marketing.docsPage.nav.incidentManagement

Incident Management — Art. 73

Incident management is one of the most time-sensitive parts of the platform. When a serious issue appears in a high-risk AI system, teams do not need more theory, they need structure: what happened, how serious it is, who must be informed, and by when.

This page is therefore organized like a real response flow: understand what qualifies, triage quickly, protect the legal deadline, build the notification, and preserve the record for follow-up.

What this module gives a team under pressure

A faster first response

The incident record turns scattered facts into one structured case with severity, urgency, timestamps, and owner.

Protection against missed deadlines

ActLoom calculates the correct reporting track and escalates before the legal window closes.

A stronger evidence trail

Every update, notification, and corrective action stays linked to the same incident instead of being spread across chat, email, and shared docs.

Operational aspect	What to know in ActLoom
Prerequisites	The relevant AI system should already exist in inventory. Incident handling becomes stronger when the system also has an owner, deployment state, and monitoring history.
Main inputs	Incident title, narrative, timestamps, severity, urgency track, harm type, affected persons, corrective actions, and optional authority/provider communication data.
Main outputs	Incident record, deadline clock, notification packet, audit trail, linked ticketing artifacts, and optionally a published report.
Who typically uses it	Compliance leads, incident responders, operations, legal, and provider/deployer coordination teams.
Plan access	Incident management is available across plans, but its value compounds when connected to Confluence, Jira, ServiceNow, reporting, and evidence workflows.
Relevant routes	/api/incidents, /api/incidents/[id], /api/v1/incidents, /api/v1/incidents/export, /api/integrations/jira/create-ticket, /api/integrations/servicenow/create-ticket

1. What Counts As A Serious Incident

Article 73 of the EU AI Act obliges providers of high-risk AI systems to report serious incidents and malfunctions to the relevant market surveillance authority. Deployers must also notify the provider when they become aware of such an event. In practical terms, the hardest part is often not the report itself, but recognizing quickly when a real-world problem has crossed the line from anomaly to reportable incident.

How to think about it in ActLoom

The platform separates three operational buckets so teams can react proportionally without underreporting or overreporting.

⚠️

Serious Incident

The event has caused or could plausibly cause serious harm, major disruption, or a significant fundamental-rights breach. This is the reportable path.

🔄

Malfunction

The system behaved unexpectedly or materially underperformed. It may still escalate into a serious incident depending on actual or potential harm.

📋

Near-Miss

No serious harm occurred, but the event is still worth preserving because it reveals a weakness in the system or the operating process.

Information captured in the record

The record is designed to help teams collect what they need for triage first, then investigation, then notification.

Field	Required	Why it exists
AI System	Yes	Anchors the incident to a specific registered system and version context
Title	Yes	Creates a short label the team can use across alerts, PDFs, and follow-up
Description	Yes	Captures what happened in narrative form before details fade
Severity	Yes	Distinguishes near-miss, serious, and critical situations
Urgency track	Yes	Determines which legal deadline countdown starts
Harm type	Yes	Helps justify why the case is or is not reportable
Occurrence date	Yes	Establishes when the event happened
Discovery date	Yes	Establishes when the operator became aware
Affected persons	No	Strengthens harm assessment and later authority communication
Root cause	No	Filled as investigation matures
Corrective actions	No	Shows whether the problem was contained and how recurrence is addressed
Authority notified at	Auto	Preserves the actual submission timestamp
Provider notified at	Auto	Separately records deployer-to-provider communication

Visual overview of the incident workspace

The interface is meant to make urgency legible at a glance: severity, track, time remaining, and current status are all surfaced immediately.

Incident Reports

+ Report Incident

Recruitment AI — Bias Detected

SeriousSTANDARDInvestigating

SLA: 15 days

⏱ 9 days

Credit Scoring — Model Failure

CriticalCRITICAL_INFRAOpen

SLA: 2 days

⏱ 14 hours

HR Screening — False Positive

Near-missSTANDARDResolved

SLA: 15 days

✓

Dual SLA Notification

Authority notification + Provider notification (Art. 26 §6) tracked independently

Fig 27. Incident management — Art. 73 lifecycle with auto-calculated SLA countdowns per urgency track.

Dual notification requirement

ActLoom tracks two distinct obligations independently: the provider → authority notification flow and the deployer → provider notification flow. Both may apply to the same event, but they should not be conflated.

Minimum information to have before opening the module

Which AI system and release context were involved.
What happened, when it happened, and when the team became aware.
Whether actual harm occurred or serious harm was credibly possible.
Whether the issue already triggered containment, rollback, or human override steps.

