The regulator contact register is retained as a standalone artefact. For each member state where the system is deployed, the register lists the AI Act market surveillance authority, the NIS2 competent authority or CSIRT (if applicable), the DORA competent financial authority (if applicable), the ENISA reporting portal for CRA notifications, and the contact details, preferred communication channels, and reporting portals for each.
The register is maintained by the AI Governance Lead and updated whenever authority designations change. It is tested during annual tabletop exercises to confirm that the contact information is current and that the reporting portals are accessible.
The register enables immediate reporting without research delays during a multi-regime incident. It sits alongside the regulator engagement documentation described above.
Key outputs
- Per-jurisdiction, per-regime authority contact register
- Annual testing during tabletop exercises
- Immediate reporting enablement without research delays
- Module 9 and Module 11 AISDP evidence