Severity

how bad it gets when the thing you didn't test finally breaks. 1 is "we can fix it." 5 is "we might not survive it."

"we classified everything as severity 3 because nobody wanted to have the conversation about which controls are actually existential. now everything gets the same budget. the chatbot and the credit scoring model. same severity. sure."
"the board asked what happens if this control fails. the answer was 'we lose our banking licence.' that's a 5. we had it marked as a 3."
"our severity assessment was done by the team that built the system. they rated their own work as low severity. what a coincidence."
Share this one
Canonical Definition

A 1–5 classification of impact if a control fails. 5 = Existential (threatens right to operate), 4 = Critical (material regulatory/financial harm), 3 = Significant (measurable, remediable), 2 = Contained (localised), 1 = Localised (minor). Severity measures impact alone, not likelihood. It determines control investment, testing frequency, evidence requirements, and escalation paths.

Why It Matters

Without severity classification, all controls receive equal attention. A control protecting against reputational annoyance receives the same governance investment as a control protecting the organisation’s banking licence. This is not governance. This is a flat list with no prioritisation logic.

Severity provides the calibration mechanism. It tells the organisation where to invest disproportionately. A Severity 5 control (existential) demands continuous monitoring, redundant mechanisms, regular testing, and board-level visibility. A Severity 1 control (localised) may require only periodic review. Without this differentiation, organisations either over-invest in low-severity controls (governance theatre) or under-invest in high-severity controls (actual risk).

The critical design decision in the AI Enterprise Control Index is that severity measures impact, not risk. Risk combines likelihood and impact. Severity isolates impact. This prevents organisations from deprioritising catastrophic failures simply because they seem improbable. A Severity 5 control failure that is unlikely is still a Severity 5 control failure. The consequences do not care about the probability estimate that preceded them.

The Stress Test

Your risk register contains 200 AI controls. All are classified as Severity 3 (“Significant”). The board asks how many controls protect against existential risks. You cannot answer, because the severity assessment did not differentiate. You know 200 controls exist. You do not know which ones matter most. When budget cuts require reducing control investment by 30%, you have no rational basis for deciding which controls to deprioritise.

A flat severity distribution is not a governance decision. It is the absence of one.

In the Wild

Severity 5 — Clearview AI, 2020–2024
Existential: When the Right to Operate Is at Stake

Clearview AI scraped billions of facial images from social media platforms and sold facial recognition services to law enforcement. Data protection authorities across the EU, UK, and Australia imposed fines totalling over €60 million and ordered the deletion of all data collected from their jurisdictions. The company was effectively banned from operating in multiple markets. The severity was existential: the control failures (data collection without consent, absence of lawful basis under GDPR) threatened the company’s right to operate in its largest potential markets.

Severity 5 means the control failure does not produce a fine you can absorb. It produces a prohibition you cannot operate under.

Severity 4 — Optus Data Breach, 2022
Critical: Material Regulatory and Financial Harm

Optus, Australia’s second-largest telecommunications company, suffered a data breach exposing personal data of 9.8 million customers. The breach resulted from an unauthenticated API endpoint — a security control that was documented but not implemented. The Australian Communications and Media Authority imposed regulatory sanctions, class-action litigation was filed, and the CEO resigned. The severity was critical (4): material financial and regulatory harm, significant reputational damage, but the company continued to operate.

Severity 4 is survivable but transformative. The organisation continues to exist but under fundamentally different conditions.

Severity 2 — ChatGPT Data Leak, 2023
Contained: A Bug That Exposed Chat Histories

A bug in ChatGPT’s Redis cache allowed some users to see chat history titles belonging to other users. OpenAI identified and patched the bug within hours. The exposure was limited to titles, not full conversations. No financial data was compromised. The Italian data protection authority temporarily banned ChatGPT (escalating the severity), but the technical impact was contained and quickly remediated.

Severity 2 is localised and contained. The key governance question is whether a Severity 2 incident reveals systemic weaknesses that could produce higher-severity failures.

How to Govern It

Severity determines investment. Get it wrong, and you protect the wrong things.

Within the AI Enterprise Control Index, severity classification drives governance intensity:

  • Severity 5 — Existential — Continuous monitoring, redundant controls, board-level visibility, quarterly testing. Evidence must be current within 30 days. Controls at this level protect the organisation’s right to operate.
  • Severity 4 — Critical — Automated monitoring, executive-level visibility, semi-annual testing. Evidence must be current within 90 days. Controls at this level protect against material regulatory or financial harm.
  • Severity 3 — Significant — Regular monitoring, management-level visibility, annual testing. Evidence must be current within 180 days. Controls at this level address measurable but remediable harm.
  • Severity 2 — Contained — Periodic review, team-level visibility. Evidence must be current within 365 days. Controls at this level address localised impact.
  • Severity 1 — Localised — Annual review. Evidence documented at creation. Controls at this level address minor, easily remediated issues.

When It's Relevant

Severity classification is relevant at two moments: when controls are first designed, and when incidents occur. At design time, severity determines the governance investment. At incident time, severity determines the response. A Severity 5 incident triggers the crisis management protocol. A Severity 2 incident triggers the standard remediation workflow. Without pre-classified severity, every incident triggers the same response, which means either over-reacting to minor issues or under-reacting to existential ones.

Severity classification becomes critical when:

  • The organisation must prioritise control investment across a large portfolio
  • Budget constraints require differentiated governance intensity
  • Incident response procedures need pre-defined escalation paths
  • The board needs to understand which controls protect against existential threats
  • Regulators ask how the organisation differentiates control investment by impact

See severity in the framework. Every control in the AI Enterprise Control Index v6.0 carries a severity classification from 1 to 5.

Open Framework →

Related Terms

References

  1. [1] CNIL, ICO, OAIC (2020–2024) Various enforcement decisions against Clearview AI Inc. Commission Nationale de l’Informatique et des Libertés (France), Information Commissioner’s Office (UK), Office of the Australian Information Commissioner.
  2. [2] ACMA (2023) Investigation into the Optus data breach. Australian Communications and Media Authority.
  3. [3] Garante per la protezione dei dati personali (2023) Provvedimento su ChatGPT. Italian Data Protection Authority, 30 March 2023.
  4. [4] ISO 31000:2018. Risk Management — Guidelines. International Organization for Standardization.
  5. [5] NIST (2023) Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, U.S. Department of Commerce.
  6. [6] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union.
  7. [7] Taleb, N.N. (2007) The Black Swan: The Impact of the Highly Improbable. New York: Random House.

AI Enterprise Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens