ai-incident-reporting-mcp 1.0.3

AI Incident Reporting Compliance MCP. Unified classification + reporting-clock tracker across EU AI Act Article 73, DORA Article 19, NIS2 Article 23, GDPR Article 33, ISO/IEC 42001 clause 9, and UK AISI voluntary frontier-model reporting. One incident → all regime clocks in parallel. HMAC-signed post-incident attestation. By MEOK AI Labs.

AI Incident Reporting Compliance MCP

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

One AI incident → many mandatory notifications. Classifies once, emits every regime's clock + authority + form in parallel.

By MEOK AI Labs.

Regimes covered

• EU AI Act Article 73 — serious-incident reporting (high-risk AI + GPAI with systemic risk). 15-day initial notification to market-surveillance authority.
• DORA Article 19 — major ICT incident reporting (financial entities + CTPPs). 4h / 72h / 1 month clocks.
• NIS2 Article 23 — significant incident (essential/important entities). 24h early warning / 72h notification / 1 month final.
• GDPR Article 33 — personal-data breach (controllers). 72h.
• ISO/IEC 42001 clause 9 — AIMS monitoring + internal incident for AI management systems.
• UK AI Safety Institute (AISI) — voluntary frontier-model incident reporting.

Why this MCP

A single incident — say, a bias-driven lending decision that materially harms a protected group — can simultaneously trigger:

• EU AI Act Art 73 (high-risk AI fundamental-rights incident — 15 days)
• DORA Art 19 (if financial entity, €100k impact — 4 hours)
• NIS2 Art 23 (if essential entity, significant disruption — 24 hours)
• GDPR Art 33 (personal data involved — 72 hours)

If you don't know that, you miss the tightest SLA. This MCP classifies the incident against every regime in scope for your entity and tells you the master deadline.

Tools

• classify_incident — multi-regime decision tree
• list_regime_clocks — all regime clocks + authorities
• sign_incident_response_attestation — Pro/Enterprise: signed post-incident evidence

Install

pip install ai-incident-reporting-mcp

Tiers

• Free — 10 classifications/day
• Pro £199/mo — unlimited + signed attestations + notification templates
• Enterprise £1,499/mo — multi-entity + Trust Center webhook pushes
• £5,000 assessment — 48h incident-response audit + playbook hardening

Full Compliance Platform

Need the complete multi-regime stack? councilof.ai — EU AI Act, DORA, NIS2, CRA, CSRD compliance from £29/mo. 100x cheaper than traditional consulting.

→ Get started at councilof.ai

Related MEOK MCPs

• eu-ai-act-compliance-mcp
• dora-compliance-mcp
• nis2-compliance-mcp
• dora-nis2-crosswalk-mcp
• meok-attestation-verify

If this tool helps your compliance workflow, please star this repo — it helps other teams find it.

License

MIT — MEOK AI Labs, 2026.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>