Article 73 requires providers and deployers of high-risk AI to report serious incidents to relevant authorities. A serious incident results in death, serious health damage, serious disruption to critical infrastructure, or a serious breach of fundamental rights.
Article 73: When AI Goes Wrong — Your Incident Reporting Obligations
What Is a Serious Incident
Not every AI glitch needs to be reported to authorities. Article 73 focuses on serious incidents — those that result in or could have resulted in death or serious damage to health, serious and irreversible disruption of critical infrastructure, a breach of EU law obligations protecting fundamental rights, or serious damage to property or the environment.
For most small businesses using AI for routine tasks, serious incidents will be rare. But if you're using AI in areas like healthcare decisions, safety monitoring, or customer assessment, the potential for a serious incident is real and you need to be prepared.
Who Reports and When
Both providers and deployers have reporting obligations, though the specifics differ. Providers must report to the market surveillance authority of the member state where the incident occurred. Deployers must report to the provider and, in some cases, directly to authorities.
The timeline is tight. For incidents involving death or serious health damage, the provider must report immediately and no later than 15 days after becoming aware of the incident. For other serious incidents, the deadline is also 15 days.
How to Prepare
Don't wait for an incident to figure out your response plan. Prepare now by establishing clear internal procedures for identifying and escalating AI incidents, documenting who is responsible for incident assessment and reporting, knowing how to contact your AI vendor's incident reporting team, identifying the relevant national authorities you might need to contact, and creating a simple template for incident reports.
Make sure your staff know what constitutes a potential serious incident and how to escalate it internally. Speed matters in incident reporting, and confusion about who does what costs valuable time.
After Reporting
Once you've reported an incident, cooperate with any investigation by authorities or your AI vendor. Take immediate steps to prevent the incident from recurring — this might mean temporarily suspending use of the AI system. Document everything you learn during the investigation and update your risk assessment and operating procedures based on the findings.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.