Notification Routing Governance

2. Summary

Notification Routing Governance requires that organisations maintain a formally governed, tested, and version-controlled notification routing matrix that maps incident types and severity levels to specific notification recipients — regulators, customers, partners, internal leadership, and other stakeholders — with defined timing obligations, content requirements, and channel specifications. When an AI agent incident occurs, the organisation must notify multiple parties under multiple regulatory regimes with different deadlines, content requirements, and format expectations. A missed or late regulatory notification can transform a manageable incident into an enforcement action; a delayed customer notification can convert a technical failure into a reputational crisis; a misdirected internal notification can leave decision-makers uninformed while the incident escalates. This dimension mandates that notification routing is a governed artefact — not an ad hoc process executed under crisis pressure — with pre-defined routes that are tested, validated against current regulatory requirements, and executable within the time constraints imposed by the most demanding applicable regulation.

3. Example

Scenario A — Missed Regulatory Notification Deadline Converts Incident into Enforcement Action: A customer-facing agent deployed by a financial services firm experiences a data breach when a prompt injection attack extracts 4,200 customer records including names, account numbers, and transaction histories. The incident response team contains the breach within 3 hours and begins remediation. However, the team is unaware that the firm is subject to three separate notification obligations: GDPR Article 33 requires notification to the data protection authority within 72 hours, FCA Principle 11 requires prompt notification to the FCA of anything of which the FCA would reasonably expect notice, and the firm's contractual obligations with its payment processor require notification within 24 hours. The team notifies the data protection authority within 72 hours but does not notify the FCA until day 8 (when the legal team discovers the obligation) and does not notify the payment processor until day 12 (when the processor contacts the firm after discovering the breach through its own monitoring). The FCA imposes a £1.4 million fine, citing the 8-day delay as evidence of inadequate systems and controls. The payment processor suspends the firm's processing agreement for 30 days pending a remediation review, costing £2.1 million in lost revenue.

What went wrong: No notification routing matrix existed. The incident response team knew to notify the data protection authority (a well-understood obligation) but was unaware of the FCA and payment processor obligations. Notification routing was an ad hoc, knowledge-dependent process rather than a governed artefact. Consequence: £1.4 million FCA fine, £2.1 million lost revenue from processor suspension, reputational damage from the delayed disclosure narrative.

Scenario B — Notification Sent to Wrong Regulator in Cross-Border Incident: An enterprise workflow agent operating across EU and UK jurisdictions processes personal data of both EU and UK residents. An operational failure causes the agent to apply EU data processing rules to UK residents and UK rules to EU residents for a period of 6 days. The incident response team correctly identifies the need for regulatory notification but routes the EU notification to the UK Information Commissioner's Office (ICO) and the UK notification to the French CNIL (the relevant EU supervisory authority). The ICO receives a notification about EU residents it does not supervise; the CNIL receives a notification about UK residents it does not supervise. Both regulators redirect the notifications, but the process takes 4 days — pushing both notifications past their respective deadlines. The CNIL issues a finding for late notification under GDPR Article 33, and the ICO issues a finding for late notification under UK GDPR.

What went wrong: The notification routing matrix did not distinguish between EU and UK regulatory recipients for cross-border incidents, or no routing matrix existed and the analyst made a cross-jurisdictional error under time pressure. The routing decision was made by an individual under crisis conditions rather than derived from a pre-validated routing artefact. Consequence: Regulatory findings in two jurisdictions, extended supervisory engagement, and £620,000 in combined regulatory penalties and legal fees.

Scenario C — Internal Leadership Not Notified Until Public Disclosure: A safety-critical industrial agent controlling a water treatment process malfunctions, causing an incorrect chemical dosing event that triggers a public health advisory for 34,000 residents. The incident response team notifies the environmental regulator and the public health authority within the required timeframes. However, the notification routing process does not include the organisation's board of directors, the CEO, or the communications team in the initial notification tier. The board learns of the incident from a news report 14 hours after the public health advisory is issued. The CEO is unable to respond to media inquiries because they have no briefing. The communications team issues a statement that contradicts the regulator's public health advisory because they were not coordinated with the incident response team. The contradictory statement triggers a secondary regulatory investigation into the organisation's crisis communication governance.

