๐Ÿ”AI RiskAtlas
โ† Risk Taxonomy
#11

Inadequate feedback and recourse mechanisms

Risk taxonomy

Definition

No mechanism to provide feedback or seek recourse for those impacted by harmful or biased outputs, and no consequence for the system's developers or owners for any negative outcomes.

Controls & guardrails that address this

6

Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.

Control category
Preventive ยท 4
User feedback and recourse design with SLAs

Design user feedback and recourse mechanisms at use case design stage with defined SLAs for complaint resolution.

Lifecycle stage1 โ€“ Use Case Context & Design
End-to-end tested feedback submission channels

Build user-facing feedback and complaint submission channels. Test end-to-end before deployment.

Lifecycle stage3 โ€“ Onboarding, Build & Review
Disclosed and accessible recourse channels at launch

Confirm feedback and recourse channels are live, clearly disclosed, and accessible in the production interface.

Lifecycle stage5 โ€“ Usage, Monitoring & Change
Structured feedback routing within defined SLA

Operate a structured feedback management process. Log, categorise, and route all feedback to responsible owners within SLA.

Lifecycle stage5 โ€“ Usage, Monitoring & Change
Corrective ยท 2
User feedback and iterative improvement

Collect structured user feedback through in-product mechanisms. Use feedback to prioritise iterative model improvements.

Lifecycle stage5 โ€“ Usage, Monitoring & Change
Also addressesJailbreak
Post-incident review and remediation tracking

Run a structured lessons-learned review after every material AI incident. Track remediation actions to closure and feed outcomes back into the controls and the IR plan.

source: NIST SP 800-61r2 (Post-Incident Activity / Lessons Learned); ISO/IEC 27035-2:2023; NIST AI RMF MANAGE 4.3
Lifecycle stage5 โ€“ Usage, Monitoring & Change
Open these in the Control Library โ†’

Other risks in Accountability & Governance

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning โ€” not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading โ†’ยทBuilt by Shi Yuan โ†—