Incidents
Article 73 of the EU AI Act requires that providers of high-risk AI report serious incidents to the relevant national authority within strict timelines. Meridian Blue captures the report, holds it for compliance review, and tracks the submission deadline.
What counts as a serious incident
Article 3(49) of the AI Act defines a serious incident as a malfunction or failure of an AI system that directly or indirectly leads to: death or serious damage to health, serious and irreversible disruption of critical infrastructure, breach of obligations under Union law, or serious damage to property or the environment.
Reporting timelines
- 15 days — standard reporting deadline.
- 10 days — for incidents involving widespread harm.
- 2 days — for serious infrastructure or human-life incidents.
Meridian Blue stamps each incident with its received-at timestamp and the applicable deadline so the dashboard's incident view can surface "X days remaining" automatically.
Incident API
| Method | Path | Purpose |
|---|---|---|
POST | /api/v1/incidents | File a new incident. |
GET | /api/v1/incidents | List incidents for the tenant. |
GET | /api/v1/incidents/:id | Fetch one incident with attachments. |
PATCH | /api/v1/incidents/:id | Update status, add notes, attach evidence. |
Workflow
- Detect — File via the API or via the dashboard's Incidents page.
- Classify — Severity tier sets the reporting deadline.
- Investigate — Attach evidence; the audit log gives you the full request lineage to root-cause from.
- Submit — Generate a regulator-ready report (PDF) from the captured evidence.
- Resolve — Mark the incident closed; the resolution timestamp + reasoning is itself audit-logged.