Definition
No mechanism to provide feedback or seek recourse for those impacted by harmful or biased outputs, and no consequence for the system's developers or owners for any negative outcomes.
Controls & guardrails that address this
6Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.
Design user feedback and recourse mechanisms at use case design stage with defined SLAs for complaint resolution.
Build user-facing feedback and complaint submission channels. Test end-to-end before deployment.
Confirm feedback and recourse channels are live, clearly disclosed, and accessible in the production interface.
Operate a structured feedback management process. Log, categorise, and route all feedback to responsible owners within SLA.
Collect structured user feedback through in-product mechanisms. Use feedback to prioritise iterative model improvements.
Run a structured lessons-learned review after every material AI incident. Track remediation actions to closure and feed outcomes back into the controls and the IR plan.
source: NIST SP 800-61r2 (Post-Incident Activity / Lessons Learned); ISO/IEC 27035-2:2023; NIST AI RMF MANAGE 4.3