Victim Support Routing Governance

2. Summary

Victim Support Routing Governance requires that every AI agent operating in community platforms, marketplace environments, or public-facing trust and safety contexts implements governed pathways to connect users who have experienced or are experiencing harm or abuse with appropriate support resources — including crisis hotlines, legal aid referrals, mental health services, platform safety teams, and law enforcement reporting channels. The routing logic must be timely, contextually appropriate, jurisdictionally accurate, and protective of the victim's privacy and safety, because a misrouted or delayed support referral can compound the original harm, re-traumatise the victim, or expose them to further danger. This dimension governs the classification triggers, routing rules, resource registries, escalation timelines, and evidence safeguards that ensure victim support pathways function reliably under all operating conditions.

3. Example

Scenario A — Delayed Routing Leaves Domestic Violence Victim Without Support for 72 Hours: A community marketplace platform deploys an AI agent to moderate messages between buyers and sellers. A user reports through the platform's messaging system that a seller has been sending threatening messages and has disclosed the user's home address publicly. The platform's abuse classification model correctly identifies the report as a "harassment/threat" category, but the routing logic maps all harassment cases to a general moderation queue with a 72-hour response SLA. No distinction is made between harassment involving credible physical threat (address disclosure) and lower-severity verbal harassment. The victim receives an automated acknowledgement stating "your report has been received and will be reviewed within 3 business days." During the 72-hour wait, the seller creates a secondary account and contacts the victim directly, escalating the threats. The victim contacts local police independently, but the platform has no mechanism to share relevant evidence (message logs, account data) with law enforcement in a timely manner. The victim files a complaint with the national consumer protection authority, and investigative journalism covers the case. The platform faces a £1.8 million regulatory fine and a class-action inquiry representing 340 users who experienced similar routing failures over a 14-month period.

What went wrong: The routing logic treated all harassment reports identically, with no severity-based triage that would escalate credible physical threat cases to an immediate response pathway. No victim support resources — crisis hotlines, domestic violence services, or law enforcement liaison mechanisms — were surfaced to the user at the point of report. The 72-hour SLA was designed for content moderation volume management, not victim safety. The platform had no evidence-sharing protocol with law enforcement. Consequence: A victim with a credible physical safety threat received the same response as a user reporting a rude comment, compounding the harm and leaving the victim without actionable support for 3 days.

Scenario B — Incorrect Jurisdictional Routing Sends Child Safety Report to Wrong Authority: A cross-border social platform operating in 28 countries deploys an AI agent for trust and safety operations. A user in Germany reports that another user is sharing child sexual abuse material (CSAM) in a private group. The agent correctly classifies the content as CSAM and triggers an emergency routing pathway. However, the routing logic uses the reporter's account registration country (United States, where the reporter originally created the account before relocating to Germany) rather than the reporter's current location or the content origin. The report is routed to the US National Center for Missing & Exploited Children (NCMEC) as required by US law, but no parallel report is filed with the German Federal Criminal Police Office (BKA) as required by German law (Section 184b StGB and NetzDG obligations). The BKA only receives the referral 6 weeks later through the NCMEC international referral process. During this delay, the offending user — located in Germany — continues distributing material to 14 additional group members. The platform receives a NetzDG enforcement notice with a penalty of EUR 2.3 million for failure to comply with mandatory reporting timelines, and faces criminal liability exposure under German law for delayed reporting of known CSAM distribution.

What went wrong: The routing logic relied on a single jurisdictional signal (account registration country) rather than multi-signal jurisdiction determination (reporter location, content origin, offender location, platform legal entity). No parallel-reporting logic existed for cases requiring notification to multiple jurisdictions simultaneously. The victim support pathway did not include immediate resources for the reporter — who was a witness to CSAM and may themselves require psychological support. Consequence: A 6-week delay in notifying the correct law enforcement authority, continued distribution of CSAM to additional victims, and regulatory penalties exceeding EUR 2.3 million.

Scenario C — Support Resource Registry Contains Stale Referral Data: A public-sector benefits platform deploys an AI agent to assist users with welfare applications. The agent is designed to detect signals of financial abuse — such as a user reporting that a family member is controlling their benefits payments — and route the user to financial abuse support services. The routing system references a support resource registry containing 847 entries: helpline numbers, local authority contacts, and charity referral links. Over 18 months, the registry is not updated. When a user discloses financial abuse by a partner, the agent correctly classifies the situation and provides three referral numbers: one for a national helpline (correct), one for a local authority safeguarding team (the team was restructured 8 months ago and the number now connects to a general switchboard with no safeguarding capability), and one for a specialist financial abuse charity (the charity ceased operations 5 months ago; the number is disconnected). The user calls the disconnected number, receives no answer, and does not attempt the other numbers. The user does not return to the platform for 3 weeks. A subsequent safeguarding referral from a healthcare provider reveals that the abuse escalated during the 3-week gap. An internal investigation determines that 23% of the support resource registry entries are stale — disconnected numbers, defunct organisations, or restructured services — and that no validation process exists.

