137AI > Governance > AI Incident Reporting & Registries
AI Incident Reporting & Registries
Incident reporting and registries are the legal and regulatory infrastructure that requires AI incident information to be disclosed, the registries that collect and organize that information, and the policy framework that determines who reports what, to whom, and when. The category covers the substantive reporting obligations under various AI and sectoral frameworks, the existing registry infrastructure, the gaps where reporting is not required or registries do not exist, and the parallel models from aviation and cybersecurity that the AI field is gradually adapting.
The framework is consequential because incident information is how the field learns. Without systematic reporting, lessons stay inside the organizations that experienced incidents and the rest of the field operates without the benefit of cumulative experience. The catalog of actual AI incidents and the operational incident management lifecycle are covered in the AI Incidents & Management reference page; this page addresses the legal and regulatory framework that governs how incidents become reported and registered in the first place.
Why Incident Reporting Is a Governance Question
Incident reporting is not just an operational practice; it is a governance question because the reporting regime determines what information becomes available to regulators, the public, and the broader field. Different reporting regimes produce different information landscapes, and the choices about what to require, what to make public, and how to balance reporting against operator concerns are policy decisions with substantial consequences.
Reporting requirements affect operator behavior. Operators that face mandatory reporting requirements implement different practice than operators that do not. The discipline of being prepared to report shapes upstream practice including monitoring infrastructure, incident classification, evidence preservation, and the broader operational posture toward incidents.
Reporting requirements affect regulator capacity. Regulators with reporting authority and supporting infrastructure can identify patterns across operators that any single operator cannot see. The cross-operator perspective supports systematic policy response that single-incident response cannot achieve.
Reporting requirements affect public information. What becomes public about AI incidents shapes broader societal understanding of AI risks and benefits. The information landscape influences policy debate, market behavior, and democratic accountability for AI deployment.
The trade-offs are real. Reporting obligations impose cost on operators, may discourage operators from documenting incidents thoroughly, may produce competitively sensitive information disclosure, and may interact with litigation in ways that complicate response. The policy design must navigate these trade-offs deliberately.
Current Reporting Frameworks
Multiple reporting frameworks reach AI incidents through different authorities and with different scope.
| Framework | What Triggers Reporting | What Must Be Reported |
|---|---|---|
| NHTSA Standing General Order 2021-01 (and successors) | Crashes involving Level 2 ADAS or Level 3-5 ADS vehicles meeting specified criteria | Crash details, vehicle and system information, narrative of events; reported to NHTSA within specified timeframes |
| FDA MedWatch and post-market surveillance | Adverse events involving medical devices including AI/ML medical devices | Adverse event details, device information, patient outcomes; reported through MAUDE database |
| EU AI Act Article 73 | Serious incidents involving high-risk AI systems in EU market | Serious incident details to market surveillance authorities; timelines vary by incident severity |
| NIS2 incident notification | Significant cybersecurity incidents affecting essential or important entities | Initial notification within 24 hours, intermediate report within 72 hours, final report within one month |
| GLBA breach notification | Unauthorized access to customer information at financial institutions | Breach notification to affected customers and regulators; specific FTC Safeguards Rule requirements |
| State breach notification laws | Unauthorized access to personal information of state residents | Varies by state; typically affected individuals and state attorneys general; timelines vary |
| SEC cybersecurity disclosure rules | Material cybersecurity incidents affecting public companies | 8-K disclosure within four business days of materiality determination |
| CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) | Substantial cyber incidents affecting US critical infrastructure (rules finalizing) | Substantial incident reports to CISA within 72 hours; ransom payment reports within 24 hours |
| GDPR Article 33 | Personal data breaches | Notification to supervisory authority within 72 hours of awareness; affected individuals where likely to result in high risk |
| UN-R 155 cybersecurity | Cyber incidents affecting type-approved vehicles in UN regulation jurisdictions | Incident details through manufacturer cybersecurity management systems |
| Sector-specific frameworks | Various sector-specific triggers including aviation, maritime, energy, healthcare | Varies by sector; established frameworks in each domain |
The aggregate framework is substantial but uneven. Some incidents trigger reporting under multiple frameworks simultaneously; others fall outside any specific reporting requirement. Operators navigate the framework through compliance programs that address the specific reporting obligations applicable to their deployment contexts.
