REFERENCE · §12 · LAST REVIEWED 2026-04-27
ACF §12 — Incident Response
Agent incident response is the documented, drilled, regulator-aware playbook the firm executes when an autonomous agent produces an outcome that breaches policy, harms a customer, or triggers a notification obligation — covering containment, communication, remediation, and lessons learned.
When an agent makes a mistake, the firm’s response — not the mistake itself — usually drives the regulatory consequence. The framework section requires a runbook with explicit triggers (policy breach, customer harm, threshold breach), containment actions (kill switch, scope reduction, audit-trail freeze), regulator-notification thresholds per applicable rule, customer-remediation paths, and a lessons-learned cycle that updates §1-11. Maps to FCA Principle 11 (notification), DORA Art. 17-22 (incident classification), GDPR Art. 33 (breach notification), MiCA Art. 75.
Regulatory anchors
- FCA PRIN 11 / SUP 15
- DORA Art. 17-22
- GDPR Art. 33-34
- MiCA Art. 75
- NIST AI RMF Manage 4
What this covers
- Trigger classification: policy breach, customer harm, threshold breach
- Containment actions: kill switch, scope reduction, audit freeze
- Regulator notification thresholds and channels per applicable rule
- Customer-remediation paths
- Lessons-learned updates back into §1-11
Common gaps
- No runbook — first incident is improvised
- Kill switch documented but tested in drill never
- Regulator-notification threshold lives in someone’s head, not in the runbook
- Lessons-learned cycle does not feed back into framework updates
Related sections
- §1 — Identity & Authorisation
Who or what is permitted to take action; how authorisation flows to agents and is revoked.
- §3 — Audit Trail
Every agent action logged with sufficient detail to reconstruct intent and outcome.
- §4 — Reversibility
Capability to unwind agent-mediated actions within a defined window.
- §9 — Customer Disclosure
When and how to disclose to end-users that an agent is taking actions on their behalf.
Take action
Score your firm's readiness across all twelve dimensions with the Agent Compliance Scorecard →
Reference compiled by Sebastian Heine. Editorial perspective at The SHeine Brief.