Article 73 Serious Incident Reporting: What High-Risk AI Providers Must Do

Under Article 73 of Regulation (EU) 2024/1689, providers of high-risk AI systems must report serious incidents to the market surveillance authority of the member state where the incident occurred. The clock starts the moment a causal link — or a reasonable likelihood of one — is established. From that point, you have at most 15 days. For deaths, 10 days. For widespread infringements or serious disruptions to critical infrastructure, 2 days — and you must act immediately upon becoming aware.

Article 73 is the output channel for the post-market monitoring system Article 72 requires providers to build. Article 72 creates the detection machinery; Article 73 governs what happens when that machinery catches something serious.

---

What Counts as a Serious Incident

The definition in Article 3(49) is specific. A serious incident is any incident or malfunction of a high-risk AI system that directly or indirectly leads to one or more of the following:

• the death of a person or serious harm to a person's health
• a serious and irreversible disruption of critical infrastructure (as defined under Directive (EU) 2022/2555 — the NIS2 Directive)
• a breach of the provider's obligations under Union law intended to protect fundamental rights
• serious harm to property or to the environment

That last sub-category — Article 3(49)(b) — covers the critical infrastructure scenario and triggers the shortest reporting window (2 days, immediately upon awareness).

Not every AI failure is a serious incident. A system that produces an incorrect output, flagged and corrected by a human operator before any action is taken, does not meet the threshold. Nor does a performance dip, a latency spike, or a model output that is merely unhelpful. The threshold requires demonstrable harm or a realistic prospect of it. A medical triage AI that contributes to a delayed diagnosis resulting in severe injury does qualify. A recruitment AI whose bias is caught in an internal audit before any hiring decision is made does not — though that audit finding may still trigger corrective action under Article 72.

---

The Three Reporting Windows (Web-Verified)

Article 73 establishes a severity-tiered schedule, confirmed from the official text:

15 days — the default window for serious incidents that do not fall into the two faster-track categories below. The 15 days run from when the provider (or, where applicable, the deployer) becomes aware of the incident — not from when the incident occurred. If your post-market monitoring system flags a potential serious incident on 3 January, the 15-day clock starts on 3 January, regardless of when the underlying failure happened.

10 days — when the incident involves the death of a person. Notification must be made immediately after the provider establishes (or suspects) a causal link between the AI system and the death, and no later than 10 days after becoming aware.

2 days / immediately — for widespread infringements, or for incidents within the Article 3(49)(b) category: serious and irreversible disruptions of critical infrastructure. "Immediately" means the same day in practice. The 2-day period is the outer limit, not the target.

In all cases, Article 73(5) permits an initial incomplete report where necessary to meet the deadline, followed by a complete report. Filing an incomplete report on day 14 is better than missing the window.

---

Who Must Report, and to Whom

Article 73 places the obligation on providers — the legal entity that developed the system and placed it on the EU market or put it into service under its own name or trademark. A company that licenses an AI model to a hospital and brands it as its own product is the Article 73 provider. The hospital using that system is a deployer.

Deployers are not directly subject to Article 73 reporting obligations, but they have a related duty under Article 26: if a deployer becomes aware of a serious incident, it must inform the provider. If the deployer cannot reach the provider, it must notify the relevant market surveillance authority directly.

Reports go to the market surveillance authority of the member state where the incident occurred — not necessarily where the provider is established. A French hospital deploying a German provider's diagnostic AI, with an incident occurring in France, means notification to the relevant French authority. Providers with systems deployed across multiple member states should maintain contact details for each relevant authority in advance.

---

What the Report Must Cover

Article 73 does not prescribe a fixed form. A complete report should cover: the system's identity and Annex III classification; a factual account of what happened, when, and where; the harm caused and the number of affected persons; the causal chain to the extent known; immediate containment measures; and the remediation timeline. Where the investigation is ongoing at the time of filing, say so — Authorities expect professional documentation, not a completed root-cause analysis within 48 hours of a death. The Article 73(5) incomplete-report provision exists precisely for that.

Article 73(6) requires the provider to conduct the full investigation without delay after reporting, cooperate with the authority, and — critically — not modify the AI system in any way that could affect investigation findings without first informing the competent authority.

---

Connection to Post-Market Monitoring and Other Regimes

Article 73 does not sit in isolation.

Article 72 (post-market monitoring) is the detection layer. Your Article 72 monitoring plan should define what indicators could signal a serious incident and set escalation thresholds. Without that infrastructure, discovering an incident within the awareness window — and therefore within the reporting window — is unreliable.

GDPR (Article 33 GDPR): A serious AI incident involving personal data may simultaneously trigger a data breach notification within 72 hours. The two obligations are independent; one does not satisfy the other. Coordinate both from a single cross-functional response process to avoid contradictory communications reaching different authorities.

NIS2 (Directive (EU) 2022/2555): Where the affected system is part of critical infrastructure, NIS2 incident-reporting obligations run in parallel, with their own timelines (early warning within 24 hours, formal notification within 72 hours, final report within one month). Companies in energy, transport, health, or digital-infrastructure sectors must map all three regimes against the same incident-response workflow.

MDR/IVDR carve-out: Article 73(10) limits reporting for high-risk AI systems that are safety components of medical devices covered by Regulations (EU) 2017/745 or 2017/746 to the Article 3(49)(c) category (fundamental-rights breaches) only. The MDR/IVDR serious-incident regime handles the rest for those systems.

---

Building an Article 73 Reporting Workflow

The obligation is straightforward on paper; the difficulty is operationalising it before an incident occurs.

