# AI Incident Response Plan Template

> A practical AI incident response starter for triage, containment, evidence preservation, escalation, Article 73 handoff, corrective action, and closure.

Published: 2026-04-28  
Last updated: 2026-04-28  
Last reviewed against official source pages: 2026-04-28

## Response stages
| Stage | Action | Evidence |
|---|---|---|
| Detect | Capture trigger, system, user, and first observed harm | Ticket, alert, screenshots, logs |
| Triage | Assess seriousness, affected persons, geography, and high-risk status | Incident intake record |
| Contain | Reduce further harm while preserving evidence | Containment log |
| Escalate | Notify legal, compliance, provider, deployer, vendor, and leadership | Escalation record |
| Investigate | Review causal link, output, input, change, and oversight | Investigation file |
| Close | Record root cause, corrective action, residual risk, and monitoring changes | Closure record |

## Role map
- Incident coordinator: owns workflow and deadlines.
- System owner: provides system facts and logs.
- Security owner: manages containment and forensic integrity.
- Compliance/legal owner: assesses reporting and notification duties.
- Vendor/provider contact: supplies provider evidence and investigation support.

## First 30-minute checklist
- Open incident record.
- Preserve model output and logs.
- Identify system owner and provider/deployer role.
- Record affected persons and geography.
- Route to legal/compliance if serious incident is possible.
- Avoid altering the AI system in a way that undermines later evaluation without qualified approval.

## Related pages
- [Serious Incident Register Lite](../eu-ai-act-serious-incident-register-template.html): Record incident evidence.
- [Article 73 Reporting Guide](../eu-ai-act-article-73-serious-incident-reporting.html): Understand reporting handoff.
- [Post-Market Monitoring Plan](../eu-ai-act-post-market-monitoring-plan-template.html): Feed signals back into monitoring.

## Review note
Educational starter only. Not legal advice, not conformity assessment, and not a guarantee of compliance. Verify against Regulation (EU) 2024/1689, official guidance, national implementation, sector rules, and qualified professional advice.