What went wrong: The notification routing matrix covered external regulatory notifications but did not include internal leadership and communications teams at the appropriate tier and timing. Internal notification was treated as informal and discretionary rather than as a governed routing requirement. Consequence: Board embarrassment, contradictory public communications, secondary regulatory investigation, £890,000 in crisis communications consultancy and regulatory engagement costs.

4. Requirement Statement

Scope: This dimension applies to every organisation operating AI agents where incidents can trigger notification obligations to any party — regulators, data protection authorities, customers, partners, counterparties, insurers, or internal leadership. The scope covers the notification routing matrix itself (the governed artefact that maps incident types and severities to notification recipients, timing, content, and channels), the process for maintaining and validating the matrix, the execution mechanisms that deliver notifications, and the evidence trail that demonstrates compliance with timing obligations. The scope is jurisdictional: organisations operating across multiple jurisdictions must maintain routing rules that reflect the notification requirements of each jurisdiction and resolve conflicts where jurisdictional requirements differ. The scope extends to both mandatory notifications (required by law, regulation, or contract) and discretionary-but-governed notifications (not legally required but mandated by internal governance policy, such as board notification). The scope includes both the initial notification and any required follow-up notifications (e.g., GDPR's requirement to provide additional information as it becomes available).

4.1. A conforming system MUST maintain a notification routing matrix that maps every combination of incident type (as classified under AG-409) and severity level (as classified under AG-419) to a specific set of notification recipients, with each recipient entry specifying: the recipient identity or role, the notification deadline (absolute time from incident detection or classification), the required content elements, the approved communication channel, and the regulatory or contractual basis for the notification obligation.

4.2. A conforming system MUST version-control the notification routing matrix using immutable version identifiers, retaining all prior versions with full change history including timestamps, authors, and approval references.

4.3. A conforming system MUST validate the notification routing matrix against current regulatory requirements at least semi-annually, or within 30 days of any relevant regulatory change, confirming that all mandatory notification obligations are reflected in the matrix with correct deadlines, recipients, and content requirements.

4.4. A conforming system MUST implement automated or semi-automated notification dispatch that, upon incident classification, identifies the applicable notification routes from the matrix and initiates the notification workflow with tracking of each notification's status (pending, sent, acknowledged, follow-up required).

4.5. A conforming system MUST record a timestamped, tamper-evident log of every notification sent, including: incident identifier, recipient, channel used, content summary, timestamp of dispatch, timestamp of recipient acknowledgement (where available), and the routing matrix version used to determine the route.

4.6. A conforming system MUST include internal leadership notification routes — board of directors, senior management, legal counsel, and communications function — in the routing matrix at timing tiers that ensure internal stakeholders are informed before or concurrently with external disclosure, not after.

4.7. A conforming system MUST implement escalation procedures for notification failures — situations where a notification cannot be delivered through the primary channel (e.g., recipient system unavailable, email bounced, portal down) — including fallback channels and escalation to governance leadership if the fallback also fails.

4.8. A conforming system MUST address cross-border notification routing for organisations operating in multiple jurisdictions, maintaining jurisdiction-specific routing rules that correctly identify the supervisory authority, regulatory body, or data protection authority for each jurisdiction and resolve conflicts where the same incident triggers notifications to multiple jurisdictions with different requirements.

4.9. A conforming system SHOULD implement notification templates pre-approved by legal counsel for each notification route, reducing the time required to compose notifications under crisis conditions and ensuring compliance with content requirements.

4.10. A conforming system SHOULD implement notification rehearsal — periodic testing of the notification routing matrix through simulated incidents to verify that routes are correct, channels are functional, and timing obligations can be met.

4.11. A conforming system MAY implement automated regulatory deadline tracking that monitors elapsed time from incident detection, alerts the incident response team as deadlines approach, and escalates to governance leadership when a deadline is at risk of being breached.