2. Triage The Incident Before You Optimize The Narrative

In the first minutes, the goal is not to write a polished report. The goal is to secure the facts, protect affected people, and determine whether the case belongs on a reportable SLA track.

What teams should decide first

Is there actual harm already, or a credible risk of serious harm if the system keeps running?
Do we need immediate containment such as pausing the model, enabling human review, or activating a fallback path?
Which legal actors are involved: provider only, or deployer plus provider?
Which urgency track is likely to apply based on the nature of the harm?

What to capture in the first 30 minutes

Which AI system and version were involved, and what business process was affected.
What concrete harm or near-harm occurred, including who may have been affected.
When the event happened, when it was discovered, and who first observed it.
What containment or human override actions have already been taken to limit further impact.

New Incident Intake

Credit Scoring API · Production · v2.3.1

Critical

Title

Automated score threshold failure for high-value applicants

Occurrence

2026-04-14 09:42 UTC

Discovery

2026-04-14 10:03 UTC

Harm type

Potential discrimination and denial of essential financial service

Affected persons

142 applicants across 3 EU countries

Triage Decision

Likely reportable under Art. 73. Trigger provider and authority workflow immediately.

Immediate actions

Pause affected model route

Enable manual review fallback

Notify incident owner + admins

Preserve logs and model inputs

Auto-assigned urgency

STANDARD track

15-day authority notification window

14d 21h

Fig 27a. Incident triage view — the intake record combines incident facts, severity, urgency track, and immediate containment actions.

3. Understand The Deadline Track Early

The AI Act does not give every serious incident the same time window. ActLoom therefore assigns an urgency track as soon as the incident is recorded, then treats that track as the operational clock for the rest of the workflow.

Urgency track

Critical Infrastructure

2 days

Fastest track for infrastructure harm or widespread disruption.

Creation alert

50% reminder

20% escalation

Urgency track

Death / Serious Harm

10 days

Used when severe health or safety harm has occurred.

Creation alert

50% reminder

20% escalation

Urgency track

Standard Serious Incident

15 days

Default reportable path for serious incidents and malfunctions.

Creation alert

50% reminder

20% escalation

Fig 27b. Deadline tracks — ActLoom highlights the correct legal window and escalates reminders before the reporting deadline is missed.

Deadline tracks used by the platform

Track	Deadline	Typical use	Article
CRITICAL_INFRASTRUCTURE	2 days	Incidents involving critical infrastructure or widespread societal disruption	Art. 73(3)
DEATH_SERIOUS_HARM	10 days	Cases involving death or serious injury to health	Art. 73(4)
STANDARD	15 days	All other serious incidents and unexpected malfunctions in high-risk systems	Art. 73(2)

Escalation schedule inside ActLoom

Immediately on creation: confirmation email and visible deadline clock
At 50% of time remaining: reminder to the incident owner
At 20% of time remaining: urgent escalation to owner and admins
At deadline: overdue signal in the incident workspace and dashboard
Until closure: continued visibility in digests and follow-up views

Why this matters legally

Missing an Art. 73 deadline is not a cosmetic process error. It can become a standalone compliance failure. The incident module therefore treats time as a first-class field, not as a note buried in the description.

SLA deadlines are legally binding

Missing an Art. 73 notification deadline is a direct violation of the AI Act. Fines can reach up to €15 million or 3% of global annual turnover, whichever is higher.

4. Move From Triage To Reportable Notification

Once the team has stabilized the immediate situation, the record evolves into a notification workflow. ActLoom is built to help the team enrich the same case rather than recreate the incident again in a separate reporting document.

Lifecycle inside the product

Incident lifecycle

Detect & Report

A team member creates the incident and records the first known facts.

SLA Calculated

ActLoom determines the notification track and starts the legal countdown.

Investigate

The team expands the record with harm details, root cause, evidence, and corrective actions.

Generate Report

The platform compiles the structured notification package from the live incident record.

Notify & Follow Up

Submission is timestamped and the case continues into remediation, monitoring, and closure.

Incident status states

Status	What it means	Typical next move
OPEN	Incident logged and SLA clock running	Assign an owner and decide whether immediate containment is needed
INVESTIGATING	Fact-finding and root-cause work in progress	Expand evidence, affected persons, and corrective-action notes
AUTHORITY_NOTIFIED	Submission has been sent to the authority	Track responses, continue remediation, preserve the trail
RESOLVED	Corrective actions implemented	Run a post-incident review before final archival
CLOSED	Case complete and archived	Keep record for future reviews, audits, and trend analysis

Human review before clicking “send”

Check that the harm description matches what is actually known, not what is only suspected.
Verify that occurrence, discovery, and notification timestamps are accurate and internally consistent.
Make sure containment actions and responsible owners are visible in the record.
Confirm whether both provider and deployer notice duties apply in the case.

