The Content Incident Protocol (CIP) is the highest level of our Incident Response Framework and is activated when the perpetrators or accomplices of a terrorist or violent extremist attack record video or livestream the attack and the content is shared on a GIFCT member platform. When the CIP is activated, GIFCT members can contribute hashes of the content to the GIFCT hash-sharing database in order to support all members in identifying the content on their platforms and taking action in line with their respective policies and terms of service. The CIP is concluded when GIFCT and its members determine the spread of the content has effectively been stemmed. During an activated CIP, GIFCT communicates with its members, affected governments, and the public. The first CIP was activated on October 9, 2019 following the shooting in Halle, Germany when the attacker filmed his attack and the livestream was circulated on GIFCT member platforms. Learn more about this work here.