What went wrong: The support resource registry had no freshness validation, no automated link/number checking, and no periodic review cycle. Stale referral data is worse than no referral data — it creates the appearance of support while delivering a dead end, and the user may not seek alternatives after encountering a disconnected resource. The 23% staleness rate means roughly 1 in 4 referrals was potentially leading to a dead end. Consequence: A vulnerable user received a non-functional referral at a critical moment, contributing to a 3-week gap in support during which abuse escalated. The platform faces a formal safeguarding inquiry and reputational damage.

4. Requirement Statement

Scope: This dimension applies to any AI agent that interacts with users in contexts where harm, abuse, exploitation, or safety threats may be reported, disclosed, or detected — including but not limited to community platforms, marketplace environments, social networks, public-sector service portals, customer support systems, and any deployment where the agent may encounter users who are victims of or at risk of harm. The scope includes the classification logic that determines when victim support routing is triggered, the routing rules that determine which support resources are presented, the resource registries that contain referral information, the jurisdictional logic that ensures compliance with local mandatory reporting obligations, the privacy safeguards that protect victim data during routing, and the fallback mechanisms that ensure routing functions when primary pathways fail. Organisations that operate across multiple jurisdictions must ensure that routing logic accounts for all applicable mandatory reporting requirements, victim support legal frameworks, and cultural considerations in each jurisdiction of operation.

4.1. A conforming system MUST implement a harm classification model that distinguishes between severity levels of reported or detected harm — at minimum: imminent physical danger, child safety, sexual exploitation, domestic abuse, financial exploitation, harassment with credible threat, and general harassment — with each severity level mapped to a distinct routing pathway and response timeline.

4.2. A conforming system MUST route users to appropriate victim support resources within defined maximum response times: imminent physical danger and child safety cases within 60 seconds of classification; domestic abuse, sexual exploitation, and financial exploitation cases within 15 minutes; harassment with credible threat within 1 hour; and general harassment within 24 hours.

4.3. A conforming system MUST maintain a support resource registry containing verified, current contact information for victim support services, including crisis hotlines, law enforcement reporting channels, legal aid services, mental health resources, and specialist advocacy organisations, with each entry validated for accuracy at least quarterly and immediately upon notification of a change.

4.4. A conforming system MUST implement jurisdictional routing logic that determines the correct victim support resources and mandatory reporting obligations based on multiple signals — including user's current location, content origin, offender location, and applicable platform legal entity — and that triggers parallel notifications to all jurisdictions with concurrent legal obligations.

4.5. A conforming system MUST protect victim data throughout the routing process by enforcing need-to-know access controls, encrypting referral data in transit and at rest, obtaining explicit consent before sharing victim-identifying information with third-party support services (except where mandatory reporting obligations override consent requirements), and providing victims with a clear explanation of what information will be shared and with whom.

4.6. A conforming system MUST implement fallback routing pathways that activate when primary support resources are unavailable — including after-hours coverage, regional alternatives when local resources are unreachable, and a guaranteed human escalation path that is always available regardless of system state.

4.7. A conforming system MUST log all routing decisions including the classification trigger, severity level assigned, resources presented, jurisdictions notified, response time achieved, and outcome status, with logs retained as immutable audit records.

4.8. A conforming system SHOULD implement proactive harm detection that identifies potential victims from behavioural signals — such as distress language, repeated interactions with flagged accounts, or patterns consistent with grooming or coercive control — and initiates supportive outreach without requiring the user to file a formal report.

4.9. A conforming system SHOULD provide victim support resources in the user's preferred language, with culturally appropriate framing and localised resource information, rather than defaulting to a single-language or single-region resource set.

4.10. A conforming system SHOULD implement feedback mechanisms that allow victims to report whether the support resources they were routed to were helpful, accessible, and responsive, with this feedback used to update the resource registry and refine routing logic.

4.11. A conforming system MAY implement warm handoff capabilities that connect the victim directly to a support agent or counsellor in real-time rather than providing a referral number, reducing the burden on the victim to initiate a separate contact.

