From Reactive to Proactive: A Multi-Regulatory Empirical Analysis of 480 AI Incidents and a Data-Driven Governance Compliance Framework
For regulators and AI deployers, this work identifies persistent weaknesses in current governance frameworks and offers a data-driven framework to improve accountability.
An empirical analysis of 480 AI incidents reveals substantial gaps in post-deployment accountability across the EU AI Act, NIST AI RMF, and GDPR. The study proposes a Proactive AI Governance Compliance Framework (PAGCF) to shift governance toward pre-deployment compliance.
Artificial intelligence systems are increasingly deployed in high-stakes domains, yet it remains unclear whether existing governance frameworks ensure accountability after deployment. This study makes two contributions. First, it presents a cross-regulatory empirical analysis of 480 real-world AI incidents from the AI Incident Database (AIID), evaluating their alignment with post-deployment provisions in three major governance frameworks: the EU AI Act (Articles 72-73), the NIST AI Risk Management Framework (MANAGE and GOVERN functions), and the General Data Protection Regulation (GDPR Articles 22, 33-35). The results reveal substantial governance gaps across these frameworks, indicating persistent weaknesses in post-deployment accountability. Second, based on these findings, the study proposes the Proactive AI Governance Compliance Framework (PAGCF), a four-phase lifecycle methodology designed to shift governance from reactive incident response toward pre-deployment compliance assurance. The framework includes risk-stratified governance tiers, an implementation checklist linked to specific regulatory provisions, and a projected impact analysis that uses internal monitoring as a proxy for proactive governance capacity.