Quick answer

This guide addresses incident reporting, a critical compliance area under the EU AI Act. Organisations deploying or providing high-risk AI systems must establish robust incident reporting practices to demonstrate compliance. The conformity assessment framework requires systematic evidence across risk management, data governance, transparency, human oversight, and accuracy.

Updated June 2026 · MmowW AI Compliance

AI Serious Incident Reporting: Article 73 Procedures

Regulatory Context

The EU AI Act establishes comprehensive requirements for incident reporting of AI systems. For high-risk applications, these requirements are mandatory and must be demonstrated before market placement. Understanding the regulatory framework is essential for both providers and deployers.

The Act's approach to incident reporting draws on established EU product safety regulation but adapts it for AI's unique characteristics — ongoing evolution, data dependency, and potential for emergent behaviour. This guide covers classification, timelines, authority notifications, and corrective actions in practical detail.

Requirements and Methodology

The methodology for incident reporting should be systematic, evidence-based, and aligned with Articles 8-15 requirements. For each area — risk management (Article 9), data governance (Article 10), technical documentation (Article 11), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), accuracy and robustness (Article 15), and quality management (Article 17) — verify both design and implementation.

Evidence collection includes documentary evidence (policies, procedures, test results), operational evidence (system logs, monitoring dashboards, incident reports), and interview evidence from developers, operators, and governance personnel.

Practical Steps

Begin with scoping: identify which systems require incident reporting, determine the appropriate pathway (self-assessment under Article 43(2) or third-party assessment under Article 43(1)), and establish timelines. Most high-risk AI can use self-assessment with harmonised standards; biometric identification requires notified body assessment.

Develop assessment criteria mapped to AI Act requirements and available harmonised standards. Each criterion should have clear pass/fail indicators and evidence requirements. This ensures comprehensive coverage without gaps.

Documentation and Continuous Compliance

Documentation must be maintained for the system's lifetime plus 10 years (Article 18). This includes methodology, evidence, findings, and corrective actions. Documentation must support market surveillance authority verification during inspections.

Compliance is ongoing. Substantial modifications to AI systems (training data changes, architecture changes, purpose changes) may trigger new assessments. Establish change management procedures with compliance impact assessment for all significant modifications.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.