Skip to content

AI Incident Report Form

AI systems can create new opportunities for businesses, but they also introduce risks — from unexpected errors and harmful outputs to privacy breaches and security incidents.

Having a clear process for recording and reporting AI incidents is an essential part of your organisation’s risk and security management practices. This ensures that issues are identified quickly, lessons are learned, and safeguards are improved.

Use this form whenever an AI-related incident occurs in your business. The information you capture will help:

  • Contain and mitigate risks early.
  • Protect staff, customers, and your organisation’s reputation.
  • Meet your obligations under Australian law and AI guardrails.
  • Build trust by showing responsible use of AI.

AI Incident Report Form (Template)

Date of Report: ____
Reported By: ___
Contact Details: _____

1. Incident ID & Date

Unique number and date of occurrence.
☐ Evidence attached

2. Reporter Details

Name, role, and contact information.
☐ Evidence attached

3. AI System Details

System name, version, vendor, environment.
☐ Evidence attached

4. Incident Description

What happened? Include inputs, outputs, and observed issues.
☐ Evidence attached

5. Impact Assessment

Actual or potential harm (individuals, organisation, or public).
☐ Evidence attached

6. Data Involved

Personal data, sensitive info, or IP affected.
☐ Evidence attached

7. Immediate Actions Taken

Containment, mitigation, or workaround steps.
☐ Evidence attached

8. Root Cause (if known)

Likely cause: model error, data bias, misuse, etc.
☐ Evidence attached

9. Follow-up Actions

Steps to prevent recurrence or improve safeguards.
☐ Evidence attached

10. Review & Approval

Reviewer/approver name, role, signature.
☐ Evidence attached

Standards Alignment

This form aligns with:

  • Australian AI Guardrails (2024)
  • Privacy Act 1988 (APPs)
  • International standards (ISO/IEC 42001, ISO/IEC 23894, NIST AI RMF)

Next Steps

  • Submit this report to your designated AI governance officer, IT/security team, or senior manager.
  • Review lessons learned and update safeguards.
  • Notify regulators if required (e.g., OAIC for privacy breaches).

Template Disclaimer & Licence

Disclaimer

The purpose of this template is to provide best practice guidance on implementing safe and responsible AI governance in Australian organisations.

SafeAI-Aus has exercised care and skill in the preparation of this material. However, SafeAI-Aus does not guarantee the accuracy, reliability, or completeness of the information contained.

The content reflects best practice principles but is intended as a starting point only. Organisations should adapt this template to their specific context and may wish to seek advice from legal counsel, governance, risk, or compliance officers before formal adoption.

This publication does not indicate any commitment by SafeAI-Aus to a particular course of action. SafeAI-Aus accepts no responsibility or liability for any loss, damage, or costs incurred as a result of the information contained in this template.

Licence

This template is made available under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence.

You are free to:

  • Share — copy and redistribute the material in any medium or format.
  • Adapt — remix, transform, and build upon the material for any purpose, even commercially.

Under the following terms:

  • Attribution — You must give appropriate credit, provide a link to the licence, and indicate if changes were made.

Attribution statement for reuse:
“This template was developed by SafeAI-Aus and is licensed under CC BY 4.0. Source: SafeAI-Aus.”

Full licence text: https://creativecommons.org/licenses/by/4.0/