5. Rationale

Incident notification is a time-critical, high-stakes process that must be executed correctly under crisis conditions. The combination of time pressure, multiple concurrent obligations, jurisdictional complexity, and the severe consequences of failure makes ad hoc notification routing unacceptable for organisations operating AI agents at scale.

The notification landscape for AI agent incidents is uniquely complex. A single incident may simultaneously trigger: GDPR Article 33 notification to the relevant supervisory authority (72 hours), DORA Article 19 notification to the competent authority for major ICT-related incidents (within time limits to be specified by regulatory technical standards), EU AI Act Article 73 notification for serious incidents involving high-risk AI systems (within timeframes established by the Act), sector-specific notification to financial regulators (FCA: prompt, SEC: varies by incident type), contractual notification to partners and counterparties (typically 24-48 hours), customer notification under GDPR Article 34 where there is high risk to individuals, and internal notification to the board, senior management, and communications function. Each of these notifications has different deadlines, different content requirements, different format expectations, and different recipient identities. Missing any single notification — or sending it to the wrong recipient, with the wrong content, or past the deadline — can independently trigger regulatory enforcement.

The consequences of notification failure are disproportionate to the underlying incident. An incident that is well-managed operationally but poorly notified can result in larger regulatory penalties than the incident itself would have warranted. Regulators treat late or missing notification as evidence of inadequate governance — separate from and additional to the substantive failure. The FCA's approach is illustrative: Principle 11 requires firms to deal with regulators in an open and cooperative way and to disclose appropriately anything of which the FCA would reasonably expect notice. A firm that manages an incident competently but fails to notify the FCA promptly can face enforcement action for the notification failure alone.

Cross-border complexity amplifies the risk. An organisation operating in the EU and UK must determine which supervisory authority to notify (lead supervisory authority under GDPR, the ICO under UK GDPR), and the determination may depend on factors such as where the data subjects are located, where the processing takes place, and where the organisation is established. Making this determination under crisis pressure, without a pre-validated routing matrix, is error-prone — as Scenario B illustrates.

Internal notification failure creates a different category of harm. When the board and senior management learn of an incident from external sources (news reports, regulator inquiries, partner notifications), the organisation loses control of its crisis narrative. The communications function cannot prepare accurate statements if they are not informed. Legal counsel cannot provide guidance if they are unaware. The delay between external disclosure and internal awareness creates a window during which the organisation may issue contradictory statements, fail to preserve evidence, or make operational decisions that complicate the regulatory response.

The routing matrix must be a governed artefact — version-controlled, validated, and tested — because the conditions under which it is used (active incident, time pressure, high stakes) are precisely the conditions under which ad hoc decision-making is most error-prone. Pre-validating the matrix during calm periods ensures that the crisis response team can execute a predetermined plan rather than making routing decisions in real time.

6. Implementation Guidance

Notification Routing Governance requires a structured, pre-validated routing artefact that can be executed reliably under crisis conditions. The implementation should treat notification routing as a deterministic function: given an incident type and severity as inputs, the routing matrix produces a complete list of notifications as output, each with a specified recipient, deadline, content template, and channel.

Recommended patterns:

