DARR
MR-068 Governance & process Organization scope

Inadequate AI incident response and communication

The deployer has no defined way to detect, triage, respond to, and communicate AI-related incidents and adverse impacts to affected parties and authorities, so harms persist and escalate.

Risk family
Governance & process
MIT domain
n/a (ISO-derived)
MIT subdomain
n/a
AI type
GPAI, Agentic, Classical_ML
Scope
Organization
Source standard
ISO/IEC 23894 + 42001 (gap analysis)

Provenance

Source standard
ISO/IEC 23894 + 42001 (gap analysis)
Source frameworks
ISO/IEC 42001:2023
ISO/IEC references
42001 Annex A, A.8.3, A.8.4 and A.3.3
EU AI Act articles
Art. 26(5) | Art. 72 | Art. 73
GPAI Code of Practice
S&S Ch. Commitment 9
Nearest MIT-derived risk
MR-040 Regulatory non-compliance: overlaps on reporting obligations, but not the operational detect-respond-communicate capability.

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 420013
  • A.3.3 ISO/IEC 42001 Annex A A.3.3
  • A.8.3 ISO/IEC 42001 Annex A A.8.3
  • A.8.4 ISO/IEC 42001 Annex A A.8.4
EU AI Act4
  • Art. 26(5)
  • Art. 72
  • Art. 73
  • CoP S&S Ch. Commitment 9

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.