Art. 73 Notification Draft

Generated from incident record

Ready to review

Incident summary and affected AI system

Dates of occurrence, discovery, and submission

Nature of harm and affected persons

Immediate containment and current status

Corrective actions and follow-up owner

Included timestamps

Occurred at

Discovered at

Provider notified at

Authority notified at

Review before send

Facts verified

Owner confirmed

Evidence preserved

Submission channel chosen

Fig 27c. Notification packet — the incident record can be turned into a structured submission-ready document with timestamps, harm details, and corrective actions.

Notification document auto-generated

When you click "Generate Notification", ActLoom produces a structured document pre-filled from the incident record. The team reviews one source of truth instead of rebuilding the case by hand for submission.

Jira Integration — Bidirectional Incident Sync

ActLoom integrates with Jira Cloud to automatically synchronize incident status between platforms. When you link an ActLoom incident to a Jira issue, resolving the ticket in Jira will automatically close the linked incident in ActLoom.

This integration eliminates duplicate status tracking and ensures both systems stay synchronized when your team responds to incidents through Jira.

How Jira sync works

Link incidents to Jira issues

When creating an incident, provide the Jira issue key (e.g., SEC-1234). ActLoom embeds a marker in the description for tracking.

Configure Jira webhook

Set up a webhook in Jira Admin → Webhooks pointing to ActLoom. It sends issue update events in real-time.

Auto-close on resolution

When the Jira issue moves to Done status, ActLoom automatically resolves the linked incident and records the closure timestamp.

Maintain audit trail

Both systems stay synchronized with a clear resolution note showing the incident was closed via Jira.

Feature	Status	Details
Link incidents to Jira	✅ Live	Provide jiraIssueKey parameter when creating incidents via API or UI form.
Auto-close on Jira resolution	✅ Live	Jira webhook triggers incident closure when issue status moves to Done.
Bidirectional (Jira ← ActLoom)	🔄 Planned	Closing an incident in ActLoom will update the linked Jira issue (Phase 2).
Custom status mapping	🔄 Planned	Map specific Jira statuses to ActLoom states beyond Done (Phase 2).

Setup steps

1.Create incident with Jira link: Provide jiraIssueKey (e.g., SEC-1234) when creating via API or incident form.
2.
Configure Jira webhook: Go to Jira Administration → System → Webhooks and add a new webhook:
- Name: ActLoom Incident Sync
- URL: https://your-instance.com/api/integrations/jira/webhooks/issue-updated
- Event: Issue Updated
3.Resolve the Jira issue: When you move the issue to Done in Jira, ActLoom automatically closes the linked incident.

Linking happens silently

ActLoom embeds a hidden HTML comment marker in the incident description: . This is invisible to users but allows the webhook to find the incident when Jira sends status updates.

One-way sync in current version

In the current release, only Jira → ActLoom closure is automated. Closing an incident in ActLoom does not yet update the Jira issue. Bidirectional sync is planned for Phase 2.

API example

Create an incident linked to Jira issue SEC-1234:

POST /api/v1/incidents
{
  "aiSystemId": "nlp_classifier_v2",
  "title": "Bias in recommendations",
  "description": "Female candidates get lower scores",
  "severity": "serious",
  "jiraIssueKey": "SEC-1234"  // ← Links to Jira
}

See Integrations & API documentation for full Jira setup and troubleshooting.

Related Sections

Post-Market Monitoring

Go here when incidents need operational signal history, trend context, or escalation from monitoring events.

Documents

Use this when the case requires a formal packet, controlled export, or evidence bundle for review.

Integrations/API

Read this when incidents must trigger tickets, webhooks, or downstream workflows automatically.

Artifacts

Use this for the output-centric view of incident files, authority packets, and supporting records.

Ready to get started?

Join hundreds of companies using ActLoom to simplify AI Act compliance. Start your free assessment today — no credit card required.

Start Free Assessment View Pricing

Questions? Contact us at support@actloom.com

Operational aspect

What to know in ActLoom

Prerequisites

The relevant AI system should already exist in inventory. Incident handling becomes stronger when the system also has an owner, deployment state, and monitoring history.

Main inputs

Incident title, narrative, timestamps, severity, urgency track, harm type, affected persons, corrective actions, and optional authority/provider communication data.

