AI Safety Risk Taxonomy

• Safety risk taxonomy is a multi-dimensional system that classifies AI-related failures by incident type, severity, cause, affected system, and harm.
• It employs schema-based data capture and objective criteria to ensure rigorous, standardized incident documentation and cross-sector risk analysis.
• The taxonomy underpins regulatory compliance and policy development by providing actionable insights for safety management in critical infrastructures.

A safety risk taxonomy provides a structured, multi-dimensional classification for identifying, analyzing, and mitigating failures, harms, and vulnerabilities associated with the deployment and operation of AI systems, especially in critical digital infrastructure. Its objective is to enable rigorous, standardized incident documentation, robust cross-sectoral risk analysis, and to serve as an operational foundation for safety management, regulatory compliance, and evidence-based policymaking (Agarwal et al., 28 Jan 2025).

1. Foundational Concepts and Definitions

The taxonomy for AI safety risk in critical digital infrastructure is structured around several key concepts:

• Incident Severity: Qualitative assessment of the incident’s systemic impact, categorized as Critical, High, Moderate, or Low, depending on outage scope (>50% nationwide, regional, localized) and the duration or depth of service disruption.
• Incident Causes: Root or contributing factors classified as AI Misconfiguration (e.g., parameter errors), Predictive Maintenance Error, Security Vulnerability (e.g., adversarial attacks), or Human-Related AI Errors.
• Harms: Categorized as Physical, Environmental, Property, Psychological, Reputational, Economic, Legal/Regulatory, or Human Rights harm, each representing a distinct axis of negative consequence.
• Affected System: Specifies the infrastructure layer compromised—Core Network, Edge/Access Networks, Data Transmission Systems, Virtualized/Cloud Infrastructure, IoT Components, or Physical Infrastructure.
• Incident Types: Modes of system failure—Network Disruption, Service Quality Degradation, Security Breach, AI Mismanagement, Operational Failure, Predictive Maintenance Failure (Agarwal et al., 28 Jan 2025).

These dimensions ensure that incident records capture both the technical and societal ramifications of an AI-related failure.

2. Taxonomic Dimensions and Hierarchical Structure

The taxonomy is organized as a multi-axis schema, with each incident classified along five primary dimensions:

Dimension	Principal Subcategories
Incident Type	Network Disruption, Service Quality Degradation, Security Breach, AI Mismanagement, Operational Failure, Predictive Maintenance Failure
Affected System	Core Network, Edge/Access, Data Transmission, Virtualized/Cloud, IoT, Physical Infrastructure
Incident Severity	Critical, High, Moderate, Low
Cause of Failure	AI Misconfiguration, Predictive Maintenance Error, Security Vulnerability, Human-Related AI Error
Type of Harm	Physical, Environmental, Property, Psychological, Reputational, Economic, Legal/Regulatory, Human Rights

Each axis is mutually orthogonal, enabling analysts to map, compare, and aggregate incidents at different granularities. For example, a data breach on a national energy grid (Critical severity, Security Breach, Core Network, Security Vulnerability, Legal and Human Rights harm) is structurally distinct from a localized IoT sensor failure (Moderate severity, Predictive Maintenance Failure, IoT Components, Predictive Maintenance Error, Physical and Property harm) (Agarwal et al., 28 Jan 2025).

3. Category Definitions and Classification Criteria

• Network Disruption: Complete/partial connectivity loss (e.g., grid blackout). Assignment requires documented loss of service in core or access networks.
• Service Quality Degradation: Decrease in system performance, such as increased latency or fluctuations in voltage.
• Security Breach: Unauthorized access or manipulation, typically leveraging model or pipeline vulnerabilities (exploitable via poisoning, adversarial prompts).
• AI Mismanagement: Erroneous resource allocation or decisions, such as incorrect automated routing.
• Operational Failure: Breakdown in automated workflows, including logistical disruptions stemming from procedural errors in AI-controlled processes.
• Predictive Maintenance Failure: Failure of AI-driven prognostics, including missed or false alerts leading to unplanned downtime.

Severity levels are assigned by quantitative criteria (e.g., "Critical" for >50% users affected for >12 hours), while types of harm are classified as present/absent or low/medium/high based on documented consequences (Agarwal et al., 28 Jan 2025).

4. Application Procedures and Data Collection

• Schema-Based Data Capture: Each incident is recorded under a standardized schema, with fields for ID, date, location, severity, cause, affected system, and all relevant harm categories.
• Categorization Process: Every incident is assigned a single value per axis. Severity is determined using objective metrics relating to scope, duration, and criticality.
• Quality Control: All assignments undergo secondary review and cross-referencing with root-cause analyses or developer postmortems for attribution validation.
• Continuous Refinement: Taxonomic categories are periodically updated to reflect emerging failure modes and new system components; pre-classification by automated tagging tools is recommended.

Multiple harms can co-occur and are logged independently. This provides an evidence base for aggregate risk analysis across sectors and jurisdictions (Agarwal et al., 28 Jan 2025).

5. Exemplary Incident Classifications

Case 1: Telecom Network Blackout

• Incident Type: Network Disruption
• Affected System: Core Network
• Severity: Critical (nationwide, 8 hours)
• Cause: AI Misconfiguration
• Harms: Economic, Reputational, and Operational

Case 2: Edge AI Sensor Failure in Smart Grid

• Incident Type: Predictive Maintenance Failure
• Affected System: IoT Components
• Severity: Moderate
• Cause: Predictive Maintenance Error
• Harms: Physical, Property

Case 3: Cloud AI Data Breach

• Incident Type: Security Breach
• Affected System: Virtualized/Cloud Infrastructure
• Severity: High
• Cause: Security Vulnerability
• Harms: Legal/Regulatory, Human Rights, Reputational

These cases illustrate the orthogonal assignment of taxonomy values and emphasize the necessity of multi-dimensional record keeping for both localized and systemic failures (Agarwal et al., 28 Jan 2025).

6. Integration into Safety Management and Regulatory Systems

The taxonomy is designed for direct integration into operational practices and policy regimes. Key recommendations include:

• Cross-Sectoral Mandates: Adoption by regulators (telecom, energy, finance, healthcare) as a required schema for incident reporting.
• Regulatory Alignment: Mapping taxonomy fields to existing standards (EU AI Act, NIST, ISO/IEC) to enable audit-ready, compliant record-keeping.
• Data Sharing: Establishment of international registries—using the taxonomy for confidentiality-controlled, aggregate analytics supporting global risk assessment.
• Automated Risk Monitoring: Embedding taxonomy-aligned tags in dashboards to enable real-time detection of emergent risk clusters (e.g., surges in AI misconfiguration).
• Policy Development: Taxonomy-derived incident analytics can guide regulatory prioritization, resource allocation for mitigations, and development of targeted operator training and certification schemes.
• Periodic Stakeholder Review: Annual updates—multi-stakeholder, multi-sector—ensure the taxonomy reflects evolving technologies and threat landscapes (Agarwal et al., 28 Jan 2025).

By institutionalizing this taxonomy, organizations increase the granularity, comparability, and actionability of their AI incident data, directly enhancing the resilience and trustworthiness of critical digital infrastructures.

---

This taxonomy is positioned as a baseline for unified, global, evidence-driven safety risk management in AI-driven critical infrastructure, facilitating effective aggregation, trend analysis, and cross-jurisdictional learning (Agarwal et al., 28 Jan 2025).