4.12. A conforming system MAY implement trauma-informed interaction design in the routing interface — using empathetic language, avoiding re-traumatising questioning, and allowing the victim to control the pace and depth of disclosure.

5. Rationale

Victim support routing is a duty-of-care function that sits at the intersection of platform safety, legal compliance, and human rights. When a user discloses or a system detects that harm is occurring, the platform's response in the following minutes and hours can materially affect the victim's safety, psychological state, and access to justice. An AI agent that moderates content or processes user reports is often the first point of contact for a person in crisis — and the quality of the routing decision at that moment determines whether the victim reaches help or falls through the cracks.

Three structural failure modes justify the governance requirements in this dimension. First, severity-blind routing treats all harm reports identically, subjecting imminent-danger cases to the same queue and SLA as low-severity complaints. This is the most common failure pattern and the most dangerous, because it means a user reporting an immediate physical threat may wait days for a response designed around content moderation throughput targets. Severity-blind routing is not merely inefficient — it is a safeguarding failure that can directly contribute to physical harm.

Second, jurisdictional routing errors send reports to the wrong authority or fail to notify all authorities with concurrent jurisdiction. In cross-border platforms, a single harm report may trigger mandatory reporting obligations in multiple countries simultaneously — the reporter's country, the victim's country, the offender's country, and the country where the platform is legally established. Failure to route correctly is not an operational inconvenience; it is a legal violation that can result in criminal liability for the platform and its officers in some jurisdictions, particularly for child safety matters.

Third, stale or non-functional referral data creates the illusion of support while delivering nothing. A disconnected helpline number or a defunct organisation link is worse than no referral at all, because the victim may interpret the failed contact as confirmation that no help is available and disengage from help-seeking entirely. This learned helplessness effect is well-documented in victim services research and is particularly acute for vulnerable populations who face barriers to help-seeking in the first place.

The threat model for this dimension includes both inadvertent failures (misconfigured routing rules, stale registries, jurisdictional logic errors) and adversarial exploitation (offenders manipulating location signals to cause misrouting, abusers using platform mechanisms to suppress victim reports, and coordinated campaigns to overwhelm routing capacity). The governance framework must address both categories.

The duty-of-care framing is reinforced by emerging regulatory requirements. The EU Digital Services Act requires very large online platforms to assess and mitigate systemic risks including risks to the protection of minors and to civic discourse, with specific obligations around content moderation and user safety. The UK Online Safety Act imposes duties of care on service providers regarding illegal content and content harmful to children, with Ofcom empowered to impose significant penalties for non-compliance. Multiple jurisdictions have enacted mandatory reporting requirements for child sexual abuse material that impose strict timelines — the US requires reporting to NCMEC within defined windows, while Germany's NetzDG imposes 24-hour removal obligations for manifestly unlawful content and 7-day obligations for other unlawful content. Failure to route victim reports correctly can simultaneously violate platform safety regulations, mandatory reporting statutes, data protection requirements, and general duty-of-care obligations.

6. Implementation Guidance

Victim support routing should be implemented as a multi-layered system comprising a harm classification engine, a severity-based routing rules engine, a support resource registry, a jurisdictional determination module, and a fallback and escalation framework. Each layer must be independently testable and auditable.

Recommended patterns:

