Designing escalation criteria for international AI incident response: criteria, triggers, and thresholds

TL;DR

This paper develops an operational escalation framework for AI incidents to facilitate international coordination, analyzing criteria, triggers, and thresholds based on regulatory and incident data.

Contribution

It introduces a set of eight criteria for escalation decisions, maps them to existing regulations, and tests the framework against real incidents to identify detection gaps.

Findings

Under-detection occurs when escalation requires confirmed harm.

Systemic risks from accumulated incidents are often under-detected.

Thresholds based on legal terms can be impractical under time pressure.

Abstract

AI incident reporting requirements are emerging in regulation and policy, yet no operational criteria exist for determining when a detected AI incident warrants escalation beyond national handling to international coordination. This paper proposes an escalation framework to address this gap, intended as a common reference point across jurisdictions that enables aligned escalation while preserving flexibility in how actors respond within their own legal and policy contexts. We review SB 53, the EU AI Act, the GPAI Code of Practice, and incident frameworks from other industries to derive eight criteria for assessing whether an incident warrants escalation, translated into a sequential flowchart with gated decision points and threshold checks. For each criterion, we map how it interplays with these regulatory frameworks, identifying where their design choices support or undermine effective detection. We test the framework against ten documented AI incidents and structured variants to identify where criteria under-detect or misclassify incidents in practice. We find three design patterns that may lead to systematic under-detection in regimes where model developers are responsible for escalation: a. where escalation requires confirmed harm, events such as model weight exfiltration risk detection only after severe, irreversible harm has propagated; b. where incidents are assessed individually, systemic harms emerging from accumulation risk being under-detected; and c. where thresholds align with legal instruments rather than quantitatively testable terms, criteria risk being impractical to apply under time pressure. We also find that escalation rules are only one component of a broader framework: the underlying definitions against which thresholds are set, and the data available to the responsible actor, create interdependencies that can themselves drive under-detection.