本文目前仅提供英文版本。
AI Incident Response for Australian Organisations: A Practical Playbook
When an AI system causes harm, fails catastrophically, or generates a regulatory investigation, your response in the first 72 hours determines the outcome. Australia-specific playbook covering Privacy Act notification obligations, APRA/ASIC reporting, and the internal escalation framework.
Key Takeaways
The first 72 hours of an AI incident determine the regulatory and legal outcome — organisations without a documented AI incident response plan consistently make the decisions that result in the worst outcomes.
Privacy Act notification obligations apply to AI incidents that involve eligible data breaches — if an AI failure results in unauthorised access to or disclosure of personal information likely to cause serious harm, you must complete an assessment within 30 days, then notify the OAIC and affected individuals as soon as practicable.
APRA-regulated entities have specific incident reporting obligations — material operational incidents (including AI system failures affecting critical operations) must be reported under CPS 230 (which replaced the former CPS 231 and CPS 232 from 1 July 2025).
The five AI incident categories requiring different response protocols: AI output failure (incorrect decisions at scale), AI data breach (personal information exposed), AI regulatory breach (non-compliant use discovered), AI third-party failure (vendor AI fails), and AI safety incident (physical harm from AI system).
The single most important pre-incident action: designate an AI Incident Response Owner with the authority to make rapid decisions — organisations that have to resolve authority questions during an incident consistently escalate unnecessarily.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
Why AI incidents are different from other technology incidents
AI incidents have characteristics that distinguish them from traditional technology incidents and that require specific response protocols. First, scale: an AI model failure can affect thousands or millions of decisions before it is detected, because automated systems process at a speed and volume that human review cannot match. Second, ambiguity: it is often not immediately clear whether an AI is failing or performing as designed but producing outcomes that are unacceptable — this ambiguity creates delay in the response that worsens the outcome. Third, causation complexity: establishing what went wrong in an AI system — whether it is the model, the data, the deployment, the monitoring, or the business logic — requires technical expertise that may not be immediately available. And fourth, regulatory multiplicity: an AI incident may simultaneously engage privacy law, sector-specific regulation, consumer law, and employment law — the response must coordinate across all of these simultaneously.
The 72-hour response framework
Hours 0-4 (Contain and Assess): The immediate priority is to understand whether the AI system is currently causing harm and whether continued operation will cause additional harm. If the answer to either question is yes, the first decision is whether to suspend operation. Suspending an AI system is often commercially costly — but continuing to operate an AI system that is causing harm at scale is almost always more costly, in regulatory, legal, and reputational terms. The contain and assess phase ends with a clear factual statement: what happened, when, what is the current scale of impact, and what is the trajectory if the system continues to operate.
Hours 4-24 (Investigate and Notify): The investigation phase establishes the root cause of the AI incident with sufficient confidence to brief regulators and affected parties. Parallel to investigation, the privacy breach assessment must be completed: does this incident involve personal information? Is there a risk of serious harm to affected individuals? If yes to both, the Privacy Act notification clock is running — you must complete an assessment within 30 days of suspecting an eligible data breach, then notify as soon as practicable. For APRA-regulated entities, the CPS 230 operational incident reporting assessment must also be completed in this window: is this a material operational incident that requires APRA notification?
Hours 24-72 (Remediate and Communicate): By 72 hours, the organisation should be implementing remediation of the AI system failure, communicating with affected individuals if notification obligations apply, briefing relevant regulators, and preparing for external scrutiny. The communication to affected individuals is often the most challenging element — it must be honest, specific, and actionable, without creating additional legal exposure. Legal review of all external communications is essential before release.
OAIC notification: what triggers the obligation
The Notifiable Data Breaches scheme under the Privacy Act requires notification to the OAIC and affected individuals when an "eligible data breach" occurs. An eligible data breach is an unauthorised access to, or disclosure of, personal information, where a reasonable person would conclude that the access or disclosure is likely to result in serious harm to the affected individual. AI incidents can trigger this obligation in several ways: an AI system that exposes personal data through its outputs (for example, an AI that returns other users' data in responses), an AI system that is compromised through adversarial attack, or an AI system whose training data is exfiltrated. The assessment of whether serious harm is likely must be made promptly — the 30-day notification clock runs from when the organisation becomes aware that an eligible data breach has occurred.