AI Incident Reporting

What Is AI Incident Reporting?

Article 62 of the EU AI Act requires providers and deployers of high-risk AI systems to report serious incidents to market surveillance authorities within strict deadlines. In this exercise, you investigate an AI-powered customer onboarding system that has been rejecting applicants from specific regions, determine whether the anomaly meets the Article 62 threshold for a serious incident, contain the damage, file the report, and resist vendor pressure to delay.

What You'll Learn in AI Incident Reporting

• Identify what constitutes a 'serious incident' under Article 62 of the EU AI Act
• Apply the correct order of response: contain, investigate/report, remediate
• Understand reporting timelines for providers and deployers of high-risk AI systems
• Recognize and resist pressure to delay mandatory incident reporting
• Document AI incidents accurately for submission to market surveillance authorities

AI Incident Reporting — Training Steps

1. Article 62: Serious Incident Reporting

   Under Article 62 of the EU AI Act, providers and deployers of high-risk AI systems must report 'serious incidents' to the relevant market surveillance authority. A serious incident is one that may constitute a breach of fundamental rights, or causes death, serious damage to health, property, or the environment. Reporting timelines are strict, and both providers and deployers have distinct obligations. Today, one of your company's AI systems has triggered exactly this scenario.

2. An Urgent Support Escalation

   Alice receives an urgent email from the customer support team. They have flagged a disturbing pattern in the OnboardAI system - the company's AI-powered customer onboarding tool.

3. Checking the AI Dashboard

   Alice opens the AI monitoring dashboard to confirm the anomaly with hard data. The dashboard tracks all AI system metrics including approval rates, alerts, and operational costs.

4. Confirming the Anomaly

   The dashboard confirms what customer support reported. The critical alert shows a clear, systematic pattern of regional discrimination by the OnboardAI system.

5. Is This a Reportable Incident?

   The data is clear. Now Alice must determine: does this meet the threshold for a 'serious incident' under Article 62? The answer is yes. Systematic discrimination affecting 230 applicants constitutes a potential breach of the right to non-discrimination - a fundamental right protected under EU law. Key factors that make this reportable: Systematic pattern: Not a random error, but a consistent 0% rejection rate sustained over 7 days Fundamental rights impact: The right to non-discrimination is a protected fundamental right Significant scale: 230 people denied access to services based on their region Ongoing harm: The system is still actively rejecting applicants right now

6. Immediate Containment

   Before investigating the root cause or filing a formal report, the first priority is containment. The OnboardAI system is still actively rejecting applicants from the affected regions right now. From the AI dashboard, Alice halts the OnboardAI system and routes all applications from the three affected regions to manual processing. No more automated decisions until the system is investigated and cleared. The correct order of response is: contain first , then investigate and report. Never wait for root cause analysis before stopping ongoing harm.

7. Signing in to the Incident Portal

   With the system contained, Alice opens the internal incident reporting portal. Access is restricted to authorized operations staff - she signs in with her corporate credentials before filing the report.

8. Filing the Incident Report

   Alice fills in the incident report with the facts the support team confirmed and the containment actions the operations team has already taken. This report will route to the compliance team, who will forward it to the market surveillance authority.

9. Why Each Section Matters

   The report is now part of the official record. Each section serves a specific purpose for the compliance team and the market surveillance authority.

10. Reporting Timelines

    The report has been submitted internally. Now, the legal timeline begins. Under Article 62, providers of high-risk AI systems must report serious incidents to the market surveillance authority: Immediately after the provider or deployer has established a causal link between the AI system and the incident No later than 15 days after becoming aware of the serious incident Deployers must inform the provider without undue delay. Both providers and deployers must cooperate fully with any subsequent investigation by the authorities. SynapseAI deploys OnboardAI but did not build it - the provider is OnboardAI's vendor. SynapseAI must notify them immediately so they can fulfill their own reporting obligations.