Skip to content

AI Incident Report Form

AI systems can create new opportunities for businesses, but they also introduce risks — from unexpected errors and harmful outputs to privacy breaches and security incidents.

Having a clear process for recording and reporting AI incidents is an essential part of your organisation’s risk and security management practices. This ensures that issues are identified quickly, lessons are learned, and safeguards are improved.

Use this form whenever an AI-related incident occurs in your business. The information you capture will help:

  • Contain and mitigate risks early.
  • Protect staff, customers, and your organisation’s reputation.
  • Meet your obligations under Australian law and AI guardrails.
  • Build trust by showing responsible use of AI.

AI Incident Report Form (Template)

Date of Report: ____
Reported By: ___
Contact Details: _____

Incident Severity: [ ] Critical [ ] High [ ] Medium [ ] Low

Severity Definitions:

  • Critical: Immediate threat to safety, major data breach, or system-wide failure
  • High: Significant impact on operations or multiple users affected
  • Medium: Limited impact, workaround available
  • Low: Minor issue, minimal impact

1. Incident ID & Date

Incident identification number and date/time of occurrence
☐ Evidence attached

Time of Discovery: _
Time of Occurrence (if different): _
Reporting Timeline:
[ ] Within 4 hours (Critical)
[ ] Within 24 hours (High)
[ ] Within 72 hours (Medium/Low)

2. Reporter Details

Name, role, and contact information of person reporting the incident
☐ Evidence attached

3. AI System Details

System name, version, vendor, and deployment environment
☐ Evidence attached

4. Incident Description

Description of what happened, including inputs, outputs, and observed issues
☐ Evidence attached

5. Impact Assessment

Actual or potential harm (individuals, organisation, or public).
☐ Evidence attached

Number of Users/Customers Affected: _
Estimated Financial Impact: $_
Regulatory Reporting Required: [ ] Yes [ ] No [ ] Under Review
Media/Reputation Risk: [ ] High [ ] Medium [ ] Low [ ] None

6. Data Involved

Personal data, sensitive information, or intellectual property affected
☐ Evidence attached

7. Immediate Actions Taken

Containment, mitigation, or workaround steps.
☐ Evidence attached

8. Root Cause (if known)

Likely cause (e.g., model error, data bias, misuse)
☐ Evidence attached

9. Follow-up Actions

Steps to prevent recurrence or improve safeguards.
☐ Evidence attached

10. Review & Approval

Reviewer/approver name, role, and signature
☐ Evidence attached

11. Lessons Learned

What worked well in the response: _
What could be improved: _
Preventive measures identified: ____
☐ Evidence attached

Standards Alignment

This form aligns with:

  • Australian AI Guardrails (2024)
  • Privacy Act 1988 (APPs)
  • International standards (ISO/IEC 42001, ISO/IEC 23894, NIST AI RMF)

Next Steps

  • Submit this report to your designated AI governance officer, IT/security team, or senior manager.
  • Review lessons learned and update safeguards.
  • Notify regulators if required (e.g., OAIC for privacy breaches).

Escalation Matrix

  • Critical: Immediate notification to CEO, Board, and regulators as required
  • High: Notification to CIO/CTO and Risk Committee within 4 hours
  • Medium: Notification to Department Head within 24 hours
  • Low: Logged and reviewed in weekly operations meeting

Next Steps

Ready to evaluate AI vendors?AI Vendor Evaluation Checklist

Template Disclaimer & Licence

Disclaimer

The purpose of this template is to provide best practice guidance on implementing safe and responsible AI governance in Australian organisations.

SafeAI-Aus has exercised care and skill in the preparation of this material. However, SafeAI-Aus does not guarantee the accuracy, reliability, or completeness of the information contained.

The content reflects best practice principles but is intended as a starting point only. Organisations should adapt this template to their specific context and may wish to seek advice from legal counsel, governance, risk, or compliance officers before formal adoption.

This publication does not indicate any commitment by SafeAI-Aus to a particular course of action. SafeAI-Aus accepts no responsibility or liability for any loss, damage, or costs incurred as a result of the information contained in this template.

Licence

This template is made available under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence.

You are free to:

  • Share — copy and redistribute the material in any medium or format.
  • Adapt — remix, transform, and build upon the material for any purpose, even commercially.

Under the following terms:

  • Attribution — You must give appropriate credit, provide a link to the licence, and indicate if changes were made.

Attribution statement for reuse:
“This template was developed by SafeAI-Aus and is licensed under CC BY 4.0. Source: SafeAI-Aus.”

Full licence text: https://creativecommons.org/licenses/by/4.0/