Existing Registries and Databases
Several registries collect and organize information about AI incidents with varying scope, methodology, and authority.
The NHTSA Standing General Order database collects crash reports involving automated driving systems and advanced driver assistance systems. The data is published periodically with redactions and provides one of the most substantial public datasets on autonomous vehicle incidents. The database supports both regulator analysis and public research into autonomous vehicle safety.
The FDA MAUDE database (Manufacturer and User Facility Device Experience) collects adverse event reports for medical devices including AI/ML medical devices. The database is searchable and supports research into medical device safety. AI-specific coverage is improving through emerging FDA work on AI/ML SaMD post-market surveillance.
The OECD AI Incidents Monitor provides international tracking of AI incidents drawn from media reporting and other public sources. The Monitor supports comparative analysis across jurisdictions and contributes to OECD AI policy work.
The AI Incident Database, maintained by the Responsible AI Collaborative (formerly part of Partnership on AI), collects publicly reported AI incidents through a curated methodology. The database is widely cited in research and policy work and serves as a key reference for AI incident analysis.
The AVID (AI Vulnerability Database) maintained by AI Risk and Vulnerability Alliance focuses on AI vulnerabilities and security issues with structured taxonomy. The database supports vulnerability research and AI security work.
MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) provides a framework and knowledge base for adversarial AI threats drawing on the MITRE ATT&CK pattern. The work supports AI security research and threat modeling.
Sector-specific registries including the NTSB aviation accident database, ICS-CERT vulnerability database, and equivalent infrastructure in other sectors maintain reporting that includes AI-relevant entries among broader scope.
Industry-specific reporting infrastructure including ISAC member reporting, manufacturer-specific vulnerability disclosure programs, and AI vendor reporting through their own channels supplements the public infrastructure with restricted-access information sharing.
The aggregate registry landscape provides substantial information but with substantial gaps. The information available depends on what reporting frameworks require, what voluntary disclosure produces, and what investigation surfaces. The cumulative picture is partial and the work to improve coverage continues across multiple initiatives.
Aviation as the Canonical Model
Aviation provides the most developed model of how incident reporting can produce systematic safety improvement. The aviation infrastructure has been developed over decades and serves as reference for how AI incident reporting could mature.
The National Transportation Safety Board (NTSB) conducts independent investigation of significant aviation accidents. The investigations produce detailed factual records, identified causes, and safety recommendations. The investigations are independent of operators and regulators, supporting credibility and substantive analysis.
The Aviation Safety Reporting System (ASRS), operated by NASA, provides voluntary confidential reporting of safety issues. The system supports reporting of issues that might not surface through mandatory reporting because of operator concerns about liability or competitive position. Confidentiality enables reporting that the operator would not otherwise produce.
The FAA Service Difficulty Reporting (SDR) system collects reports of equipment failures and maintenance issues. The system supports identification of recurring patterns that single-incident reporting would not surface.
International coordination through ICAO and bilateral arrangements produces global information sharing on aviation incidents. The coordination supports recognition of patterns that span jurisdictions and operators.
The combination produces several key properties. Mandatory reporting for serious incidents ensures that the most consequential events are documented. Voluntary confidential reporting supplements the mandatory system by capturing what would not otherwise surface. Independent investigation produces credible analysis. International coordination supports global pattern recognition. Public availability of findings enables broader learning across the field.
The aviation model has produced substantial safety improvement over decades. Accident rates have declined as the cumulative learning has been incorporated into design, operation, training, and regulation. The model is widely referenced in AI incident reporting policy discussion as the aspiration for what AI incident infrastructure could become.
