Can I send these templates as-is?

No. They are scaffolds that give you structure and a sensible starting tone, but every incident has specifics — facts, obligations, timelines — that you must fill in. Crisis comms should always be reviewed by legal and communications leads before release, especially regulator notices.

Why pre-draft incident communications?

In a live incident the clock matters and panic-written messaging is where organisations make their worst mistakes — over-promising, speculating, or admitting things prematurely. Having a structured starting point lets you focus on getting the facts right rather than the wording from scratch.

What should a regulator notification include?

Generally the nature of the incident, the categories and approximate number of affected individuals, likely consequences, the measures taken or proposed, and a contact point. Notification deadlines vary by regime — some privacy regulators require notice within 72 hours — so confirm your obligations early.

How candid should the customer notice be?

Clear and honest, without speculation. State what happened, what data or service was affected, what you are doing, and what the customer should do. Avoid minimising language and avoid committing to facts you have not verified — say what you know and that you will update.

Is anything I enter stored?

No. The templates are assembled entirely in your browser and nothing is sent to a server. Treat the output as an internal draft.

AI Safety Incident Crisis Communication Template

AI safety incident crisis communication

When an AI system causes a safety or privacy incident, the response window is short and the communications are high-stakes: a clumsy customer notice, a premature press line, or a missed regulator deadline can compound the original harm. This tool generates structured draft communications for the audiences that matter — internal staff, customers, regulators, and press — tailored to the incident type, who is affected, and the severity, so you start from a sensible scaffold instead of a blank page under pressure.

How it works

You describe the incident: the type (harmful output, data exposure, an erroneous automated decision, a service outage, or a security breach), the affected parties (customers, staff, the public, a specific group), and the severity. For each audience you select, the tool assembles a draft with the right structure and tone — an internal notice that mobilises the team, a customer notification that states what happened and what to do, a regulator disclosure that hits the expected elements, and a holding press statement. Bracketed placeholders mark the incident-specific facts you must supply, and the drafts deliberately avoid speculation and over-commitment.

Tips and notes

Verify before you assert. Say what you know; do not commit to facts you have not confirmed. “We are investigating” beats a wrong claim.
Mind the regulator clock. Some privacy regimes require notice within 72 hours — confirm your deadline at the very start.
One source of truth. Align internal, customer, regulator, and press messaging so they do not contradict each other.
Always route through legal and comms. These drafts are a head start, not a substitute for review before release.