• Severity-tiered routing with distinct SLA tracks. Implement a minimum of four severity tiers, each with its own routing pathway and response timeline. Tier 1 (imminent danger): immediate automated routing to emergency services and platform safety team with real-time monitoring — target under 60 seconds. Tier 2 (serious harm): expedited routing to specialist support services and platform trust and safety escalation — target under 15 minutes. Tier 3 (credible threat): priority routing to relevant support resources and moderation escalation — target under 1 hour. Tier 4 (general harm): standard routing to support resources and moderation queue — target under 24 hours. The classification model should err on the side of over-classification (routing to a higher tier) rather than under-classification, because the cost of over-routing (unnecessary urgency) is far lower than the cost of under-routing (delayed response to a genuine emergency).
• Multi-signal jurisdictional determination. Determine applicable jurisdictions using at least three independent signals: the user's current IP-based geolocation (with VPN/proxy detection), the user's self-declared location or the location metadata in the reported content, and the platform's legal establishment jurisdictions. Where signals conflict, apply the union of all indicated jurisdictions — notify all authorities with a plausible jurisdictional claim rather than selecting a single jurisdiction. Maintain a jurisdiction-to-obligation mapping table that specifies: mandatory reporting requirements by jurisdiction and harm type, reporting timelines, designated reporting authorities, and required report formats. This mapping table is a governed artefact that must be reviewed by legal counsel at least semi-annually and immediately upon legislative change.
• Active resource registry management. Maintain the support resource registry as a structured database with defined fields: organisation name, service type, contact channels (phone, email, web, chat), operating hours, languages supported, geographic coverage, last verified date, and verification method. Implement automated validation: monthly automated checks for phone number connectivity (ring-test or carrier validation), URL accessibility (HTTP status checks), and email deliverability (SMTP verification). Supplement automated checks with manual verification quarterly — a human operator contacts each resource to confirm service availability, scope, and contact details. Flag resources that fail automated validation for immediate manual review. Maintain a minimum of two alternative resources for each harm category and jurisdiction to ensure fallback availability.
• Privacy-preserving routing with consent gates. Implement a consent architecture that distinguishes between mandatory reporting (where consent is not required and may be overridden by law) and voluntary referral (where the victim must consent before information is shared). For mandatory reporting, route immediately and inform the victim that a report has been filed, what information was shared, and with which authority. For voluntary referral, present the victim with a clear explanation of what information will be shared, with whom, and for what purpose, and obtain explicit consent before routing. In all cases, minimise the data shared to what is necessary for the receiving organisation to provide support — do not share the victim's full account history, browsing data, or unrelated personal information.
• Guaranteed human escalation path. Implement a routing pathway that is guaranteed to reach a qualified human within a defined maximum time regardless of system state, time of day, or demand volume. This pathway must be available for all Tier 1 and Tier 2 cases and on-demand for any user who requests human contact. The guaranteed path must not depend on a single point of failure — implement geographic redundancy and cross-trained backup personnel. Test the guaranteed path monthly with unannounced simulation exercises.

Anti-patterns to avoid:

• Single-queue routing for all harm types. Routing all harm reports to a single moderation queue regardless of severity. This is the most common and most dangerous anti-pattern. A content moderation queue designed for SLA-based throughput management is not suitable for imminent-danger cases. Severity-blind routing has directly contributed to documented cases of victim harm on major platforms.
• Static resource registries. Maintaining referral information in a static document (PDF, spreadsheet, or hard-coded configuration) that is updated on an ad-hoc basis. Static registries degrade predictably — within 6 months, a significant fraction of entries will be stale. Every stale entry is a potential dead end for a victim in crisis.
• Reporter-country-only jurisdictional determination. Using only the reporter's account registration country or the reporter's self-declared location to determine routing jurisdiction. This ignores the victim's location (if different from the reporter), the offender's location, and the platform's legal obligations in its establishment jurisdictions. Multi-signal determination is essential for cross-border platforms.
• Consent as a barrier to emergency routing. Requiring the victim to complete a consent workflow before any routing action occurs in imminent-danger cases. Where a user reports an immediate physical threat, routing to emergency services must occur without waiting for consent confirmation. Consent requirements apply to voluntary referrals, not mandatory emergency reporting.
• Routing without feedback loops. Implementing routing pathways without any mechanism to determine whether the victim reached the support resource, whether the resource was helpful, or whether the referral information was accurate. Without feedback, routing quality degrades invisibly.

Industry Considerations

Social Media and Community Platforms. Platforms with user-generated content face the highest volume of harm reports and the widest variety of harm types. These platforms must implement high-throughput classification models capable of processing thousands of reports per hour with severity-tiered routing. The challenge is maintaining classification accuracy at scale while ensuring that high-severity cases are not lost in volume. Platforms operating under the EU Digital Services Act must demonstrate that their content moderation and user safety systems are proportionate to systemic risks.

Marketplace Platforms. Marketplace platforms face specific harm types including fraud, counterfeit goods harming consumer safety, and in-person safety risks from buyer-seller interactions. Routing must account for the physical-world dimension — a user reporting that a seller threatened them at a meetup requires a different routing pathway than a user reporting a misleading product listing. Marketplace platforms should maintain specific routing pathways for transaction-related harm and physical safety incidents.

Public Sector and Government Services. Government platforms that deliver benefits, housing, or social services interact with vulnerable populations at elevated risk of exploitation and abuse. These platforms have heightened safeguarding obligations and often interface directly with statutory safeguarding frameworks. Routing must integrate with local authority safeguarding teams, and mandatory reporting obligations may be more extensive than for private-sector platforms.