The differences between aviation and AI are also relevant. Aviation operates within a single industry with established institutions; AI spans many sectors with varied institutional landscape. Aviation safety concerns are physical and well-understood; AI safety concerns include novel categories that are still being defined. Aviation operates under substantial international treaty framework; AI international coordination is at early stage. The aviation model provides aspiration but the AI implementation faces additional complexity.
Cybersecurity as a Parallel Model
Cybersecurity provides a second parallel model with different properties from aviation but substantial relevance to AI incident reporting.
The CVE (Common Vulnerabilities and Exposures) system provides standardized identifiers for cybersecurity vulnerabilities. The system supports coordinated disclosure across operators and researchers. The cumulative database has become foundational infrastructure for cybersecurity practice globally.
Coordinated vulnerability disclosure (CVD) frameworks balance security researcher work, operator response capacity, and public information needs. The frameworks have matured over years of practice with substantial industry adoption.
Vendor disclosure programs and bug bounties create infrastructure for security researchers to report vulnerabilities. The programs vary in scope and quality but provide systematic channels that did not exist in earlier eras of cybersecurity.
ISAC infrastructure (Information Sharing and Analysis Centers) supports operator-to-operator threat information sharing with appropriate legal protections. The infrastructure has matured across multiple sectors.
CERT/CC and equivalent national cybersecurity centers coordinate vulnerability disclosure and incident response. The institutional infrastructure provides credibility and coordination capacity.
The cybersecurity model provides several lessons for AI incident reporting. Standardized identifiers support cross-organization referencing of incidents. Coordinated disclosure frameworks balance competing concerns. Vendor disclosure programs create systematic channels. Information sharing infrastructure supports operator coordination. Institutional coordination provides credibility and capacity.
AI incident reporting is at substantially earlier stage than cybersecurity vulnerability reporting. The standardized identifier work, coordinated disclosure frameworks, vendor disclosure programs, and information sharing infrastructure are all developing but not yet at the maturity that cybersecurity has reached. The trajectory points toward eventually achieving similar maturity though the specific path remains to be worked out.
The Gaps in Current Reporting
Several specific gaps in current AI incident reporting have been documented through analysis and operational experience.
Software AI agent incidents have minimal mandatory reporting outside specific sector contexts. Workflow agents, coding agents, transaction agents, and research agents operate without specific incident reporting requirements that match their deployment scale. The gap leaves substantial portions of the AI deployment landscape without systematic incident documentation.
Consumer AI incidents have inconsistent reporting infrastructure. Personal and ambient AI products generally do not have AI-specific incident reporting frameworks. Consumer protection enforcement produces some incident documentation but not systematic reporting.
Near-misses and precursor incidents typically do not trigger reporting. Aviation reporting captures precursor events that did not produce harm but indicated risk; AI reporting generally requires actual harm. The gap means the field misses warning signs that more systematic precursor reporting would capture.
Cross-sector aggregation incidents face no clear reporting home. The structural concern about AI-everywhere producing aggregate effects across many deployments does not map cleanly to any specific sector reporting framework.
Multi-agent and coordinated incidents face similar gaps. The reporting frameworks are operator-centric and do not address the pattern of coordinated effects across many operators that the multi-agent threat landscape produces.
International incidents face fragmented reporting. An incident spanning multiple jurisdictions may trigger reporting in some but not others. The information landscape is uneven across borders.
Voluntary disclosure beyond mandatory requirements is limited. Operators that experience incidents typically do not disclose beyond what regulation requires. The aviation precedent of voluntary confidential reporting supplementing mandatory reporting has not been broadly adopted in AI.
Anonymization and confidentiality practices vary widely. Some reporting frameworks produce publicly available data; others remain confidential. The variance affects what the field can learn and what operators face in terms of reputational and competitive consequence.
Whistleblower and Adverse Event Protections
The legal framework for AI incident reporters affects what information becomes available.
Whistleblower protections under various statutes including Dodd-Frank, Sarbanes-Oxley, and equivalent frameworks provide protection for reporters of specific categories of misconduct. The application to AI incidents depends on whether the incident falls within covered categories.
Employee speech protections under labor laws provide additional framework for reporting by AI vendor and operator employees. The protections vary by jurisdiction and employment context.
