How your board prepares for the first major AI crisis.
The question is not whether your organisation will ever face a significant AI failure. The question is when, how serious, and how prepared you are when it happens.
In Q2 2026, Praesum expects the first major public AI incidents in Europe — where AI systems make errors at scale with direct impact on customers, employees or third parties. The technology is deployed broadly enough, governance is insufficiently mature in most organisations, and the likelihood of incidents increases as AI becomes more deeply embedded in operational processes.
Systematic bias in a decision process An AI system that structurally disadvantages on the basis of gender, origin or other protected characteristics — in credit assessment, HR selection or customer service. The damage is reputational and legal. The question is: did you discover it before a journalist or regulator did?
Incorrect AI output causing operational damage An AI system that gives erroneous recommendations acted upon by people — in logistics, production, medical diagnostics or financial advice. The liability question is complex; the reputational damage is immediate.
AI data breach via a third-party vendor An AI vendor is hacked or experiences a data incident through which your business data — or worse: customer data — is exposed. Your liability as data controller exists regardless of where the breach occurred.
Autonomous system takes an unauthorised decision An AI agent executes an action outside the defined parameters — an excessive payment, a commercial commitment, an external communication that was not authorised. See also week 12.
An AI crisis is not a question of if — but of when. The board that accepts this now and establishes an incident protocol is fundamentally better placed to survive it than the board that is unprepared.
Escalation path and first response Who is informed first? Who takes the decision to shut down a system? Who communicates internally and externally? This must be established before the incident occurs.
Shutdown procedure Every AI system with operational impact must have a documented shutdown procedure that can be executed quickly without disrupting the entire operation.
External communications strategy How do you communicate with customers, regulators and the media? Who is the spokesperson? What narrative do you adopt? Preparing this during a crisis is too late.
Documentation for regulators In the event of an incident under the EU AI Act, you are required to report. The documentation you maintain now determines how you stand in that conversation.
Not just insight — but a plan your board can execute.