What do the P0–P4 levels mean?

P0 is a critical, active incident demanding immediate all-hands response; P1 is high severity needing urgent action; P2 is moderate; P3 is low; P4 is informational or near-miss. The level drives who is paged and how fast you must act.

How does data exposure change severity?

Exposure of sensitive or special-category data (health, financial, credentials) sharply raises severity because it triggers regulatory notification duties and serious harm to individuals — even if relatively few users are affected.

Does this handle GDPR breach timelines?

Yes. When the incident indicates a personal-data breach with risk to individuals, the output flags the GDPR 72-hour supervisory-authority notification window and possible obligation to notify affected people.

Is the classification authoritative?

No. It is a triage aid based on common severity frameworks. Your organisation's own incident policy, legal counsel, and DPO have the final say, especially on regulatory notification decisions.

When should I use it?

At the start of incident triage, to get a fast, consistent first classification so the right people are engaged on the right timeline. Re-run as facts evolve, since severity can escalate when the blast radius becomes clearer.

AI Incident Severity Classifier

AI incident severity classifier

When something goes wrong with an AI system — a harmful output at scale, a prompt that leaked data, a model returning another user’s information — the first job is triage: how bad is this, who needs to be paged, and how fast must we act? This classifier turns a short description of the incident into a P0–P4 severity level with the corresponding response timeline and playbook, so your first response is fast and consistent instead of ad hoc.

How it works

You describe the incident type (harmful/unsafe output, data exposure, security breach, availability/outage, or bias/discrimination), the number of affected users, and what kind of data was exposed, plus flags for regulatory-breach signals and ongoing/active status. The tool scores these factors — data sensitivity and breach indicators weigh heaviest, then blast radius, then reputational risk — and maps the total to a severity level. Each level comes with a target response window and a checklist: who to escalate to, containment, whether GDPR’s 72-hour breach-notification clock has started, and post-incident review.

Notes and use

Severity can escalate as facts emerge, so re-run the classifier when the blast radius becomes clearer — an incident that looked like P3 often becomes P1 once you discover the data was sensitive or the exposure was wider than thought. This is a triage aid, not a substitute for your incident policy: legal counsel and your DPO own the final call on regulatory notification, and your runbook owns the named on-call rotation. Use it to get the right people engaged on the right clock from minute one.