ai-incident-reporting-mcp 1.1.2

AI Incident Reporting Compliance MCP. Unified classification + reporting-clock tracker across EU AI Act Article 73, DORA Article 19, NIS2 Article 23, GDPR Article 33, ISO/IEC 42001 clause 9, and UK AISI voluntary frontier-model reporting. One incident → all regime clocks in parallel. HMAC-signed post-incident attestation. By MEOK AI Labs.

mcp-name: io.github.CSOAI-ORG/ai-incident-reporting-mcp

AI Incident Reporting Compliance MCP

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

One AI incident → many mandatory notifications. Classifies once, emits every regime's clock + authority + form in parallel.

By MEOK AI Labs.

Regimes covered

• EU AI Act Article 73 — serious-incident reporting (high-risk AI + GPAI with systemic risk). 15-day initial notification to market-surveillance authority.
• DORA Article 19 — major ICT incident reporting (financial entities + CTPPs). 4h / 72h / 1 month clocks.
• NIS2 Article 23 — significant incident (essential/important entities). 24h early warning / 72h notification / 1 month final.
• GDPR Article 33 — personal-data breach (controllers). 72h.
• ISO/IEC 42001 clause 9 — AIMS monitoring + internal incident for AI management systems.
• UK AI Safety Institute (AISI) — voluntary frontier-model incident reporting.

Why this MCP

A single incident — say, a bias-driven lending decision that materially harms a protected group — can simultaneously trigger:

• EU AI Act Art 73 (high-risk AI fundamental-rights incident — 15 days)
• DORA Art 19 (if financial entity, €100k impact — 4 hours)
• NIS2 Art 23 (if essential entity, significant disruption — 24 hours)
• GDPR Art 33 (personal data involved — 72 hours)

If you don't know that, you miss the tightest SLA. This MCP classifies the incident against every regime in scope for your entity and tells you the master deadline.

Tools

• classify_incident — multi-regime decision tree
• list_regime_clocks — all regime clocks + authorities
• sign_incident_response_attestation — Pro/Enterprise: signed post-incident evidence

Install

pip install ai-incident-reporting-mcp

Tiers

• Free — 10 classifications/day
• Pro £199/mo — unlimited + signed attestations + notification templates
• Enterprise £1,499/mo — multi-entity + Trust Center webhook pushes
• £5,000 assessment — 48h incident-response audit + playbook hardening

Full Compliance Platform

Need the complete multi-regime stack? councilof.ai — EU AI Act, DORA, NIS2, CRA, CSRD compliance from £29/mo. 100x cheaper than traditional consulting.

→ Get started at councilof.ai

Related MEOK MCPs

• eu-ai-act-compliance-mcp
• dora-compliance-mcp
• nis2-compliance-mcp
• dora-nis2-crosswalk-mcp
• meok-attestation-verify

If this tool helps your compliance workflow, please star this repo — it helps other teams find it.

Wire it up — full stack

Pair this with the MEOK chain that turns one agent action into ONE signed compliance event:

1. bft-progress-council-mcp — anti-loop guardrail
2. agent-token-budget-mcp — hard spend cap
3. agent-prompt-injection-firewall-mcp — OWASP LLM01 scan
4. agent-audit-logger-mcp — hash-chained evidence
5. a2a-governance-bridge-mcp — fold N attestations → 1 signed event
6. agent-incident-relay-mcp — broadcast incidents to 5 regimes simultaneously

See meok.ai/mcp-stack for the full architecture and meok.ai/mcp-stack/demo for the live in-browser demo.

License

MIT — MEOK AI Labs, 2026.

<<<<<<< Updated upstream

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>

Stashed changes

Sister MCPs

Part of the MEOK Governance pack — designed to work together as a fleet. Install the whole pack with npx meok-setup --pack governance, or pick the ones you need:

• EU AI Act → uvx eu-ai-act-compliance-mcp · PyPI · GitHub
• DORA → uvx dora-compliance-mcp · PyPI · GitHub
• NIS2 → uvx nis2-compliance-mcp · PyPI · GitHub
• Cyber Resilience Act → uvx cra-compliance-mcp · PyPI · GitHub
• AI Bill of Materials → uvx ai-bom-mcp · PyPI · GitHub
• DORA × NIS2 Crosswalk → uvx dora-nis2-crosswalk-mcp · PyPI · GitHub

Full catalogue + Anthropic Registry verify links: meok.ai/anthropic-registry

Protocol coverage + Universal PAYG

This MCP is part of MEOK's 47-MCP fleet that bridges every active agent-interop protocol and 30+ regulatory frameworks. See the full coverage matrix at meok.ai/protocols.

Agent interop protocols supported (8 live):

• ✅ MCP (Anthropic) — native
• ✅ A2A (Google + Linux Foundation, absorbed IBM ACP Sept 2025)
• ✅ IBM ACP — covered via A2A merge
• ◐ Stripe ACP (Agentic Commerce Protocol) — Q3 bridge via agent-commerce-protocol-mcp
• ◐ AP2 (Google Agent Payments) — partial via agent-commerce-payments-mcp
• ◐ x402 (Coinbase HTTP 402) — partial via api.meok.ai gateway
• → OASF / AGNTCY (Cisco Outshift + Linux Foundation) — Q3 bridge
• 👁 ANP (Cisco Agent Network) — watch-list

Pricing options:

Option	Price	Best for
Self-host (this MCP)	£0 — MIT	Devs
This MCP Starter	£29/mo	One-MCP teams
This MCP Pro	£79/mo	Production + 24h SLA
Universal PAYG	£29/mo + £0.0002/call	Spiky usage across many MCPs
Substrate bundle (this category)	£99-£499/mo	A whole pack
MEOK Universe	£1,499/mo	All 47 MCPs, 500K calls

Each tier above the free self-host adds HMAC-signed attestations verifiable at verify.meok.ai. Linux Foundation governance on the A2A spine means EU regulated buyers can deploy without vendor-lock-in objections.

💸 Try MEOK in 30 seconds — instant buy ladder

Tier	Price	What you get	Stripe
Smoke test	£1	Signed sample MCP-Hardening report + Article 50 PDF	https://buy.stripe.com/dRmcN75ScdQS7oh1Uc8k90U
Quick Kit	£9	EU AI Act Article 50 implementation guide (C2PA + EU-Icon)	https://buy.stripe.com/cNi00la8s1460ZT0Q88k90V
Founder Call	£29	30-min 1-on-1 with the founder	https://buy.stripe.com/8x228ta8s6oqbExaqI8k90W

Refundable. UK Stripe — VAT-clean. Builds on the 81-MCP MEOK fleet. Verify any signed report at https://meok.ai/verify.