Is this a substitute for legal advice?

No. It is a starting-point operational template. Regulatory notification deadlines — such as the GDPR 72-hour breach clock — depend on your jurisdiction and facts, so confirm them with your DPO or counsel.

How is severity decided?

Each incident type ships with a sensible default — data leaks and harmful output start at critical, bias and outages at high. You should re-assess severity during triage based on actual scope and impact.

Why separate bias from harmful output?

They need different responders and remediations. Bias pulls in your responsible-AI and legal leads and a fairness eval; harmful content pulls in trust and safety and a hard safety filter. Treating them the same slows both responses.

Does anything I type leave my browser?

No. The runbook is assembled entirely in your browser from your inputs. Nothing is uploaded or stored.

Can I customize the checklists?

Yes — copy the runbook and edit it freely. It is plain Markdown, so it pastes cleanly into most incident tools, wikis, and ticketing systems.

AI Incident Response Template Generator

AI incident response template generator

When an AI system misbehaves in production — a biased recommendation, a harmful generation, a leaked record, or a hard failure — the worst time to design your response is during the incident. This generator produces a structured incident-response runbook tailored to the type of AI incident you select, so you can open a clean checklist instead of improvising under pressure.

How it works

Pick an incident type and the tool loads a profile for it: a default severity level, the stakeholders who must be notified, and a remediation checklist specific to that failure mode. Add a one-line system description and an estimate of affected users, and the runbook fills those into a five-phase structure — triage, notification, containment, remediation, and post-incident. Everything is assembled in your browser as plain Markdown that you can copy straight into your incident channel or ticket.

Tips and notes

Contain before you root-cause. Phase 3 exists on purpose: disable, filter, or gate the failing path before you start the deep investigation.
Watch the breach clock. For data leaks, the GDPR 72-hour notification window can start the moment you become aware — confirm your duties early.
Add a regression test. The post-incident phase asks for an eval or test that would have caught the issue; that is what stops a repeat.
It is a template, not advice. Severity defaults and notification lists are reasonable starting points, not a legal determination for your situation.