• Matrix-based routing with automated dispatch. Implement the routing matrix as a structured data artefact (database table, configuration file, or purpose-built tooling) where each row specifies: incident type, severity level, recipient role/identity, notification deadline (hours from incident detection), content template reference, primary channel, fallback channel, and regulatory/contractual basis. When an incident is classified, the system automatically queries the matrix and generates a notification task list with deadlines. Each task is tracked through dispatch, delivery confirmation, and acknowledgement. This eliminates the need for individuals to recall notification obligations from memory during a crisis.
• Jurisdiction-aware routing rules. For cross-border deployments, the routing matrix should include jurisdiction as a routing parameter. The matrix entry for a data breach affecting EU residents routes to the lead supervisory authority under GDPR; the same incident type affecting UK residents routes to the ICO; affecting both routes to both, with jurisdiction-specific content templates. The jurisdictional determination logic should be pre-validated by legal counsel and documented in the matrix, not determined at incident time. Where the jurisdictional determination is complex (e.g., identifying the lead supervisory authority for a multi-country processing operation), the matrix should specify a decision tree with clear criteria.
• Pre-approved notification templates. For each notification route, maintain a pre-approved template that satisfies the recipient's content requirements. Templates should include: mandatory fields (incident description, affected data subjects or systems, measures taken, contact details), optional fields (root cause if known, timeline of events), and placeholder sections for incident-specific detail. Legal counsel should review and approve templates at least annually. Pre-approved templates reduce composition time from hours to minutes under crisis conditions and prevent content errors caused by rushed drafting.
• Tiered notification timing. Implement notification timing in tiers that reflect both urgency and sequencing requirements. Tier 0 (immediate, within 1 hour): internal crisis team, legal counsel, CISO. Tier 1 (within 4 hours): board notification, senior management, communications function. Tier 2 (within regulatory deadlines): regulatory notifications per jurisdictional requirements. Tier 3 (within contractual deadlines): partner and counterparty notifications. Tier 4 (as appropriate): customer notification, public disclosure. This tiering ensures that internal stakeholders are always informed before external disclosure.
• Notification delivery confirmation and fallback. For every notification, track delivery status. For regulatory notifications, use channels that provide delivery confirmation (regulatory portals with submission receipts, recorded delivery post, acknowledged email). If the primary channel fails, automatically trigger the fallback channel and escalate to governance leadership. Maintain evidence of delivery attempts, failures, and fallback executions.

Anti-patterns to avoid:

• Knowledge-dependent routing. Relying on individuals to know who to notify based on their experience, training, or memory of regulatory requirements. Individual knowledge is incomplete, degrades under stress, and is unavailable when the knowledgeable individual is absent. The routing matrix must be the definitive source, not supplementary to individual knowledge.
• Single-channel notification. Sending all notifications through a single channel (e.g., email) without fallback. Email delivery is not guaranteed; regulatory portals may be unavailable; physical mail is too slow for tight deadlines. Every route should have a primary channel and at least one fallback.
• Post-incident routing determination. Determining notification recipients and deadlines after the incident has been classified, rather than before. Every minute spent determining who to notify is a minute closer to the earliest deadline. Routing determination must be pre-computed in the matrix, not calculated during the incident.
• Undifferentiated notification content. Sending the same notification content to all recipients regardless of their role, jurisdiction, or information needs. Regulators require specific content elements; customers need plain-language explanations; internal leadership needs strategic impact assessment. Templates should be recipient-specific.
• Excluding internal stakeholders from the matrix. Treating internal notification as informal and outside the governed routing process. Internal notifications are as critical as external ones — they enable crisis management, communications coordination, and evidence preservation. Internal routes must be in the matrix with the same rigour as external routes.

Industry Considerations

Financial Services. Financial institutions face the most complex notification landscape. A single incident may trigger notifications to the FCA (Principle 11), the PRA (if dual-regulated), the ICO (data breach), counterparties (contractual), clearinghouses (operational risk), and customers (conduct obligations). Financial institutions should maintain a dedicated notification routing function within their incident response team and should test the routing matrix quarterly through tabletop exercises (per AG-420).

Healthcare. Healthcare organisations operating AI agents must route notifications to health authorities, patient safety bodies, and data protection authorities. The EU Medical Device Regulation (Article 87) requires vigilance reporting for serious incidents involving medical devices, including software as a medical device. Healthcare notification templates should include clinical safety information and patient impact assessments.

Safety-Critical and Industrial. Safety-critical incidents may trigger notifications to occupational health and safety regulators, environmental regulators, emergency services, and local authorities. Notification deadlines may be measured in minutes (e.g., hazardous material release) rather than hours. The routing matrix for safety-critical deployments should include emergency notification routes with sub-hour deadlines and direct communication channels (phone, radio) rather than asynchronous channels (email, portal).

