‍

On August 2, 2025, a key part of the EU AI Act comes into force. It has serious implications for how you manage incidents related to artificial intelligence.

‍

While the full regulation will not apply until 2026, new obligations for providers of general-purpose AI (GPAI) models begin this summer. If you are building or deploying AI-powered services in Europe, the clock is ticking.

‍

The good news is that if you already have a structured incident response process, you are more prepared than you think. But staying compliant and avoiding penalties will require some important updates to how incidents are detected, documented, and communicated across your organisation.

‍

In this blog, we’ll break down:

• What exactly is changing in August 2025.
• How organized incident response fits into the EU AI Act timeline.
• What high-risk and general-purpose AI obligations actually mean.
• And how ilert helps teams stay compliant.

What is the EU AI Act, and who does it apply to?

The EU AI Act is the world’s first comprehensive regulatory framework for artificial intelligence. Its main objective is to ensure that AI systems used in the European Union are safe, transparent, and respect fundamental rights.

‍

Adopted in 2024, the Act uses a risk-based approach to classify AI systems into four levels: unacceptable, high, limited, and minimal risk, with specific requirements for each.

The Act applies to a broad range of actors in the AI value chain, including:

• AI system providers (developers or vendors).
• Deployers (organisations using AI systems).
• Importers and distributors of AI technologies.
• Even some downstream users in the EU, regardless of whether the provider is based in the EU or not.

‍

‍

In other words, if your company offers or operates AI-powered services in the EU, especially in areas defined as "high-risk" (like recruitment, healthcare, or finance), you are likely subject to compliance obligations.

‍

To determine this, assess whether your AI system affects safety, rights, or critical services under the AI Act’s risk categories.

‍

The AI Act also affects developers of general-purpose AI models (GPAI) such as LLMs. From August 2025, these providers will need to meet new transparency, documentation, and risk mitigation requirements.

What changes in August 2025

Starting August 2, 2025, new rules under the AI Act take effect for providers of general-purpose AI (GPAI) models, including large language models (LLMs). 

‍

According to the European Commission, GPAI providers must comply with the following requirements:

‍

• Transparency: Ensuring users are explicitly informed when content has been generated by an AI system.
• Data disclosures: Publishing a public summary of training data sources and processing methods.
• Risk mitigation: Assessing and reducing systemic risks from powerful AI models.

What obligations are already in effect?

As of February 2, 2025, the EU AI Act has already brought two key sets of obligations into effect:

1. Banned AI practices (unacceptable risk)

‍

The AI Act prohibits a list of AI systems considered to pose an unacceptable risk to safety, human rights, or democratic values. These include:

‍

• Social scoring by public authorities.
• Real-time biometric identification (e.g., facial recognition in public spaces).
• AI systems that manipulate behaviour or exploit vulnerabilities.
• Emotion recognition in workplaces or educational settings.
• Predictive policing based on profiling or past offences.
• Untargeted scraping of images or videos to build biometric databases.

2. AI literacy obligations

‍

The Act also introduces AI literacy requirements for providers and deployers. This includes:

‍

• Ensuring those who use or oversee AI systems are trained to understand how the system works.
• Recognising biases, risks, and limitations.
• Knowing how to monitor and intervene when needed.

‍

These rules are designed to increase awareness and safe use of AI across industries, even before high-risk systems face stricter rules in 2026.

How does incident management play a central role in EU AI Act compliance?

The EU AI Act compliance centres on five operational duties. We have mapped each duty to its article in the regulation and paired it with a clear next step for incident-response teams.

Automatic event logs (Article 12)

‍

Providers of high-risk AI must keep tamper-proof logs so authorities can reconstruct system behaviour.

‍

Next step: enable machine-generated timelines that capture every alert, escalation, rollback and mitigation action, then export those logs in a regulator-ready format.

Seventy-two-hour notification (Article 73)

‍

Serious incidents or malfunctions must be reported within seventy-two hours of becoming aware of them.

‍

Next step: use playbooks that notify engineering, legal and communications at the same time so reporting can start while the incident is still unfolding.

Live cross-functional visibility (Article 73 §4)

‍

Regulators expect clear roles and responsibilities during an incident.

‍

Next step: give legal, security and leadership real-time access to the incident timeline and provide controlled status page updates so external stakeholders receive verified information without extra meetings.

Automated post-incident evidence (Article 73 §4)

‍

Records must be stored for inspection and include description, impact, corrective measures and affected parties.

‍

Next step: generate a post-incident report automatically from the live timeline, then add impact analysis and follow-up actions so every report contains the same compliance fields.

