GIFCT members work collaboratively to prevent terrorists and violent extremists from exploiting digital platforms.
The Incident Response Framework (IRF) is one of the most important ways GIFCT facilitates this effort. The IRF is a mechanism of streamlining member communication to respond to terrorist and violent extremist events in which perpetrators use digital platforms as part of their violence.
A Collective Origin
The Incident Response Framework was established by GIFCT members in response to the live-streamed attacks in Christchurch, New Zealand in March 2019. GIFCT acts as a communication hub for members to share situational awareness regarding ongoing offline incidents that might result in the online spread of perpetrator produced violent content.
Activation Types
GIFCT’s Incident Response Framework is composed of three non-hierarchical activation types which seek to counter a variety of methods by which perpetrator of terrorist or violent extremist events may seek to exploit digital platforms to spread content which graphically depicts or explicitly glorifies their violence.
An Evolving Framework
To ensure continued efficacy, the Incident Response Framework has been periodically updated through a deliberative multistakeholder process. Initially, the Incident Response Framework included one activation type, the Content Incident Protocol (CIP) which was modeled on GIFCT’s response to the March 2019 Christchurch attacks. Over time, the framework grew to include the Content Incident (CI), and Incident (I) activations. In 2025, after reviewing multistakeholder feedback, GIFCT once again refined its Incident Response Framework to better counter the evolving threat landscape. The refinement involved the retiring the previous activation types, and the creation of the current Incident Response Framework.
Learn more about GIFCT’s Incident Response Framework and activities.
GIFCT’s Incident Response Activity