Crypto and Web3. Crypto and DeFi incidents involving loss of customer assets may trigger notifications to financial regulators (where applicable), law enforcement (for theft or fraud), and the broader community (for protocol-level vulnerabilities). The decentralised nature of some crypto operations complicates the determination of applicable jurisdictions. The routing matrix should include logic for determining applicable jurisdictions based on the location of affected users, the registration jurisdiction of the operator, and any applicable regulatory sandbox or licensing regime.

Maturity Model

Basic Implementation — The organisation maintains a notification routing matrix mapping incident types and severities to notification recipients with deadlines, content requirements, and channels. The matrix is version-controlled and validated against current regulatory requirements at least semi-annually. Internal leadership routes are included. Notification dispatch is tracked with timestamped logs. Notification failures trigger fallback channels. This level meets the minimum mandatory requirements.

Intermediate Implementation — All basic capabilities plus: automated dispatch generates notification task lists from the matrix upon incident classification. Pre-approved templates exist for each notification route, reviewed annually by legal counsel. Notification rehearsals test the matrix through simulated incidents at least quarterly. Automated deadline tracking alerts the team as deadlines approach. Cross-border routing rules are pre-validated and include jurisdiction-specific content templates. Delivery confirmation is obtained for all regulatory notifications.

Advanced Implementation — All intermediate capabilities plus: fully automated notification dispatch for Tier 0 and Tier 1 notifications, requiring human approval only for external regulatory and public notifications. Real-time dashboards show notification status across all active incidents. The routing matrix is integrated with regulatory change monitoring, automatically flagging matrix entries that may be affected by regulatory updates. Notification timing metrics (time from classification to dispatch for each route) are tracked with defined performance targets. Independent audit has validated the matrix against all applicable regulatory requirements.

7. Evidence Requirements

Required artefacts:

• Notification routing matrix. The current version of the routing matrix showing all mapped routes: incident type, severity level, recipient, deadline, content template reference, primary channel, fallback channel, and regulatory/contractual basis. Format: structured data (database export, JSON/YAML, or spreadsheet with defined schema), not prose narrative.
• Matrix version history. Complete version history of the routing matrix, with timestamps, authors, approvers, and change justifications for each version. Minimum: all versions since initial adoption or 3 years, whichever is shorter.
• Regulatory validation records. Evidence of the most recent regulatory validation of the matrix, showing: which regulations were checked, the date of validation, the validator identity, and any discrepancies identified and their resolution.
• Notification dispatch logs. Timestamped, tamper-evident logs for all notifications sent during incidents, showing: incident identifier, recipient, channel, content summary, dispatch timestamp, delivery confirmation timestamp (where available), and routing matrix version used.
• Notification failure and fallback records. Documentation of any notification delivery failures, including: the failed channel, the failure reason, the fallback channel used, and the time elapsed before successful delivery.
• Notification templates. Current versions of all pre-approved notification templates, with legal counsel approval dates and review history.
• Rehearsal records. Results of notification routing rehearsals, including: simulated incident details, expected notification routes, actual notifications dispatched, timing achieved, and any discrepancies identified and remediated.

Retention requirements:

• Notification dispatch logs and failure records: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.
• Routing matrix versions: retain for the same periods as dispatch logs, as the matrix version is required to verify that the correct routes were used for each incident.

Access requirements:

• Producible to regulators or auditors within 24 hours of request. Notification evidence is time-sensitive and regulators may request it during an active incident investigation. The 24-hour production requirement (rather than the standard 48 hours) reflects the urgency of notification compliance evidence.

8. Test Specification

Test 8.1: Routing Matrix Completeness

• Stimulus: Enumerate all incident types from the organisation's critical event taxonomy (per AG-409) and all severity levels from the adverse event severity matrix (per AG-419). For each combination, query the routing matrix and verify that at least one notification route is defined.
• Expected behaviour: Every incident type and severity combination has at least one defined notification route. High-severity combinations have multiple routes covering regulatory, internal, and (where applicable) customer recipients.
• Pass criteria: 100% of incident type/severity combinations have at least one defined route. All routes include recipient, deadline, content requirements, and channel.
• Fail criteria: Any incident type/severity combination has no defined route, or any route is missing required fields (recipient, deadline, content, or channel).