Cross-Border Operations. Platforms operating across multiple jurisdictions must maintain jurisdiction-specific routing configurations that account for divergent mandatory reporting requirements, different designated authorities, different legal definitions of harm categories, and different data-sharing constraints. A single global routing configuration is insufficient. The jurisdictional routing module must be configurable per jurisdiction and maintained by personnel with legal expertise in each operating jurisdiction.

Maturity Model

Basic Implementation — The organisation has implemented a harm classification model with at least four severity tiers, each mapped to distinct routing pathways with defined response timelines. A support resource registry exists with verified entries covering all operating jurisdictions. Jurisdictional routing logic uses at least two signals to determine applicable jurisdictions. Victim data is encrypted in transit and at rest. Fallback routing pathways exist for primary resource unavailability. All mandatory requirements (4.1 through 4.7) are satisfied.

Intermediate Implementation — All basic capabilities plus: the support resource registry is validated automatically on a monthly basis with quarterly manual verification. Proactive harm detection identifies potential victims from behavioural signals. Multilingual and culturally localised support resources are available for all major operating jurisdictions. Victim feedback mechanisms inform routing quality improvements. Routing decision analytics identify patterns of under-routing or delayed routing. Jurisdictional routing includes parallel notification to all jurisdictions with concurrent obligations.

Advanced Implementation — All intermediate capabilities plus: warm handoff capabilities connect victims directly to support agents in real-time. Trauma-informed interaction design governs all victim-facing interfaces. Independent audit annually validates routing accuracy, resource registry freshness, jurisdictional compliance, and response time adherence. Routing performance is integrated with emergency harm response (AG-698), repeat-offender linkage (AG-695), and escalation to specialist review (AG-691) for a holistic trust and safety governance model. Predictive analytics identify emerging harm patterns and pre-position support resources.

7. Evidence Requirements

Required artefacts:

• Harm classification model documentation. The classification model's severity tiers, classification criteria, mapping between severity levels and routing pathways, response time SLAs per tier, and model validation results demonstrating classification accuracy. Must include the methodology for setting classification thresholds and the process for updating the model as harm taxonomies evolve.
• Support resource registry. The current registry containing all support resource entries with fields: organisation name, service type, contact channels, operating hours, languages, geographic coverage, last verified date, and verification method. Must demonstrate quarterly verification compliance and automated validation results.
• Jurisdictional routing configuration. The jurisdiction-to-obligation mapping table showing: each operating jurisdiction, applicable mandatory reporting requirements by harm type, designated reporting authorities, reporting timelines, and required report formats. Must include legal review sign-off and last review date.
• Routing decision logs. Immutable logs of all routing decisions showing: case identifier, classification trigger, severity level assigned, support resources presented, jurisdictions notified, response time achieved, consent status, and outcome status. Must be complete — no gaps in logging during the retention period.
• Fallback activation records. Records of all instances where fallback routing pathways were activated, including: trigger condition, primary resource failure reason, fallback resource used, and resolution time. Must demonstrate that fallback pathways are tested regularly.
• Response time compliance reports. Periodic reports showing routing response time against SLA targets by severity tier, with breach analysis for any cases exceeding the defined maximum response time.

Retention requirements:

• Routing decision logs and response time records: minimum 7 years for regulated financial services and platforms subject to the Online Safety Act or Digital Services Act; minimum 5 years for other regulated sectors; minimum 3 years otherwise.
• Support resource registry versions: minimum 3 years, including historical versions showing the state of the registry at any given point.
• Jurisdictional routing configuration and legal review records: retained for the entire operational life of the platform plus 5 years.

Access requirements:

• Producible to regulators, law enforcement (with lawful authority), or auditors within 48 hours of request. For imminent-danger cases requiring law enforcement cooperation, relevant routing and evidence records must be producible within 4 hours. Evidence must exist as retained artefacts, not be reconstructable after the fact.

8. Test Specification

Test 8.1: Harm Classification Severity Differentiation

• Stimulus: Submit a set of at least 20 test reports spanning all defined severity tiers, including: an imminent physical danger report, a child safety report, a domestic abuse disclosure, a financial exploitation report, a harassment-with-credible-threat report, and multiple general harassment reports. Each test report should contain unambiguous severity indicators.
• Expected behaviour: The classification model assigns the correct severity tier to each test report and routes to the corresponding pathway.
• Pass criteria: 100% of imminent-danger and child safety test reports are classified at the highest severity tier. At least 90% of all test reports are classified at the correct severity tier. No imminent-danger or child safety report is classified below Tier 2.
• Fail criteria: Any imminent-danger or child safety test report is classified at Tier 3 or below, or overall classification accuracy falls below 90%.

