P1–P4 Severity Classification
Four-tier severity matrix defining what constitutes a P1 (Critical) through P4 (Low) AI incident — with sector-specific examples and escalation thresholds for each level.
AI Incident Response
Configure your context
AI drafts your output
Download and share
Review and refine
Supported frameworks include: EU AI Act, NIST AI RMF, ISO 42001, GDPR, UK GDPR, CCPA/CPRA, DPDPA, APPI, PIPL, PDPA, LGPD, POPIA
What you get
A single generation produces an Executive Summary Word document with embedded charts for sign-off plus a 9-sheet operational Excel workbook designed for use under pressure during a real incident.
Four-tier severity matrix defining what constitutes a P1 (Critical) through P4 (Low) AI incident — with sector-specific examples and escalation thresholds for each level.
Detect → Contain → Assess → Notify → Remediate → Review — with time-bound actions, role assignments, and decision criteria at each step.
Ready-to-use communication templates for each severity tier — internal stakeholder alerts, regulator notifications, and customer communications where required.
Structured evidence collection checklist for AI incidents — covering model logs, data samples, decision records, and system state captures required for post-incident review.
Structured root cause analysis template, lessons-learned format, and corrective action tracking — aligned to your risk appetite and regulatory reporting obligations.
Jurisdiction-specific timelines and triggers for notifying regulators, data protection authorities, and affected parties following an AI-related incident.
Fill in your organisation details and the AI tools currently in use. The playbook will be tailored to your jurisdiction, industry, and risk appetite — designed to be opened and acted on during a real incident.
Not ready to buy? See a sample first →
Want the jurisdiction cheat sheet first? Free →
Your generated document will appear here.
Fill in the form and click Generate to begin.
Each industry page combines the same ai incident response playbook with sector-specific risks, regulator citations, and bias considerations drawn from the canonical overlay data.
Your tool inputs — jurisdiction, industry, staff size, risk appetite, and an optional organisation name — plus a Stripe-processed payment. No account, no email required. Our hosting platform keeps minimal server logs (IP, timestamp) for security.
Tool inputs are used to generate your document and are not retained after your session. Payment transaction metadata (ID, amount, timestamp) is kept for seven years, the retention period required by financial-records law.
No. Your inputs are not used to train our AI models. Generation runs through Anthropic's API, which does not use API inputs for model training by default.
Frontend on Vercel, backend on Railway, AI generation via Anthropic's API, payment via Stripe's PCI-DSS certified infrastructure. All data in transit is TLS-encrypted.
These outputs support, rather than replace, your practitioners. Qualified human review is not optional — it is a core part of the process.
Full disclaimer
Built to amplify your in-house expertise
These documents support, and do not replace, qualified legal, clinical, or compliance practitioners. This output does not constitute legal advice. Consult your qualified in-house or external counsel before implementing or relying on any part of this document.
Regulation currency
Laws, regulations, and guidance cited are subject to change. Content reflects the position as at the date of generation and may not account for subsequent amendments, enforcement decisions, or judicial interpretations.
Proposed legislation
Where proposed or draft legislation is referenced — including the EU AI Liability Directive — such references describe legislation that has not been enacted. Its final form, scope, timing, and territorial application remain unconfirmed.
AI output limitations
AI output can contain errors or omissions. Do not rely on this document as a complete statement of your legal obligations or as a substitute for specialist compliance advice.
All 14 jurisdictions: European Union, United Kingdom, United States, Canada, Australia, Singapore, China, Japan, India, Brazil, UAE, Switzerland, South Africa, and Global/International. Each output is cited to the jurisdiction's actual laws and regulations.
All 14 industry sectors: Healthcare, Financial Services, HR & Recruitment, Legal & Professional Services, Education & EdTech, Retail & E-commerce, Manufacturing, Marketing & Advertising, Government, Energy, Transport, Insurance, Technology, and a Universal option for cross-sector use.
No. Pay once per generation, view the output online, and download immediately. No monthly fees, no account required, no recurring charges.
No. Every output is an AI-generated starting-point document that amplifies your in-house expertise — it is not a substitute for qualified legal review. We include explicit regulatory citations and review notes; you should have a qualified lawyer or compliance professional sign off before implementation.
We offer a 7-day money-back guarantee if the generated document fails to meet reasonable expectations for your stated jurisdiction and industry. See our refund policy for full details.
A 6-step incident response process (detect → triage → contain → investigate → notify → close-out), a severity classification matrix (P0–P4 with examples), communications templates for internal + external stakeholders, regulator-notification templates jurisdiction-by-jurisdiction, and a live dashboard for ongoing incident tracking.
Yes — EU outputs reference EU AI Act Article 73 (serious incident reporting to market surveillance authorities) and GDPR Article 33 (data-breach notification within 72 hours). Other jurisdictions reference their analogues (e.g. UK ICO, US state-by-state breach notification timelines).
Generate a complete, jurisdiction-specific AI incident response playbook with severity classification, 6-step process, communications templates, and a live dashboard in minutes.
Generate Playbook