Main outputs

Incident record, deadline clock, notification packet, audit trail, linked ticketing artifacts, and optionally a published report.

Who typically uses it

Compliance leads, incident responders, operations, legal, and provider/deployer coordination teams.

Plan access

Incident management is available across plans, but its value compounds when connected to Confluence, Jira, ServiceNow, reporting, and evidence workflows.

Relevant routes

/api/incidents, /api/incidents/[id], /api/v1/incidents, /api/v1/incidents/export, /api/integrations/jira/create-ticket, /api/integrations/servicenow/create-ticket

Field

Required

Why it exists

AI System

Yes

Anchors the incident to a specific registered system and version context

Title

Yes

Creates a short label the team can use across alerts, PDFs, and follow-up

Description

Yes

Captures what happened in narrative form before details fade

Severity

Yes

Distinguishes near-miss, serious, and critical situations

Urgency track

Yes

Determines which legal deadline countdown starts

Harm type

Yes

Helps justify why the case is or is not reportable

Occurrence date

Yes

Establishes when the event happened

Discovery date

Yes

Establishes when the operator became aware

Affected persons

Strengthens harm assessment and later authority communication

Root cause

Filled as investigation matures

Corrective actions

Shows whether the problem was contained and how recurrence is addressed

Authority notified at

Auto

Preserves the actual submission timestamp

Provider notified at

Auto

Separately records deployer-to-provider communication

2. Triage The Incident Before You Optimize The Narrative

In the first minutes, the goal is not to write a polished report. The goal is to secure the facts, protect affected people, and determine whether the case belongs on a reportable SLA track.

What teams should decide first

Is there actual harm already, or a credible risk of serious harm if the system keeps running?
Do we need immediate containment such as pausing the model, enabling human review, or activating a fallback path?
Which legal actors are involved: provider only, or deployer plus provider?
Which urgency track is likely to apply based on the nature of the harm?

What to capture in the first 30 minutes

Which AI system and version were involved, and what business process was affected.
What concrete harm or near-harm occurred, including who may have been affected.
When the event happened, when it was discovered, and who first observed it.
What containment or human override actions have already been taken to limit further impact.

New Incident Intake

Credit Scoring API · Production · v2.3.1

Critical

Title

Automated score threshold failure for high-value applicants

Occurrence

2026-04-14 09:42 UTC

Discovery

2026-04-14 10:03 UTC

Harm type

Potential discrimination and denial of essential financial service

Affected persons

142 applicants across 3 EU countries

Triage Decision

Likely reportable under Art. 73. Trigger provider and authority workflow immediately.

Immediate actions

Pause affected model route

Enable manual review fallback

Notify incident owner + admins

Preserve logs and model inputs

Auto-assigned urgency

STANDARD track

15-day authority notification window

14d 21h

Fig 27a. Incident triage view — the intake record combines incident facts, severity, urgency track, and immediate containment actions.

Track

Deadline

Typical use

Article

CRITICAL_INFRASTRUCTURE

2 days

Incidents involving critical infrastructure or widespread societal disruption

Art. 73(3)

DEATH_SERIOUS_HARM

10 days

Cases involving death or serious injury to health

Art. 73(4)

STANDARD

15 days

All other serious incidents and unexpected malfunctions in high-risk systems

Art. 73(2)

Status

What it means

Typical next move

OPEN

Incident logged and SLA clock running

Assign an owner and decide whether immediate containment is needed

INVESTIGATING

Fact-finding and root-cause work in progress

Expand evidence, affected persons, and corrective-action notes

AUTHORITY_NOTIFIED

Submission has been sent to the authority

Track responses, continue remediation, preserve the trail

RESOLVED

Corrective actions implemented

Run a post-incident review before final archival

CLOSED

Case complete and archived

Keep record for future reviews, audits, and trend analysis

Feature

Status

Details

Link incidents to Jira

✅ Live

Provide jiraIssueKey parameter when creating incidents via API or UI form.

Auto-close on Jira resolution

✅ Live

Jira webhook triggers incident closure when issue status moves to Done.

Bidirectional (Jira ← ActLoom)

🔄 Planned

Closing an incident in ActLoom will update the linked Jira issue (Phase 2).

Custom status mapping

🔄 Planned

Map specific Jira statuses to ActLoom states beyond Done (Phase 2).

POST /api/v1/incidents { "aiSystemId": "nlp_classifier_v2", "title": "Bias in recommendations", "description": "Female candidates get lower scores", "severity": "serious", "jiraIssueKey": "SEC-1234" // ← Links to Jira }