June 1, 2026 (in 3 days): New York: 22 NYCRR Part 161 takes effect, system-wide AI policy for all UCS courts

AI Incident Log Template

A printable per-incident report form mirroring Policy Template, Section 13. Pairs with the firm-wide Usage Register for cross-incident pattern review.

Even a well-governed AI program will produce incidents. Confidentiality slips, hallucinated citations that almost reached a tribunal, and vendor-side outages all count. The incident-response artifact a carrier expects is not a list of zeros; it is a documented record of identification, 24-hour notification, rules-and-coverage assessment, and resolution. The form below is a starting point, not a finished one. Have a licensed attorney in your state confirm the form before adoption.
On this page
  1. What is an AI incident
  2. When to log
  3. The incident report form
  4. How to file the incident

What is an AI incident

The Policy Template defines an AI incident, without limitation, as:

  1. (a) Inadvertent input of client information into an unapproved tool.
  2. (b) Disclosure of client information through an AI tool's output (for example, a model returning another firm's confidential information in response to a prompt; a fine-tuned model leaking training data).
  3. (c) Submission of an AI-generated misstatement to a court, opposing counsel, or third party (for example, a hallucinated citation that reached a filing; a misstated holding in a brief sent to opposing counsel).
  4. (d) Any provider-side breach, outage, or service disruption affecting firm data (for example, a Tier 1 vendor's security incident, a vendor's unannounced model swap that materially changes output behavior).

A near-miss (an incident category was triggered but caught before external impact) is logged. A near-miss is the most useful kind of incident for the firm, because it is the kind a carrier and a regulator most want to see surface internally rather than externally.

When to log

  • Within 24 hours of identification of the incident, the individual who identifies it notifies the [Managing Partner / AI Committee] under Section 13 of the Policy.
  • The incident report is opened immediately, even if the assessment under Rule 1.4 (client communication), Rule 3.3 (candor to a tribunal), state bar reporting, and carrier notice is still pending. The report is the running record of those determinations.
  • Resolution is documented in the same report. The report is closed when remediation is complete, not when the issue is identified.

The incident report form

The form below is the per-incident report. Print, complete in ink or as a fillable PDF, sign, and file in the firm incident register.

AI INCIDENT REPORT

Incident ID: ____________________________ Date opened: ____________________

Identified by: ____________________________________________

Notified Managing Partner / AI Committee on: ____________________ Time: ____________

Incident category (check all that apply):

  • (a) Inadvertent input of client information into an unapproved tool
  • (b) Disclosure of client information through an AI tool's output
  • (c) Submission of an AI-generated misstatement to a court, opposing counsel, or third party
  • (d) Provider-side breach, outage, or material model change affecting firm data
  • Near-miss (category triggered but caught before external impact). Specify category: ____

Affected matter and people:

Matter and matter number: ____________________________________________

Responsible attorney: ____________________________________________

AI tool and version: ____________________________________________

Usage register row reference: ____________________________

What happened (factual narrative, no characterizations):

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

Immediate containment actions taken:

_________________________________________________________________

_________________________________________________________________

Assessment (per Section 13):

  • Client notification required under Rule 1.4? Y / N. If Y, date and method: ____________________________
  • Remedial disclosure to a tribunal required under Rule 3.3? Y / N. If Y, date filed: ____________________________
  • State bar reporting obligation triggered? Y / N. If Y, citation: ____________________________
  • Carrier or broker notice obligation triggered under the policy? Y / N. If Y, notice date and recipient: ____________________________
  • Vendor (Tier 1 / 2 tool) notice and follow-up required? Y / N. If Y, vendor and ticket: ____________________________

Resolution and policy follow-through:

_________________________________________________________________

_________________________________________________________________

Lessons captured for next policy review (Section 15):

_________________________________________________________________

_________________________________________________________________

Closed by Managing Partner / AI Committee:

Signature: ____________________________________________

Print name: ____________________________________________

Date closed: ____________________________

How to file the incident

  1. Maintain an incident register. Beyond the per-incident report, the Firm maintains a running register listing every incident ID, date opened, category, status (open / closed), and pointer to the report. The register is what a carrier or auditor asks to see first.
  2. Privilege treatment. Treat completed reports as work product where appropriate. Coordination between the Managing Partner, the firm's general counsel (or outside ethics counsel), and the carrier should happen before broad internal distribution.
  3. Carrier notice obligations are policy-specific. Most claims-made LPL policies require notice "as soon as practicable" of any circumstance that might give rise to a claim. A confidentiality breach or a sanctions referral is a notifiable circumstance. Read the policy's notice provision and consult the broker; do not assume "internal investigation first, notice later" is safe.
  4. Cross-link to verification and usage logs. Each incident references the row in the Usage Register and the Verification Log (where applicable) so the program is traceable end-to-end.
  5. Feed lessons back into the policy. Incidents are the most reliable input to Section 15 (annual review). Carry incident-derived changes into the next policy revision and re-collect employee acknowledgments.
  6. Retain through the malpractice tail. Incident reports are responsive to a malpractice claim, a coverage dispute, or a sanctions inquiry years after the incident closes. Retain at least as long as the matter file plus any open extended-reporting period.

Related on this site

Sanctions cases

Other resources

Form mapped to Policy Template Section 13 and ABA Formal Opinion 512 (July 2024). Last verified 2026-04-29.