Define "awareness" in writing. The 15-day clock starts when the provider becomes aware. Document which role carries that accountability and what information constitutes awareness for your organisation. Without this, you will have arguments about when the clock started.

Pre-draft your notification template. A template keyed to Article 73's content requirements, reviewed by legal before any incident, removes the pressure of drafting under a 48-hour window. File early and supplement later using the Article 73(5) incomplete-report provision.

Map your competent authorities now. If your systems are deployed in multiple member states, identify the relevant authority in each before you need one. The authority for employment AI may differ from the authority for biometric AI in the same member state — verify designations under Article 70.

Document your non-reporting decisions. Article 72 monitoring will surface many anomalies, most of which do not reach the Article 3(49) threshold. A short written record for each — decision-maker, date, reasoning — is the audit trail that shows you reviewed the event and concluded it did not require notification.

---

How Confir Helps

Confir's AIGM module — Governance and Post-Market Monitoring — covers Articles 9, 72, and 73 through its rule-based assessment framework. For high-risk systems you register in Confir's AI inventory, the AIGM module captures your incident tracking setup: what monitoring indicators are defined, what escalation thresholds are set, and whether a notification workflow exists. Confir's immutable audit log records the date each finding is reviewed and each classification decision is made, which is the documentation you need if a competent authority ever asks why a particular event did not reach the reporting threshold.

Confir does not replace legal counsel on a live incident. It ensures the procedural groundwork is in place so that if an incident occurs, you are not starting from scratch.

---

Penalties and the Compliance Deadline

Failure to report a serious incident as required by Article 73 is a violation of the high-risk AI requirements. Under Article 99(4), the maximum fine is €15 million or 3% of total worldwide annual turnover, whichever is higher. For companies classified as SMEs or start-ups, Article 99(6) caps the fine at the lower of the two figures — a proportionality protection worth noting.

The compliance deadline for Article 73 for stand-alone high-risk AI systems (the Annex III list) is 2 December 2027 under the Digital Omnibus agreed in May 2026, which deferred the original 2 August 2026 date. For high-risk AI systems embedded in regulated products under Annex I, the deadline is 2 August 2028. Note that Article 73 itself enters general application in August 2026, but the full Annex III compliance stack — including Article 73 obligations for those systems — applies from 2 December 2027. The deferral is breathing room for building systems, not permission to ignore incidents that cause real harm in the interim.

---

Frequently Asked Questions

Which incidents must a high-risk AI provider report under Article 73?

Any incident or malfunction of a high-risk AI system that directly or indirectly causes death, serious injury to a person's health, a serious and irreversible disruption of critical infrastructure, a breach of the provider's obligations to protect fundamental rights under Union law, or serious harm to property or the environment. The definition comes from Article 3(49). Operational failures, performance degradations, and errors caught before causing harm generally do not reach this threshold.

What are the exact Article 73 reporting deadlines?

Three tiers, verified from the official text: 15 days for most serious incidents (from the date the provider becomes aware); 10 days where the incident involves a person's death (from awareness, with immediate notification required upon suspecting a causal link); 2 days for widespread infringements or serious and irreversible disruptions of critical infrastructure under Article 3(49)(b), with immediate notification required upon awareness. An initial incomplete report is allowed under Article 73(5) to meet the deadline, followed by a complete report.

Does a deployer have Article 73 reporting obligations?

Not directly. Article 73 places the reporting obligation on providers. A deployer that becomes aware of a serious incident must notify the provider under Article 26. If the deployer cannot reach the provider, it must notify the competent authority directly. Deployers should build this escalation path into their Article 26 compliance processes before they need it.

How does Article 73 interact with GDPR breach notification?

The two obligations are independent. A serious AI incident involving personal data may simultaneously trigger GDPR Article 33 notification to the data protection authority within 72 hours. Filing an Article 73 report does not satisfy the GDPR obligation, and vice versa. Where the same incident triggers both, coordinate the two notifications carefully — contradictory information sent to different authorities from the same organisation creates additional exposure.

What must an Article 73 report actually contain?

The regulation does not prescribe a fixed form. The report must identify the AI system, describe the incident factually, quantify the harm, explain the causal link to the extent known, describe immediate containment measures, and outline the remediation plan. Where the investigation is ongoing, say so and file an incomplete report within the deadline. Article 73(6) requires the provider to conduct the full investigation without delay after filing and to cooperate with the authority throughout — without modifying the system in ways that could affect the investigation unless the authority is first informed.

When does the Article 73 compliance deadline apply?

For stand-alone high-risk AI systems on the Annex III list, Article 73 obligations apply from 2 December 2027 under the Digital Omnibus (political agreement, May 2026), which deferred the original 2 August 2026 date. For high-risk AI embedded in Annex I regulated products, the date is 2 August 2028. The general application of the regulation — including Article 73's formal entry into force — is 2 August 2026, but the full Annex III compliance stack (Articles 9–17, 72, 73) applies from December 2027.

What is the penalty for failing to report a serious incident?

Non-compliance with Article 73 falls under Article 99(4): a maximum fine of €15 million or 3% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups, Article 99(6) applies the lower of the two figures. Deliberate concealment, extended non-reporting periods, and incidents causing death or widespread harm will attract the higher end of the range. Proactive reporting and demonstrated remediation consistently result in reduced penalties.

---

Related guides

• Article 73 reporting requirements
• Article 72 post-market monitoring obligations
• Article 6 high-risk AI classification
• Annex III critical infrastructure requirements
• risk classification decision tree tool