DARR
MR-076 Regulatory compliance Organization scope

Failure to monitor operation and meet incident-reporting and suspension duties

A deployer does not monitor a high-risk system in use against the instructions, fails to inform the provider and the market surveillance authority of an emerging risk or serious incident, or fails to suspend use when required.

Risk family
Regulatory compliance
MIT domain
n/a (EU-derived)
MIT subdomain
n/a
AI type
GPAI, Agentic, Classical_ML
Scope
Organization
Source standard
EU AI Act 2024/1689 (gap analysis)

Provenance

Source standard
EU AI Act 2024/1689 (gap analysis)
Source frameworks
EU AI Act 2024/1689
EU AI Act articles
Art. 26(5) | Art. 72 | Art. 73
Nearest MIT-derived risk
MR-068 Inadequate incident response (the org capability; Art. 26(5)/72/73 is the mandatory authority-reporting and suspension duty).

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
EU AI Act3
  • Art. 26(5)
  • Art. 72
  • Art. 73

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.