Zum Hauptinhalt springen
← Back to templates

AI Incident Report Template

Article 62-aligned serious incident report template with notification workflow.

Category: Incidents • Risk level: High

AI Incident Report Template (Serious Incidents)

Legal basis: Serious incident reporting obligations in the final AI Act text (Regulation (EU) 2024/1689; final numbering differs from earlier draft references).
Goal: Enable timely escalation, containment, authority notification, and corrective action tracking.

1) Incident Header

  • Incident ID: [INC-YYYY-###]
  • Detection timestamp (UTC): [YYYY-MM-DD HH:MM]
  • Reporter: [Name/Role]
  • System name/version: [System]
  • Environment: [Prod/Test/Region]
  • Severity: [Low/Medium/High/Critical]

2) Qualification Assessment

  • Does event meet serious incident threshold? [Yes/No]
  • Potential harm domains: [Health/Safety/Rights/Property]
  • Affected population estimate: [Count]
  • Confidence of incident classification: [High/Medium/Low]

3) Incident Description

  • What happened: [Narrative]
  • Trigger/event chain: [Timeline]
  • First observed symptom: [Symptom]
  • Current status: [Ongoing/Contained/Resolved]

4) Impact Assessment

  • Direct impacts: [List]
  • Potential downstream impacts: [List]
  • Rights impacted (if any): [Rights]
  • Financial/operational impact estimate: [Estimate]

5) Immediate Containment Actions

  • Action 1 / timestamp / owner
  • Action 2 / timestamp / owner
  • Rollback/fallback activated? [Yes/No]
  • Customer/user communication initiated? [Yes/No]

6) Authority Notification Track

  • Competent authority identified: [Authority]
  • Initial notification sent? [Yes/No]
  • Notification timestamp: [YYYY-MM-DD HH:MM]
  • Notification reference ID: [ID]
  • Follow-up deadline(s): [Date/time]
  • Internal legal deadline check completed? [Yes/No]
  • Jurisdiction-specific reporting deadline documented? [Yes/No]

7) Root Cause Analysis

  • Primary cause: [Cause]
  • Contributing factors: [List]
  • Why controls failed: [Explanation]
  • Evidence references: [Logs/reports]

8) Corrective and Preventive Actions (CAPA)

  • CAPA ID / owner / due date / status
  • Validation of effectiveness plan
  • Residual risk after CAPA

9) Post-Incident Review

  • Lessons learned summary
  • Policy/process updates required
  • Monitoring updates required
  • Stakeholder debrief completed? [Yes/No]

10) Sign-Off

  • Incident manager: [Name/Date]
  • Compliance/legal reviewer: [Name/Date]
  • Executive approval: [Name/Date]
Download Markdown AI Fill — Pro Plan

Related resources

Risk quiz Glossary Blog