Incident Response
From detection to regulator-ready, on the clock.
Reportability assessed against the obligations on the record, notifications timed against the statutory clock, the report sourced from the system itself.
INC-2026-031 · UND-014
Reportable3 regulators
Detected · 02:14
UND-014 produced biased denial rates on a protected attribute over a 4-hour window. Verdict: reportable.
EU AI Act · serious incident15 days14d 09hOn track
GDPR · Art. 33 · breach72 hours65h 04hOn track
FCA Principle 11 · UKPromptlyNotifiedOn track
Clock started at detection · escalations automatedLive
The problem
The first hour decides everything.
An AI-related incident lands in the engineering channel at 02:14. Someone has to decide whether it's reportable, to whom, and inside what window — before anyone can find last quarter's incident playbook.
The clock is already running.
Today · the first hour
Ad-hoc
02:14Engineering channel · 'something looks wrong'
02:38Find the incident playbook · which version?
03:21Decide reportability · who calls Legal?
04:50Draft the notification · from a 9-month-old template
How it works
The first thing you need is the answer.
01
Reportability, not opinion
An incident is assessed against the obligations carried by the affected system. The verdict is cited: which statute, which trigger, which window.
Reportable under Art. 73(1) · serious incident.
↳ UND-014 · high-risk · Annex III(5)(b)
02
The notification clock
The clock starts at detection and counts against each applicable regulator's window. Escalations route automatically as thresholds approach.
EU AI Act14d 09h
GDPR65h 04m
UK FCASent
03
Report sourced from the record
The notification draft is composed from the registry, the controls, and the incident timeline — not retyped under pressure.
Sourced from
Registry · controls · timeline
02:14DetectionBias monitor on UND-014
02:18ClassificationSerious incident · Art. 73(1)
02:31ContainmentInference paused · fallback live
03:02Notification queuedEU AI Act · GDPR · FCA
—RemediationOpen · CTL-091 review
Through-line
The incident becomes part of the record.
Every step — detection, classification, notification, remediation — is sealed on the audit chain against the affected systems.
The post-incident review is the chain, read end to end.
Proof
The notification, ready to send.
Sourced from the registry, the obligations and the timeline — with the held-open sections marked, not invented.
Notification · EU AI Act · Art. 73 · draft
2 sourced1 held
§1 System and providerSourced
UND-014 · Underwriting Assistant · provider: Hael Bank · owner: S. Iqbal.
↳ Registry · UND-014
§3 Nature and scopeSourced
Disparate denial rate observed on protected attribute over 4 hours; 312 decisions affected; fallback restored within 17 minutes.
↳ Timeline · CTL-091
§5 Root causeHeld open
Investigation in progress. The notification will not name a cause until evidence supports one.