Continuous risk mitigation for GPAI (Article 55)

‍

Providers of general-purpose AI models must assess and mitigate systemic risks on an ongoing basis.

‍

Next step: integrate monitoring signals such as model-output drift or inference-error spikes so threshold breaches automatically open an incident and trigger the steps above.

‍

Because the AI Act shares principles with GDPR, NIS2 and DORA, timely notifications, transparent documentation and clear accountability, along with capturing all incident data in one workflow, let you satisfy multiple regulations with the same evidence set.

How ilert meets these requirements

Automatic logs – every alert, escalation and response action is stored in a tamper-proof timeline you can export for regulators.

Fast notification – multi-channel alerting and playbooks notify engineering, legal and comms at once, supporting the 72-hour rule.

Cross-team visibility – role-based views and status pages keep security and leadership informed without extra meetings.

Post-incident evidence – one click turns the live timeline into an audit-ready post-mortem with impact, measures and follow-ups.

Closing thoughts

The EU AI Act isn’t just another compliance checkbox. It’s a signal that organisations need to rethink how they manage risk in an AI-powered world. For companies deploying or building high-risk AI systems, strong incident response practices are no longer optional. They’re essential.

‍

Whether you’re preparing for the August 2025 requirements or the full rollout in 2026, the key is to embed compliance into your operational workflows, not bolt it on later. With tools like ilert, much of this is already within reach: fully-automated alerting and escalation, cross-team coordination, real-time documentation, and audit-ready postmortems.

‍

The best part? When incident response is done right, compliance becomes a natural by-product, not a burden.

Quick summary

The EU AI Act introduces strict incident reporting obligations, with some rules already active as of February 2025. By August 2025, providers of general-purpose AI models must meet new requirements around transparency, safety, and copyright.

‍

With Article 73 enforcing a 72-hour reporting window for high-risk incidents, having a structured, automated incident response process in place is the most efficient way to stay compliant. ilert makes this achievable by helping teams document incidents in real time, streamline cross-functional collaboration, and reduce the overhead of regulatory reporting.

‍

‍

‍

Managed Service Providers (MSPs) and IT service providers face growing complexity in monitoring client systems – especially when multiple tools are in play. When every minor issue triggers an alert, operations teams quickly drown in noise.

‍

This article shows how ilert’s intelligent alert grouping cuts through that noise by automatically correlating related alerts from the same alert source – reducing alert volume, ticketing overhead, and response time.

‍

We'll walk through realistic examples using N-able N-central monitoring and Freshservice ticketing, simulate alert scenarios, and explain how to configure and fine-tune ilert AI grouping for better IT incident management. The tools are chosen as examples, and ilert provides seamless connections with many other monitoring and ITSM tools out of the box.

The problem: Alert overload in MSP environments

MSPs’ tools like N-able N-central are essential for proactive monitoring of client systems. But with detailed metrics and aggressive thresholds, they often generate a high volume of alerts – especially during recurring issues or cascading failures.

Scenario 1: System resource issues from N-central

A monitored Ubuntu server from test_customer (UBUNTU-SRV-01) begins showing signs of resource exhaustion. Over a 10-minute span, N-central triggers the following alerts:

‍

• CPU usage exceeds 90%
• Available memory drops below 500MB
• Multiple failed login attempts
• Disk space below threshold on root partition (/)

‍

Meanwhile, a separate server from test_customer2 (UBUNTU-SRV-02) triggers:

‍

• Multiple failed login attempts
• Disk space below threshold on root partition (/)

‍

Each of these events creates separate alerts. Without intelligent alert grouping, ilert would receive six distinct alerts – all treated independently despite clear contextual overlap. This leads to:

‍

• Alert noise that distracts from the core issue
• Increased manual effort to correlate related events
• Longer response times for the support team

‍

‍

In RMM-heavy environments, these inefficiencies add up. What’s needed is a smarter, context-aware way to consolidate related alerts into a single, actionable view.

‍

Scenario 2:  End-user issue escalation

Several users from customer_alpha report problems logging into a shared client portal:

‍

• “Can’t log into the client portal – getting a timeout.”
• “Login takes forever, then I get a 502 error.”
• “Some users can’t access the dashboard at all.”

‍

Each of these creates an alert in ilert via the Freshservice alert source. With alert grouping disabled, they would generate four separate alerts.

‍

The solution: Intelligent alert grouping with ilert AI

To help MSPs manage alert noise and accelerate response, ilert AI introduces intelligent alert grouping – a feature designed to automatically correlate similar alerts from the same alert source into a single, actionable unit.

