Quick answer

When an AI incident occurs: stop using the AI for that task, assess the impact, notify relevant parties (vendor, affected individuals, authorities if serious), and document everything.

Updated June 2026 · MmowW AI Compliance

What to Do When AI Goes Wrong: Your Incident Response Plan

Why This Matters

When an AI incident occurs: stop using the AI for that task, assess the impact, notify relevant parties (vendor, affected individuals, authorities if serious), and document everything.

Under the EU AI Act, having documented AI governance demonstrates that your business takes AI compliance seriously. If regulators or clients ask how you manage AI use, pointing to established practices is far better than starting from scratch.

Step 1: Identify and Contain

Train your staff to flag potential AI incidents — a wrong recommendation sent to a client, a data leak, a biased output. Once identified, contain the situation: stop using the AI for that task, prevent the problematic output from being acted upon, and preserve evidence.

Speed matters. The faster you contain the issue, the less damage it causes. Make sure everyone knows who to contact and how to escalate.

Step 2: Assess and Notify

Assess severity. Ask: did anyone suffer harm? Was personal data exposed? Was a wrong decision made about someone? Based on severity, notify: your AI vendor (always), affected individuals (if impacted), regulatory authorities (if serious under Article 73), and your team (to avoid the same problem).

Keep communication factual. Don't speculate — report what happened and what you're doing about it.

Step 3: Investigate and Fix

Once the immediate situation is handled, investigate what went wrong. Was it a tool malfunction, user error, or process gap? Document findings and implement fixes — update your policy, provide additional training, restrict the tool, or switch to a different one. Use every incident as a learning opportunity. Keep a record of every AI incident, no matter how minor.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.