Test 8.2: Regulatory Deadline Accuracy

• Stimulus: For each regulatory notification route in the matrix, compare the specified deadline against the current regulatory requirement. Check at least: GDPR Article 33 (72 hours), applicable sector-specific regulations, and any contractual notification obligations.
• Expected behaviour: All deadlines in the matrix match or are tighter than the applicable regulatory or contractual requirement.
• Pass criteria: 100% of regulatory notification deadlines in the matrix are equal to or shorter than the actual regulatory requirement. No deadline exceeds the regulatory maximum.
• Fail criteria: Any notification deadline in the matrix exceeds the applicable regulatory requirement, or any mandatory regulatory notification obligation is absent from the matrix.

Test 8.3: Automated Dispatch Activation

• Stimulus: Classify a test incident at a severity level that triggers multiple notification routes. Verify that the system generates a notification task list from the matrix within 15 minutes of classification, identifying all applicable recipients with their respective deadlines and content requirements.
• Expected behaviour: The notification task list is generated automatically, containing all applicable routes from the matrix for the incident type and severity combination.
• Pass criteria: Task list generated within 15 minutes. All applicable routes from the matrix appear in the task list with correct recipients, deadlines, and content requirements. No applicable route is omitted.
• Fail criteria: Task list not generated within 15 minutes, or any applicable route is omitted, or any route has incorrect deadline or recipient information.

Test 8.4: Internal Leadership Notification Timing

• Stimulus: Simulate a high-severity incident that triggers both internal leadership notification (Tier 0/1) and external regulatory notification (Tier 2). Verify that internal leadership notifications are dispatched before or concurrently with external regulatory notifications.
• Expected behaviour: Internal leadership (board, senior management, legal counsel, communications) are notified at an earlier or equal tier than external regulators. No external notification is dispatched before internal leadership is informed.
• Pass criteria: Internal leadership notifications are dispatched at an earlier or equal timestamp compared to external regulatory notifications. Evidence of dispatch timing is available in the notification log.
• Fail criteria: Any external regulatory notification is dispatched before internal leadership has been notified, or internal leadership notification is not tracked in the notification log.

Test 8.5: Notification Delivery Failure and Fallback

• Stimulus: Simulate a notification delivery failure on the primary channel for a regulatory notification (e.g., regulatory portal returns an error, email bounces). Verify that the system detects the failure, triggers the fallback channel, and escalates to governance leadership.
• Expected behaviour: The failure is detected. The fallback channel is activated. Governance leadership is notified of the primary channel failure. The notification is delivered through the fallback channel within the original deadline.
• Pass criteria: Primary failure detected within 30 minutes. Fallback channel activated. Governance leadership escalation generated. Notification delivered via fallback channel. All events are logged with timestamps.
• Fail criteria: Primary failure not detected, fallback not triggered, governance leadership not informed, or the notification is not delivered through any channel within the original deadline.

Test 8.6: Cross-Border Routing Accuracy

• Stimulus: Classify a test incident that affects data subjects or operations in at least two different jurisdictions. Verify that the routing matrix produces jurisdiction-specific notification routes with the correct regulatory recipient for each jurisdiction.
• Expected behaviour: Each jurisdiction receives the notification intended for its regulatory authority, with jurisdiction-appropriate content and within jurisdiction-specific deadlines.
• Pass criteria: Each jurisdiction's regulatory authority is correctly identified. No cross-jurisdictional routing error occurs (e.g., UK notification routed to EU authority or vice versa). Content templates are jurisdiction-specific where required.
• Fail criteria: Any notification is routed to the wrong jurisdiction's regulatory authority, or content intended for one jurisdiction is sent to another, or jurisdiction-specific deadline differences are not reflected in the routing.