‍

​​Let’s revisit the previous example: six alerts triggered by N-able N-central related to CPU, memory, disk space, and login failures. With alert grouping enabled in ilert, these alerts can be automatically bundled together based on shared context, such as:

‍

• Same target customer (e.g. test_customer)
• Same target host (e.g., UBUNTU-SRV-01)
• Short time window (e.g., all within 5 minutes)
• Similar keywords or tags (e.g., “memory”, “performance”, “server”)

‍

How does it work?

ilert AI uses vector search to group alerts from the same alert source based on their semantic similarity. Each alert is transformed into a vector embedding, and alerts with similar vectors – meaning similar content – are grouped together automatically.

‍

You can control grouping behavior with two key settings:

‍

• Grouping window – defines the time span in which similar alerts are eligible to be grouped.
• Similarity threshold – sets how closely alerts must match in vector space to be grouped.

‍

More details can be found in the documentation article related to grouping alerts with the help of ilert AI.

‍

Scenario 1: N-able N-central – intelligent alert grouping in action

Let’s continue with the earlier example. UBUNTU-SRV-01, monitored via N-central, triggers six alerts over 5 minutes. With ilert AI grouping enabled, these alerts are automatically consolidated into two grouped alerts:

‍

Scenario 2: Intelligent grouping of Freshservice support tickets

With ilert AI enabled on the Freshservice alert source, semantically similar alerts triggered by support tickets are grouped into a single alert:

‍

Conclusion

For MSPs using tools for remote monitoring or ticketing, ilert's intelligent alert grouping transforms noisy alert streams into focused, high-context alerts. By reducing duplication and speeding up triage, your teams can stay efficient, responsive, and focused on what matters.

‍

As you know, we've introduced a major update in recent months – ilert Responder – the AI Agent that helps you run root cause analysis during incidents and provides recommendations toward faster resolution. That's not all, and there are way more powerful features to share with you. Feel free to reach out to us via chat or at support@ilert.com if you have questions or if you want to propose a feature or improvement. 

New Alert view: Built for real-time collaboration and AI assistance

To better support real-time collaboration and prepare for the next round of AI features, we introduced a revamped alert view. There are various collapsible sections displayed, allowing you to open only those that are important to you at the moment. The platform automatically opens the ones that are likely important to you by default. Apart from the ‘Alert details,’ ‘Deployment events,’ and ‘Incident communications,’ which are long familiar to you, you will notice the ‘Actions’ section with the list of recommendations from the ilert Responder and ‘Logs and data’ relevant to the received alert.

‍

On the right side, you will see that the timeline now shares space with the chat which capabilities are also significantly enhanced. You can use threads to keep communication clean, tag colleagues, and leave emojis. And, most importantly, you can communicate with ilert AI in the same environment by simply mentioning it via @. Moreover, ilert chat mirrors the communication happening in the war room in Microsoft Teams. This new view brings alerts, context, and collaboration into one place, helping teams make faster and informed decisions in the heat of an incident.

Event Flows: Smarter routing for incoming events

With Event Flows, ilert introduces a powerful and flexible way to process incoming events before they are converted into alerts. The feature allows you to build dynamic, rule-based workflows that determine how events are handled, routed, or filtered – all through a simple visual interface.

‍

This makes Event Flows perfect for organizations that deal with a large volume of alerts or operate across multiple teams. Instead of manually managing routing rules across alert sources, you can centralize your logic in one reusable flow. Whether you want to send database-related events to your DB ops team, ignore low-severity alerts outside of business hours, or escalate critical alerts directly to on-call responders, Event Flows give you the tools to do just that.

‍

At the core of every Event Flow is the Incoming Event block. You can connect it to one or multiple integrations or custom event sources using ilert's Event API. Once connected, you gain full control over how these events should behave. For example, you can add conditional branches that inspect event content, such as custom fields, labels, or summaries, and direct them down different paths depending on the logic you define.

‍

You can also integrate Support hours checks into your workflows, ensuring that notifications respect team availability. If no conditions match, a default "else" path ensures that the event still continues downstream without being lost.

‍

Built with teams in mind, Event Flows can be assigned to one or more teams in ilert, making them easily reusable and manageable across larger organizations. 

‍

If you have suggestions for other nodes, don't hesitate to contact our support team or submit your idea in the ilert Roadmap.

