No central AI incident reporting and investigation function
Identified by CLTR in 2024 and still unfilled: DSIT has no central, live picture of AI incidents in the UK. Aviation (AAIB), medicines (MHRA Yellow Card) and workplace safety all have mandatory incident regimes; AI has none. Fragments sit with individual regulators; failures of government's own AI tools (Humphrey suite, DWP/HMRC systems) have no mandatory reporting route; misuse incidents (fraud, disinformation) are counted by nobody.
Without incident data the state cannot detect patterns, coordinate responses to a major AI failure, or catch early warnings of larger-scale harms: the same blindness that preceded past regulatory disasters in other sectors. It is also the cheapest single preparedness measure available.
A central AI incident database run by DSIT/AISI with a statutory reporting duty on public bodies and thresholds for private-sector reporting; longer term, an AI Incident Investigation Branch modelled on the Air Accidents Investigation Branch with no-blame investigative powers.
// State-led: Instrument: statutory reporting duty and DSIT/AISI-run database; investigation branch later.
Aviation and medicines run mandatory incident regimes while AI has none; the database is the cheapest preparedness measure, wholly unowned since 2024, though no fixed date forces it.