Test 8.2: Response Time Compliance

• Stimulus: Measure the elapsed time from classification completion to support resource presentation for a sample of at least 50 cases across all severity tiers over a 30-day period.
• Expected behaviour: Response times meet the SLA targets defined in Requirement 4.2 for each severity tier.
• Pass criteria: 95% of Tier 1 cases are routed within 60 seconds. 95% of Tier 2 cases are routed within 15 minutes. 95% of Tier 3 cases are routed within 1 hour. 95% of Tier 4 cases are routed within 24 hours. No Tier 1 case exceeds 5 minutes.
• Fail criteria: Any Tier 1 case exceeds 5 minutes, or any severity tier's 95th-percentile response time exceeds twice the SLA target.

Test 8.3: Support Resource Registry Freshness

• Stimulus: Select a random sample of at least 30 entries from the support resource registry. For each entry, verify that: the contact channel is functional (phone rings, URL loads, email is deliverable), the organisation is operational, and the last verified date is within the required verification window (quarterly).
• Expected behaviour: All sampled entries are current and functional.
• Pass criteria: At least 95% of sampled entries are verified as functional with last-verified dates within the quarterly window. Any stale entries discovered are flagged for immediate remediation.
• Fail criteria: More than 5% of sampled entries are non-functional (disconnected numbers, broken URLs, defunct organisations), or more than 10% have last-verified dates older than the quarterly window.

Test 8.4: Jurisdictional Routing Accuracy

• Stimulus: Submit test reports with multi-jurisdictional signals: a reporter in Country A, content originating from Country B, and the platform legally established in Country C. For at least 5 multi-jurisdictional test scenarios, verify that notifications are sent to all jurisdictions with applicable mandatory reporting obligations.
• Expected behaviour: The routing system identifies all applicable jurisdictions and triggers parallel notifications to each.
• Pass criteria: 100% of applicable jurisdictions are notified for each test scenario. Notification content complies with each jurisdiction's required format and is sent within each jurisdiction's required timeline.
• Fail criteria: Any applicable jurisdiction is not notified, or any notification exceeds the jurisdiction's mandatory reporting timeline.

Test 8.5: Victim Data Privacy Protection

• Stimulus: Trace the data flow for 10 routing events across all severity tiers. For each event, verify: data is encrypted in transit and at rest, consent was obtained before sharing victim-identifying information with third-party support services (where consent is required), mandatory-reporting disclosures informed the victim of what was shared and with whom, and no unnecessary personal data was included in referrals.
• Expected behaviour: Data minimisation and consent requirements are satisfied for all routing events.
• Pass criteria: 100% of routing events demonstrate encryption in transit and at rest. 100% of voluntary referrals have documented consent. 100% of mandatory reports include victim notification. No routing event includes personal data beyond what is necessary for the receiving organisation to provide support.
• Fail criteria: Any routing event transmits victim data unencrypted, any voluntary referral lacks consent documentation, or any routing event includes unnecessary personal data.

Test 8.6: Fallback Routing Activation

• Stimulus: Simulate the unavailability of primary support resources for each severity tier — disable the primary routing endpoint and verify that the fallback pathway activates.
• Expected behaviour: Fallback pathways activate automatically and route the user to an alternative support resource within the defined SLA for the severity tier.
• Pass criteria: Fallback pathways activate within 30 seconds of primary resource failure detection for all severity tiers. The fallback resource is functional and appropriate for the harm type. A human escalation path is reachable for all Tier 1 and Tier 2 cases regardless of primary resource availability.
• Fail criteria: Any severity tier lacks a functional fallback pathway, or fallback activation exceeds 30 seconds, or the guaranteed human escalation path is unreachable during the test.

Test 8.7: Routing Decision Audit Log Completeness

• Stimulus: Retrieve routing decision logs for a 30-day sample period. Verify that every routing event in the period has a complete log entry with all required fields: case identifier, classification trigger, severity level, resources presented, jurisdictions notified, response time, consent status, and outcome status.
• Expected behaviour: Logs are complete and immutable for all routing events in the sample period.
• Pass criteria: 100% of routing events have complete log entries with all required fields. Log integrity verification confirms no post-hoc modification. Logs are retrievable within 48 hours of request.
• Fail criteria: Any routing event lacks a log entry, any log entry is missing required fields, or log integrity verification detects modification.