Test 8.7: Notification Log Tamper Evidence

• Stimulus: Retrieve notification dispatch logs for a recent incident. Verify that: (1) each notification has a timestamped log entry, (2) the log entries include all required fields (incident ID, recipient, channel, content summary, dispatch timestamp, delivery confirmation), (3) the log is tamper-evident (integrity-protected through hashing, append-only storage, or equivalent mechanism), and (4) an attempt to modify a historical log entry is detected or prevented.
• Expected behaviour: Log entries are complete, timestamped, and tamper-evident. Modification of historical entries is prevented or detected.
• Pass criteria: All log entries contain all required fields. Tamper-evidence mechanism is operational — historical entries cannot be modified without detection. An attempted modification is either blocked or flagged.
• Fail criteria: Any log entry is missing required fields, or historical log entries can be modified without detection, or the tamper-evidence mechanism is not operational.

Conformance Scoring

• Score 0: No notification routing matrix exists — notification routing is determined ad hoc during each incident based on individual knowledge and memory, with no structured artefact, no version control, and no systematic tracking of notification status.
• Score 1: A notification routing matrix exists in document form, mapping major incident types to key notification recipients. The matrix is not version-controlled, not validated against current regulations, and dispatch is manual without systematic tracking. Internal leadership routes may be absent.
• Score 2: The notification routing matrix is a structured, version-controlled artefact validated against current regulatory requirements at least semi-annually. Automated or semi-automated dispatch generates notification task lists upon incident classification. Internal leadership routes are included at appropriate tiers. Notification dispatch is logged with timestamps. Delivery failures trigger fallback channels. Cross-border routing rules are pre-validated.
• Score 3: Verified by independent audit confirming matrix completeness against all applicable regulatory obligations. Notification rehearsals are conducted at least quarterly. Pre-approved templates exist for all routes. Automated deadline tracking provides proactive alerts. Notification timing metrics are tracked with performance targets. Full automation for Tier 0/1 notifications. Independent validation confirms cross-jurisdictional routing accuracy.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 73 (Reporting of Serious Incidents)	Direct requirement
EU AI Act	Article 72 (Post-Market Monitoring)	Supports compliance
SOX	Section 302, Section 409 (Real-Time Disclosures)	Supports compliance
FCA SYSC	Principle 11 (Relations with Regulators)	Direct requirement
NIST AI RMF	GOVERN 1.5, MANAGE 4.2	Supports compliance
ISO 42001	Clause 9.1 (Monitoring, Measurement, Analysis)	Supports compliance
DORA	Article 19 (Reporting of Major ICT-related Incidents)	Direct requirement

EU AI Act — Article 73 (Reporting of Serious Incidents)

Article 73 requires providers and deployers of high-risk AI systems to report serious incidents to the relevant market surveillance authority. The reporting must occur within defined timeframes and must include specific content elements including the nature of the incident, the measures taken, and the impact on affected parties. AG-424 directly supports compliance by pre-mapping the notification routes for AI Act serious incident reports, including the correct market surveillance authority for each jurisdiction, the required content elements, and the reporting timeframe. Without a governed routing matrix, organisations risk missing the reporting deadline or notifying the wrong authority — both of which constitute independent compliance failures under the Act.

FCA SYSC — Principle 11 (Relations with Regulators)

FCA Principle 11 requires firms to deal with the FCA in an open and cooperative way and to disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice. This is a broad, principles-based requirement that does not specify exact deadlines but expects prompt disclosure. The FCA has demonstrated through enforcement actions that it treats delayed notification as evidence of inadequate governance. AG-424's routing matrix ensures that FCA notification is a pre-defined route triggered by incident classification, not a discretionary decision made during a crisis. The tiered timing structure ensures that FCA notification occurs at Tier 2 or earlier, well within the FCA's expectation of promptness.