Smarter insights with Reports 2.0

Check out the refreshed experience for all Reports, including Notifications and On-call reports. With a sleek design and enhanced filtering options, you can now quickly break down notifications and on-call activities by user, team, or custom time periods – helping you detect patterns and gain clarity.

‍

The updated On-call reports show detailed logs of shifts, including time spent on each alert. Here, you also have more filtering options to fine-tune reports to various needs and audiences. This update enables better compensation tracking and fairness across teams. With Reports 2.0, ilert gives you deeper visibility into alert fatigue, delivery success, and overall incident response performance.

Overlay public holidays directly in your on-call schedules

Creating one-time schedule overrides just got easier. With the new holiday calendar overlay, ilert now displays relevant national holidays directly within the on-call schedule detail view. This removes the need to check external calendars and reduces setup errors. Simply spot holiday conflicts at a glance and create overrides with fewer clicks, improving coverage and reducing time spent managing schedules. You will probably also notice an overall elevated view of on-call schedules, as we overhauled its design.

‘Undo’ and ‘Regenerate’ options in AI-assisted incident communication

Managing incidents with AI just got more flexible. The latest ilert update enhances the AI-assisted incident comms workflow by giving users more control over the generated content. Now, when you press ‘Generate,’ ilert creates the incident summary and message based on your input and automatically displays a preview. Once generation completes, the Generate button transforms into a menu with two new actions:

‍

• Undo: Reverts back to your previously entered summary and message.
• Regenerate: Creates a new version of the incident text based on your latest changes.

‍

This allows for fast iteration without losing your original input, saving time and reducing errors in high-pressure moments. Additionally, the notification preview box at the bottom of the screen now clearly shows which status pages the incident will be posted on and how many subscribers will be notified. This ensures full visibility before you click ‘Create new incident’.

A few more improvements

Bulk-link alerts to incidents from the alert list. Managing multiple alerts just became more efficient. The alert list page now supports bulk actions, allowing you to select multiple alerts and link them to a single incident in one go. This speeds up incident management, especially during larger outages or correlated alert storms, reducing manual work and ensuring better alert-to-incident traceability.

‍

ilert now supports labels. Labels are key-value pairs that add structured context to alerts and events. Labels make it easier to filter, route, and analyze incidents based on relevant information. They’re fully integrated with ICL and ITL, allowing dynamic routing, filtering, and automation based on runtime context. While we started with the event API and alerts, we are looking forward to bringing new filter options to all entities across the board. 

Even better heartbeats. To prevent misconfigurations, ilert now prompts you if you try to save a heartbeat without selecting an alert source, ensuring you don’t accidentally create silent monitors. Additionally, you can customize the message for heartbeat pings. You’ll also now see your current heartbeat monitor usage directly in the ‘Usage & limits’ section (top right corner of the screen, under a cog icon), giving you better visibility and control.

‍

Haven't yet tried ilert Heartbeat 2.0? Test it out together with the fully revamped Email alert source.

‍

Alert actions are displayed in the ilert Event Explorer. The Event Explorer is a real-time view into alert activity, showing detailed logs for every event sent to ilert. With the latest update, alert actions are now fully visible within the Event Explorer.

‍

Markdown support for maintenance windows. You can now use Markdown in maintenance window descriptions. Whether editing in the management UI or displaying on status pages, your formatting – like bullet points, links, or code snippets – is now fully supported, helping you communicate planned downtime more clearly and professionally.

‍

Auto-accept alerts for connected calls in Call flows. ilert’s Create Alert node in call routing now supports auto-accepting alerts on successful call connections. When the “Accept alert on answer” option is enabled, the first responder who picks up the call automatically accepts the alert, speeding up ownership assignment and eliminating manual steps. This feature improves clarity and reduces lag during voice-based incident acknowledgement. It also allows copying a legacy call routing behaviour when migrating to call flows.

Integrations

‍

Connectwise. Automatically turn ConnectWise service tickets into ilert alerts. Keep your operations team in sync with real-time updates and streamline incident workflows between ITSM and on-call responders.

‍

Alibaba CloudMonitor. Forward alerts from Alibaba Cloud CloudMonitor directly into ilert. Ensure critical metrics and events from your cloud infrastructure trigger the right on-call actions without delay. 

‍

Teamcity. Receive build and deployment failure alerts from JetBrains TeamCity in ilert. Stay on top of CI/CD issues and route incidents to the right developers instantly.

‍

LibreNMS. Send network monitoring alerts from LibreNMS to ilert. Enhance your incident response by bringing SNMP and performance data into your centralized alerting and on-call system.