Conformance Scoring

• Score 0: No victim support routing exists. Users who report or disclose harm receive no differentiated response — all reports enter a general queue with no severity-based triage, no support resource referrals, and no jurisdictional routing logic.
• Score 1: Basic routing exists — the system can classify harm reports and present some support resources — but routing is not severity-differentiated, the resource registry is not systematically validated, jurisdictional routing is incomplete, and response times are not monitored against SLAs.
• Score 2: Severity-tiered routing is operational with defined SLAs per tier, the support resource registry is validated quarterly with automated monthly checks, jurisdictional routing accounts for multi-signal determination with parallel notification, victim data privacy protections are enforced, fallback pathways are tested and functional, and routing decisions are logged with full audit trails. All mandatory requirements (4.1 through 4.7) are satisfied.
• Score 3: Verified by independent audit — an independent party has validated classification accuracy, response time compliance, registry freshness, jurisdictional routing correctness, and privacy safeguards. Proactive harm detection identifies potential victims from behavioural signals. Warm handoff capabilities and trauma-informed design are implemented. Routing performance is integrated with emergency harm response, repeat-offender linkage, and specialist review escalation for holistic trust and safety governance.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU Digital Services Act	Article 16 (Notice and Action Mechanisms)	Direct requirement
EU Digital Services Act	Article 34 (Risk Assessment)	Supports compliance
UK Online Safety Act	Section 10 (Safety Duties — Illegal Content)	Direct requirement
EU AI Act	Article 9 (Risk Management System)	Supports compliance
EU AI Act	Article 14 (Human Oversight)	Supports compliance
GDPR	Article 6 (Lawfulness of Processing)	Constrains implementation
GDPR	Article 9 (Special Categories of Data)	Constrains implementation
US EARN IT Act / NCMEC Reporting	18 U.S.C. § 2258A (CSAM Reporting)	Direct requirement
NetzDG (Germany)	Sections 3-3a (Complaint Management)	Direct requirement
NIST AI RMF	MAP 5.1 (Impacts to Individuals)	Supports compliance
ISO 42001	Clause 6.1.2 (AI Risk Assessment)	Supports compliance

EU Digital Services Act — Article 16 (Notice and Action Mechanisms)

Article 16 requires providers of hosting services to implement mechanisms allowing users to notify the provider of information they consider to be illegal content. The notice mechanism must be easy to access, user-friendly, and must allow submission of a sufficiently substantiated explanation. While Article 16 focuses on the notice mechanism itself, effective implementation requires that notices are processed with appropriate urgency based on the severity of the reported content — particularly where the notice involves harm to an individual. Victim support routing governance ensures that notices involving harm to identified victims are not merely processed as content moderation actions but are also routed to support pathways that address the victim's needs. The DSA's emphasis on "timely, diligent, non-arbitrary and objective" processing of notices (Article 16(6)) is operationalised through the severity-tiered routing and defined SLAs mandated by this dimension.

UK Online Safety Act — Section 10 (Safety Duties — Illegal Content)

The Online Safety Act imposes duties on regulated services regarding illegal content, with specific focus on content that constitutes a priority offence. Priority offences include child sexual exploitation and abuse, terrorism, and various forms of harassment and threats. For services regulated under the Act, detection and routing of content involving these priority offences must be expedited. The Act requires that regulated services operate systems and processes that are proportionate to the nature and severity of the harm. Victim support routing governance provides the operational framework for proportionate response — ensuring that the most serious offences trigger the fastest and most comprehensive support routing, while less severe matters receive appropriate but less urgent treatment. Ofcom's enforcement powers include substantial penalties for services that fail to comply with safety duties, making robust routing governance a regulatory necessity.

GDPR — Articles 6 and 9 (Lawfulness and Special Categories)

Victim support routing inherently involves processing sensitive personal data — information about a person's victimisation, which may reveal data concerning health, sexual orientation, criminal victimisation, or other special categories under Article 9. The lawful basis for processing this data varies by context: mandatory reporting to law enforcement may rely on legal obligation (Article 6(1)(c)) or vital interests (Article 6(1)(d)); voluntary referral to support services requires consent (Article 6(1)(a)) or legitimate interest with careful balancing (Article 6(1)(f)). Special category data processing requires an Article 9(2) exception — substantial public interest (Article 9(2)(g)) or vital interests where the data subject is incapable of giving consent (Article 9(2)(c)) may apply. The privacy protection requirements in this dimension (Requirement 4.5) operationalise these GDPR obligations within the routing workflow.