Confidentiality and non-disclosure obligations under employment agreements limit what employees can disclose. The interaction with whistleblower protections has been litigated extensively and remains subject to specific facts.
Trade secret and competitive sensitivity considerations limit voluntary disclosure by operators. The legal framework for trade secret protection affects what operators can be required to disclose without compensation.
Litigation discovery produces incident information through legal process. The information surfaces through litigation but may be subject to protective orders that limit broader availability.
The aggregate framework for reporters of AI incidents is uneven and developing. The OpenAI whistleblower situations, Google contractor concerns, and broader pattern of internal disclosures becoming public illustrate that the framework continues to be tested through specific cases.
The Voluntary Versus Mandatory Tension
The policy choice between voluntary and mandatory reporting frameworks has substantive consequences and is one of the central questions in AI incident reporting policy.
Mandatory reporting produces systematic information but imposes operator burden and may have unintended effects on operator behavior. Operators facing mandatory reporting may implement defensive practices that suppress useful information, may classify ambiguous events to minimize reporting obligations, and may invest in legal positioning rather than substantive incident management.
Voluntary reporting produces less systematic information but supports more candid disclosure. The aviation ASRS model demonstrates that voluntary confidential reporting can produce information that mandatory reporting would miss. The framework depends on appropriate confidentiality protection and substantive operator benefit from participation.
Hybrid frameworks combine mandatory reporting for the most consequential events with voluntary reporting for additional information. The aviation model is hybrid and the combination produces both systematic coverage of serious events and broader information through voluntary channels.
The choice for AI is being worked out across different frameworks. NHTSA Standing General Order is mandatory for the most consequential autonomous vehicle incidents. FDA medical device reporting combines mandatory adverse event reporting with voluntary additional reporting. EU AI Act includes mandatory reporting for serious incidents involving high-risk systems. The aggregate framework is moving toward a hybrid model with the specific balance varying by sector.
The policy considerations include severity threshold for mandatory reporting (the lower the threshold, the broader the coverage but the higher the burden), confidentiality and public disclosure balance (more confidentiality supports candid reporting but reduces public information), enforcement mechanisms (penalties for non-reporting affect compliance behavior), and the supporting infrastructure that processes reports usefully rather than producing data that no one analyzes.
Proposed and Emerging Reporting Infrastructure
Several specific proposals and emerging initiatives address gaps in current AI incident reporting infrastructure.
Proposals for a dedicated AI incident reporting framework have been made through various policy channels. The proposals would create AI-specific reporting infrastructure analogous to NTSB aviation reporting, with independent investigation, mandatory reporting for serious incidents, and public availability of findings. The legislative and regulatory path for such infrastructure remains uncertain.
Proposals for AI vulnerability disclosure frameworks would extend CVE-style infrastructure to AI vulnerabilities. The work has been developing through industry initiatives, academic research, and emerging standards work. The infrastructure is partially established but not yet at the maturity of cybersecurity vulnerability disclosure.
The AI Safety Institute network discussed in International Coordination includes incident-relevant work through specific evaluation and post-deployment monitoring initiatives. The international AI Safety Institute network may eventually become significant infrastructure for cross-border incident coordination.
Sector-specific AI reporting expansion through SRMA action and sector regulator initiatives addresses sector-by-sector gaps. The expansion is uneven but the trajectory is toward more rather than less AI incident reporting in regulated sectors.
EU AI Act implementation will produce substantial reporting infrastructure as Article 73 requirements are operationalized through member state implementation and EU AI Office coordination. The implementation timeline is multi-year and the operational consequence will become clearer as it proceeds.
NIST work on AI incident documentation and reporting infrastructure supports the broader US framework. The NIST AI Safety Institute work includes elements relevant to incident infrastructure.
The aggregate trajectory is toward more substantial reporting infrastructure over time. The pace is incremental and the specific institutional architecture continues to develop.
Operator Practice Beyond Minimum Requirements
Operators implement varying levels of incident reporting and documentation practice. The variance reflects both regulatory obligations and operator-specific considerations.
