Adverse Event Reporting for AI: Developing the Information Infrastructure Government Needs to Learn and Act

Key Takeaways

• Adverse event reporting systems enable policymakers, industry, and downstream users to learn about AI risks from real-world use.

• These systems don’t necessarily require massive new spending or agencies—they can be developed iteratively, scaled over time, and supported through strategic partnerships.

• Reporting allows both regulators and industry to respond proactively by surfacing problems quickly, which promotes a culture of safety.

• Reporting means better policymaking by providing policymakers with evidence to fill regulatory gaps only where they actually exist.

Why Pre-Deployment Testing Alone Cannot Identify All AI Risks

For policymakers trying to proactively address AI risks, one of the most persistent—and underappreciated—problems is that the most serious risks of advanced AI systems often don’t emerge until after deployment. While much recent attention has focused on pre-deployment risk assessments—testing, evaluation, and red-teaming—these efforts cannot fully anticipate how models will behave in real-world use. Systems like GPT-4, Claude, and DeepSeek continue to surprise even their developers with unexpected capabilities and behaviors post-release. And the uncertainty surrounding model capabilities and risks only grows as general-purpose models are deployed in complex environments.

Pre-deployment testing is important, but it is not enough. If policymakers want to ensure that AI development serves the public interest, they need mechanisms that allow government, industry, and society to learn about the technology as it evolves—and to respond when things go wrong.

This is one lesson from earlier governance failures of new and emerging digital technology. Social media platforms were not required to monitor or report harms systematically, and, as a result, policymakers were largely blind to emerging risks until crises like mental health harms provoked reactive responses. AI models may very well follow the same path unless we build capacity to capture and responsibly react to new information.

Right now, most of the information about how these systems perform post-deployment is held by private companies, out of reach of policymakers and the public. Closing that gap requires more than asking companies to “do better” with voluntary commitments—it requires building public infrastructure for learning. One central tool for this is adverse event reporting.

Adverse event reporting systems are already used to surface harms, detrimental events, errors, or malfunctions in other domains. Applied to AI, these systems would provide a structured way to collect reports of model failures, misuse, or unexpected behavior from developers and downstream users. By enabling iterative, evidence-based policymaking, adverse event reporting can help regulators move from guessing about potential risks to understanding what is happening.

If policymakers are serious about regulating AI in a way that is effective, adaptive, scalable, and sustainable, building an adverse event reporting system should be a top priority. Without it, government risks flying blind.