this is for: Risk, compliance, legal, and technology teams responsible for AI operations and incident response

When you need this: When an AI system produces harmful, discriminatory, inaccurate, or unexpected outputs — or when a near-miss is detected before harm occurs

The Decision

Is this incident within acceptable parameters, and if not, what is our response — immediate containment, investigation, regulatory notification, and remediation?

The Steps

  1. 1Detect and triage: categorize the incident (bias/discrimination, accuracy failure, safety issue, privacy breach, regulatory violation, reputational harm) and assign a severity level
  2. 2Contain: pause the system, recall outputs, or reverse affected decisions as appropriate for the incident type and severity
  3. 3Notify internally: escalate to the appropriate level based on severity; loop in legal for any incident with regulatory or litigation implications
  4. 4Assess regulatory notification obligations: which jurisdictions' rules require notification, to whom, and within what timeframe?
  5. 5Investigate: identify root cause (model failure, data issue, process failure, misuse, or unexpected input distribution)
  6. 6Remediate: fix the root cause, not just the symptom; re-test before restoring full operation
  7. 7Document: produce a post-incident report covering timeline, cause, impact, regulatory notifications made, and prevention measures implemented

The Artifacts

  • AI incident classification matrix (type × severity × response path)
  • AI incident response runbook (step-by-step for each incident type)
  • Regulatory notification obligation checklist (who must be told, when, in which jurisdictions)
  • Post-incident report template (timeline, root cause, impact, notifications, remediation, prevention)
  • AI incident register (log of all incidents and near-misses)

The Output

A documented incident response process with pre-assigned containment and escalation paths, a post-incident report for every material incident, regulatory notifications made on time, and controls updated to prevent recurrence.

Defining and classifying AI incidents

An AI incident is any event where an AI system produces outputs or takes actions that cause or could cause harm, violate applicable regulations, or materially deviate from intended behavior. This includes obvious failures (a model that consistently produces discriminatory outcomes) and subtle ones (a model whose accuracy has degraded below its approved threshold, or a generative AI system that produced a materially false output used in an external communication).

Incident classification drives response. Bias or discrimination incidents require immediate containment and legal review. Accuracy failures require risk assessment of affected decisions. Privacy breaches may trigger data protection notification obligations with specific deadlines. Safety incidents involving physical harm or its risk are the most urgent. Classify on detection, not after investigation.

The response sequence

Containment comes before investigation. Do not spend time on root cause while the system is still running and producing harmful outputs. The containment decision — pause, restrict, or continue with enhanced monitoring — should be made within hours of a confirmed incident, not days. Pre-assign who makes this decision for each high-risk system in your incident response plan.

Investigation should be systematic and documented. The root cause analysis needs to answer: what specifically went wrong, when did it start, how many decisions or outputs were affected, and why did existing monitoring not catch it earlier. That last question is as important as the first. A monitoring system that failed to detect an incident is itself a finding that requires remediation.

Regulatory notification obligations

Several regulatory frameworks impose AI incident notification obligations. The EU AI Act requires providers of high-risk AI systems to report serious incidents and malfunctions to national market surveillance authorities without undue delay. For incidents involving personal data, GDPR breach notification requirements (72 hours to the supervisory authority for high-risk breaches) run concurrently. Sector-specific regulators in financial services and healthcare have their own notification frameworks that may apply depending on the nature of the incident.

Build a notification decision tree into your incident response runbook. The decision tree should identify, for each incident type and severity, which notification obligations are triggered, to whom, within what timeframe, and who has authority to make the notification. Notification obligations often have short deadlines — the 72-hour GDPR clock starts running when you become aware of a breach, not when you finish your investigation.

Governance Controls

Operational controls that implement the guidance in this playbook.

AGT-016Agentic AI Deployment Readiness AssessmentAGT-018Agent Data Modification Blast-Radius ContainmentAGT-020RAG Retrieval Boundary Controls for Regulated DataAGT-023Agentic AI Security Assessment — CBRN and Cyber EspionageAGT-024AI Permission Escalation Tabletop Exercise ProgramBRD-001Director AI Literacy and Competency AssessmentBRD-002AI Governance Committee Charter and Decision RightsBRD-006AI Risk Tolerance and Appetite DocumentationBRD-009Unified Multi-Framework AI Risk RegisterCHM-003Model Rollback and Emergency ShutdownCMP-001Multi-Jurisdiction AI Regulatory Compliance MappingCMP-002International AI Standards Monitoring WorkflowCMP-006AI Content Watermarking and Labeling ComplianceCMP-007EU AI Act Conformity Assessment and FRIA ProcessCMP-008Federal AI Regulatory Monitoring and Pre-Deployment VettingCMP-010AI Use in Regulatory Reporting and Risk ModelingIRC-001AI Incident ClassificationIRC-002AI Incident Response PlaybookIRC-003AI Harm Notification ProceduresIRC-004AI Post-Incident ReviewIRC-005AI Incident Log and TrackingIRC-006Cross-Jurisdictional Incident Reporting TrackerMGV-001AI Model Preview and Staged Release PolicyMGV-004Continuous AI Assurance Function DesignMGV-006RAI Benchmark-Aligned Evaluation FrameworkMGV-010AI Output Pre-Publication Verification for High-Stakes ClaimsPRC-009AI Vendor Concentration Risk AssessmentSAF-003AI Graceful DegradationSCT-002Clinical AI Governance Committee CharterSCT-003Critical Infrastructure AI Risk Assessment and Containment

Not sure where to start? Answer 3 questions and get a tailored compliance action plan.

What applies to me? →