Mature operators implement comprehensive internal incident management that exceeds minimum legal requirements. The infrastructure addresses detection, classification, response, resolution, and prevention with substantial documentation. The work supports both compliance and operational improvement.
Cross-vendor disclosure within industry forums and ISACs supports peer-to-peer information sharing without public disclosure. The infrastructure has been developing across sectors with substantial activity in financial services, healthcare, and emerging activity in AI-specific contexts.
Public transparency varies widely. Some operators publish incident reports, safety reviews, and broader transparency information; others publish minimally. The choice reflects strategic positioning, regulatory environment, and operator culture.
Vendor-provided reporting infrastructure addresses how operators report issues to AI vendors. The infrastructure is developing across major AI vendors with specific channels for safety, security, and operational issues.
Academic and civil society engagement provides additional channels for incident information surfacing. Researchers, journalists, and advocacy organizations document incidents through their own channels with the work supplementing official reporting.
The aggregate operator practice produces substantially more information than mandatory reporting alone would capture, though the information is fragmented across operator, vendor, industry forum, academic, and civil society sources.
Practical Implications for Operators
For operators, the incident reporting landscape produces several practical implications.
Compliance with applicable reporting requirements is operational baseline. Operators identify which reporting frameworks apply to their deployments and implement compliance programs that address the specific obligations.
Multi-framework navigation addresses the reality that incidents may trigger reporting under multiple frameworks simultaneously. NHTSA SGO, NIS2, GDPR, state breach notification, and additional frameworks may all apply to a single incident in a connected vehicle context, for example.
Incident classification discipline supports accurate reporting under applicable frameworks. The classification work determines what gets reported where and affects both compliance and operational handling.
Evidence preservation supports both compliance and litigation defense. Records of detection, classification, response, and resolution all support subsequent regulatory inquiry and litigation.
Legal review of incident communications addresses the substantial impact of incident disclosure on legal exposure. Operators with mature practice include legal counsel in incident response from early stages.
Voluntary disclosure beyond mandatory requirements is a strategic choice. Some operators benefit reputationally from substantial transparency; others prefer minimum compliance. The choice reflects operator-specific considerations.
Industry forum participation supports both information access and operational network. ISAC membership, industry working group participation, and broader engagement provide both information benefit and ongoing relationships that matter during incidents.
The Reframe
Incident reporting and registries are the governance infrastructure that determines what AI incident information becomes available, to whom, and when. The current framework is substantial but uneven, with sector-specific requirements covering some deployment contexts well and others poorly. Existing registries including NHTSA SGO database, FDA MAUDE, OECD AI Incidents Monitor, AI Incident Database, AVID, and MITRE ATLAS provide partial coverage with varying methodology and authority. Aviation provides the canonical model of comprehensive incident reporting with independent investigation, voluntary confidential supplements to mandatory reporting, and substantial cumulative safety improvement over decades. Cybersecurity provides the parallel model of standardized identifiers, coordinated disclosure, vendor disclosure programs, and information sharing infrastructure. The gaps in current AI reporting include software agent incidents, consumer AI incidents, near-misses, cross-sector aggregation incidents, multi-agent incidents, and international coordination. The whistleblower and adverse event protection framework affects what information becomes available beyond formal reporting. The voluntary versus mandatory tension shapes policy design with hybrid frameworks emerging as the preferred approach. Proposed and emerging infrastructure including dedicated AI incident reporting, AI vulnerability disclosure frameworks, AI Safety Institute incident work, sector-specific expansion, and EU AI Act implementation continues to develop the landscape. Operator practice beyond minimum requirements varies widely with mature operators implementing comprehensive internal infrastructure and varying public transparency. The work of building adequate AI incident reporting infrastructure is one of the substantive governance projects the agentic AI era requires, and the trajectory is incremental development toward eventual maturity comparable to aviation and cybersecurity.
Related Coverage
Governance | AI Incidents & Management | International Coordination | Regulatory Frameworks