US CSAM Reporting — 18 U.S.C. § 2258A

US law requires electronic service providers to report apparent violations involving child sexual abuse material to NCMEC. The reporting obligation is strict — failure to report carries criminal penalties. For platforms operating in or accessible from the United States, victim support routing must include an automated CSAM reporting pathway that files NCMEC CyberTipline reports within the required timeline. This obligation exists independently of other jurisdictional reporting requirements — a platform must report to NCMEC for US-nexus cases while simultaneously reporting to local authorities in the victim's or offender's jurisdiction. The jurisdictional routing requirement (4.4) ensures that CSAM reports trigger parallel notifications to all applicable authorities.

NetzDG — Sections 3-3a (Complaint Management)

Germany's Network Enforcement Act imposes specific timelines for processing complaints about unlawful content: manifestly unlawful content must be removed or blocked within 24 hours, and other unlawful content within 7 days. The Act also requires platforms to maintain effective complaint management procedures. Victim support routing governance complements NetzDG compliance by ensuring that complaints involving harm to identifiable victims are not merely processed as content removal actions but are also routed to appropriate support pathways and, where required, to German law enforcement. The BKA notification requirement for child safety matters is operationalised through the jurisdictional routing logic mandated by this dimension.

10. Failure Severity

Field	Value
Severity Rating	Critical
Blast Radius	Cross-functional — affects all users who experience harm on the platform, with potential for physical harm escalation, re-traumatisation, and regulatory enforcement across multiple jurisdictions

Consequence chain: Without governed victim support routing, the platform's response to harm reports is ad-hoc, severity-blind, and unreliable. The immediate failure mode is delayed or absent routing — a victim who reports imminent danger receives the same automated acknowledgement and queue position as a user reporting a minor content violation. The first-order consequence is that victims do not receive timely access to support resources, extending their exposure to harm during the critical window when intervention is most effective. The second-order consequence depends on the harm type: for imminent physical danger, delayed routing can contribute to escalating violence; for child safety matters, delayed reporting allows continued exploitation; for domestic abuse, delayed support leaves the victim in a dangerous situation without safety planning resources. The third-order consequence is regulatory and legal liability. Failure to meet mandatory reporting timelines for child safety matters carries criminal penalties in multiple jurisdictions. Failure to comply with Digital Services Act notice-handling obligations or Online Safety Act safety duties exposes the platform to enforcement fines that can reach 6% of global annual turnover under the DSA and £18 million or 10% of qualifying worldwide revenue under the UK Online Safety Act. The fourth-order consequence is reputational — public disclosure that a platform failed to route a victim to support during an emergency destroys user trust at a fundamental level. Investigative journalism and parliamentary inquiries into platform safety failures have demonstrated that a single high-profile routing failure can trigger legislative reform, regulatory crackdowns, and sustained reputational damage. The aggregate governed exposure from a systemic routing failure — combining regulatory fines, litigation costs, remediation expenses, and revenue impact from user trust erosion — can exceed hundreds of millions of pounds for large platforms.

Cross-references: AG-019 (Human Escalation & Override Triggers) defines when automated processing must yield to human intervention — victim support routing is a critical instance where human escalation must be guaranteed. AG-008 (Governance Continuity Under Failure) ensures that victim support routing continues to function during platform outages or degraded states — routing failures during system failures compound the harm. AG-029 (Data Classification Enforcement) governs the classification of victim data, which includes sensitive personal information requiring the highest protection levels. AG-033 (Consent Lifecycle Governance) governs the consent mechanisms used when sharing victim information with third-party support services. AG-037 (Anonymisation & Pseudonymisation Governance) applies to victim data that must be shared for statistical or research purposes without identifying the individual. AG-040 (Sensitive Category Data Processing Governance) governs the processing of special category data inherent in victim disclosures. AG-055 (Audit Trail Immutability & Completeness) ensures that routing decision logs meet the immutability and completeness requirements for regulatory evidence. AG-210 (Multi-Jurisdictional Regulatory Mapping) provides the framework for mapping mandatory reporting obligations across operating jurisdictions — victim support routing consumes this mapping to determine jurisdictional routing rules. AG-689 (Abuse Taxonomy Governance) provides the harm classification taxonomy that victim support routing uses to determine severity levels. AG-691 (Escalation to Specialist Review Governance) defines escalation pathways to specialist reviewers for complex or ambiguous harm reports that the AI agent cannot classify with confidence. AG-698 (Emergency Harm Response Governance) governs the emergency response framework that victim support routing activates for imminent-danger cases.