DORA — Article 19 (Reporting of Major ICT-related Incidents)

DORA Article 19 requires financial entities to report major ICT-related incidents to the relevant competent authority. The reporting framework includes initial notification, intermediate report, and final report, with specified timeframes for each. AG-424 supports compliance by embedding the DORA reporting sequence into the routing matrix — the initial notification route triggers at incident classification, and follow-up notification routes are scheduled according to the DORA reporting timeline. The routing matrix must reflect the DORA-specific content requirements for each stage of reporting (initial notification content differs from final report content). Financial entities operating across multiple EU member states must include routes to each relevant competent authority.

SOX — Section 302, Section 409 (Real-Time Disclosures)

SOX Section 302 requires CEO and CFO certification that disclosure controls are effective. Section 409 requires real-time disclosure of material events. AI agent incidents that affect financial reporting, internal controls, or material operations may trigger disclosure obligations. AG-424 ensures that internal notification routes alert the CFO, general counsel, and disclosure committee promptly, enabling timely assessment of whether a public disclosure obligation exists. The routing matrix bridges the gap between operational incident detection and corporate disclosure decision-making.

NIST AI RMF — GOVERN 1.5, MANAGE 4.2

GOVERN 1.5 addresses organisational mechanisms for ongoing monitoring and review. MANAGE 4.2 addresses processes for managing AI risks including incident response. AG-424 provides the notification infrastructure that ensures AI risk events are communicated to all relevant stakeholders — internal and external — within defined timeframes, supporting both ongoing monitoring and effective incident management.

ISO 42001 — Clause 9.1 (Monitoring, Measurement, Analysis)

ISO 42001 Clause 9.1 requires organisations to determine what needs to be monitored, when monitoring results shall be analysed, and who shall be informed. AG-424 operationalises the "who shall be informed" element by providing a governed, validated notification routing mechanism that ensures the right parties receive the right information at the right time when monitoring reveals an incident.

10. Failure Severity

Field	Value
Severity Rating	Critical
Blast Radius	Organisation-wide and external — affects regulatory relationships, customer trust, partner relationships, and public perception simultaneously

Consequence chain: Notification routing fails, causing one or more notifications to be late, misdirected, or omitted entirely. The immediate operational consequence is that stakeholders who need to know about the incident are uninformed — regulators cannot begin their supervisory response, customers cannot take protective measures, partners cannot activate their own incident response, and internal leadership cannot manage the crisis. The regulatory consequence is independent enforcement action for the notification failure itself, separate from any enforcement related to the underlying incident. Regulators consistently treat notification failure as an aggravating factor: the FCA's penalty framework explicitly increases fines when firms fail to be open and cooperative (Principle 11); GDPR Article 83 includes failure to notify as a separately fineable offence; DORA imposes administrative penalties for failure to report major ICT incidents. The reputational consequence is compounded when the notification failure becomes public — the narrative shifts from "organisation experienced an incident and managed it responsibly" to "organisation experienced an incident and failed to tell anyone." The financial consequence includes: regulatory fines for the notification failure (separate from any incident-related fine), contractual penalties from partners with notification obligations, customer remediation costs that increase with notification delay (customers who are not notified cannot take protective action, increasing their harm), and crisis communications costs that escalate when internal leadership is caught uninformed. In aggregate, notification routing failure can double or triple the total cost of an incident by converting a well-managed operational event into a governance and communications crisis.

Cross-references: AG-419 (Adverse Event Severity Matrix Governance) provides the severity classification that drives routing matrix lookups. AG-409 (Critical Event Taxonomy Governance) provides the incident type classification that drives routing matrix lookups. AG-422 (Recovery Time Objective Governance) defines recovery timelines that constrain the window for notification activities. AG-423 (Incident Learning Closure Governance) ensures that notification routing failures are captured as findings and remediated. AG-425 (Emergency Change Freeze Governance) may restrict system changes during the notification window. AG-428 (Crisis Communication Approval Governance) governs the approval process for external communications that follow notification. AG-019 (Human Escalation & Override Triggers) defines escalation thresholds that may trigger notification routes. AG-048 (Cross-Border Data Sovereignty Governance) informs jurisdictional determination for cross-border notification routing.