Designing Incident Reporting Systems for Harms From General-Purpose AI

As general‑purpose AI systems proliferate across finance, healthcare, and transportation, the frequency and severity of real‑world harms are rising. Traditional safety‑critical sectors—aviation, nuclear, and chemical manufacturing—have long relied on structured incident reporting to prevent repeat accidents. Translating those lessons to AI requires recognizing the technology’s unique opacity, rapid iteration cycles, and cross‑industry impact, making a dedicated reporting infrastructure a cornerstone of emerging AI governance.

The RAND framework proposes seven interlocking dimensions that shape any reporting system. Defining a clear policy goal—whether to protect consumers, preserve environmental integrity, or safeguard civil liberties—determines which actors submit reports and who receives them. Choices around enforcement, such as mandatory thresholds versus voluntary channels, directly affect data completeness and stakeholder trust. Anonymity provisions encourage whistleblowers to surface near‑miss events, while structured post‑report actions, like shared learning platforms, turn isolated incidents into industry‑wide safety improvements.

For U.S. regulators, the paper’s case‑study insights suggest a hybrid model that blends the rigor of federal oversight with the flexibility of industry‑led initiatives. Implementing tiered reporting thresholds can capture high‑risk events without overburdening developers, while a centralized, anonymized database facilitates cross‑sector analysis. Clear legal definitions and liability protections will be critical to incentivize participation. As AI continues to embed itself in critical infrastructure, adopting these design principles now can preempt costly failures and reinforce public confidence in emerging technologies.