diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go
index e7da5da2ca81..ec58345eb3c6 100644
--- a/selfservice/flow/login/error.go
+++ b/selfservice/flow/login/error.go
@@ -6,6 +6,8 @@ package login
 import (
 	"net/http"
 
+	"github.com/gofrs/uuid"
+
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/selfservice/sessiontokenexchange"
@@ -88,12 +90,12 @@ func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f
 		Info("Encountered self-service login error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), "", "", false))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), uuid.Nil, "", "", false, err))
 		s.forward(w, r, nil, err)
 		return
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), string(f.Type), string(f.RequestedAAL), f.Refresh))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginFailed(r.Context(), f.ID, string(f.Type), string(f.RequestedAAL), f.Refresh, err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(w, r, f, err); inner != nil {
 		s.WriteFlowError(w, r, f, group, inner)
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index 5d4cb270eb41..5978cb5a3b33 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -221,6 +221,7 @@ func (e *HookExecutor) PostLoginHook(
 		span.AddEvent(events.NewLoginSucceeded(ctx, &events.LoginSucceededOpts{
 			SessionID:    s.ID,
 			IdentityID:   i.ID,
+			FlowID:       f.ID,
 			FlowType:     string(f.Type),
 			RequestedAAL: string(f.RequestedAAL),
 			IsRefresh:    f.Refresh,
@@ -262,6 +263,7 @@ func (e *HookExecutor) PostLoginHook(
 
 	span.AddEvent(events.NewLoginSucceeded(ctx, &events.LoginSucceededOpts{
 		SessionID:  s.ID,
+		FlowID:     f.ID,
 		IdentityID: i.ID, FlowType: string(f.Type), RequestedAAL: string(f.RequestedAAL), IsRefresh: f.Refresh, Method: f.Active.String(),
 		SSOProvider: provider,
 	}))
diff --git a/selfservice/flow/recovery/error.go b/selfservice/flow/recovery/error.go
index 837bc6e0e4b3..f46f637254e7 100644
--- a/selfservice/flow/recovery/error.go
+++ b/selfservice/flow/recovery/error.go
@@ -7,6 +7,8 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/gofrs/uuid"
+
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/x/events"
@@ -73,12 +75,12 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service recovery error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), uuid.Nil, "", "", recoveryErr))
 		s.forward(w, r, nil, recoveryErr)
 		return
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoveryFailed(r.Context(), f.ID, string(f.Type), f.Active.String(), recoveryErr))
 
 	if expiredError := new(flow.ExpiredError); errors.As(recoveryErr, &expiredError) {
 		strategy, err := s.d.RecoveryStrategies(r.Context()).Strategy(f.Active.String())
diff --git a/selfservice/flow/recovery/hook.go b/selfservice/flow/recovery/hook.go
index 212eb061b7f4..163bc247c8f7 100644
--- a/selfservice/flow/recovery/hook.go
+++ b/selfservice/flow/recovery/hook.go
@@ -105,7 +105,7 @@ func (e *HookExecutor) PostRecoveryHook(w http.ResponseWriter, r *http.Request,
 			Debug("ExecutePostRecoveryHook completed successfully.")
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoverySucceeded(r.Context(), s.Identity.ID, string(a.Type), a.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewRecoverySucceeded(r.Context(), a.ID, s.Identity.ID, string(a.Type), a.Active.String()))
 
 	logger.Debug("Post recovery execution hooks completed successfully.")
 
diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go
index 41a15f08b2b1..0bf8b0f6abdc 100644
--- a/selfservice/flow/registration/error.go
+++ b/selfservice/flow/registration/error.go
@@ -6,6 +6,8 @@ package registration
 import (
 	"net/http"
 
+	"github.com/gofrs/uuid"
+
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/identity"
@@ -93,11 +95,11 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service flow error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), uuid.Nil, "", "", err))
 		s.forward(w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewRegistrationFailed(r.Context(), f.ID, string(f.Type), f.Active.String(), err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(w, r, f, err); inner != nil {
 		s.forward(w, r, f, err)
diff --git a/selfservice/flow/registration/hook.go b/selfservice/flow/registration/hook.go
index 33379368c265..ab7400b60936 100644
--- a/selfservice/flow/registration/hook.go
+++ b/selfservice/flow/registration/hook.go
@@ -213,7 +213,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 		WithField("identity_id", i.ID).
 		Info("A new identity has registered using self-service registration.")
 
-	span.AddEvent(events.NewRegistrationSucceeded(ctx, i.ID, string(registrationFlow.Type), registrationFlow.Active.String(), provider))
+	span.AddEvent(events.NewRegistrationSucceeded(ctx, registrationFlow.ID, i.ID, string(registrationFlow.Type), registrationFlow.Active.String(), provider))
 
 	s := session.NewInactiveSession()
 
diff --git a/selfservice/flow/settings/error.go b/selfservice/flow/settings/error.go
index 52294a464092..d8b97bf65c18 100644
--- a/selfservice/flow/settings/error.go
+++ b/selfservice/flow/settings/error.go
@@ -8,6 +8,8 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/gofrs/uuid"
+
 	"github.com/ory/x/otelx"
 
 	"go.opentelemetry.io/otel/trace"
@@ -180,11 +182,11 @@ func (s *ErrorHandler) WriteFlowError(
 	}
 
 	if f == nil {
-		trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, "", ""))
+		trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, uuid.Nil, "", "", err))
 		s.forward(ctx, w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, string(f.Type), f.Active.String()))
+	trace.SpanFromContext(ctx).AddEvent(events.NewSettingsFailed(ctx, f.ID, string(f.Type), f.Active.String(), err))
 
 	if expired, inner := s.PrepareReplacementForExpiredFlow(ctx, w, r, f, id, err); inner != nil {
 		s.forward(ctx, w, r, f, err)
diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go
index 2170760f20de..645957b07e30 100644
--- a/selfservice/flow/settings/hook.go
+++ b/selfservice/flow/settings/hook.go
@@ -285,7 +285,7 @@ func (e *HookExecutor) PostSettingsHook(ctx context.Context, w http.ResponseWrit
 		Debug("Completed all PostSettingsPrePersistHooks and PostSettingsPostPersistHooks.")
 
 	trace.SpanFromContext(ctx).AddEvent(events.NewSettingsSucceeded(
-		ctx, i.ID, string(ctxUpdate.Flow.Type), settingsType))
+		ctx, ctxUpdate.Flow.ID, i.ID, string(ctxUpdate.Flow.Type), settingsType))
 
 	if ctxUpdate.Flow.Type == flow.TypeAPI {
 		updatedFlow, err := e.d.SettingsFlowPersister().GetSettingsFlow(ctx, ctxUpdate.Flow.ID)
diff --git a/selfservice/flow/verification/error.go b/selfservice/flow/verification/error.go
index 0fcffe84869e..5ed7e308e90c 100644
--- a/selfservice/flow/verification/error.go
+++ b/selfservice/flow/verification/error.go
@@ -7,6 +7,8 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/gofrs/uuid"
+
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/ory/kratos/x/events"
@@ -69,11 +71,11 @@ func (s *ErrorHandler) WriteFlowError(
 		Info("Encountered self-service verification error.")
 
 	if f == nil {
-		trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), "", ""))
+		trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), uuid.Nil, "", "", err))
 		s.forward(w, r, nil, err)
 		return
 	}
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), string(f.Type), f.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationFailed(r.Context(), f.ID, string(f.Type), f.Active.String(), err))
 
 	if e := new(flow.ExpiredError); errors.As(err, &e) {
 		strategy, err := s.d.VerificationStrategies(r.Context()).Strategy(f.Active.String())
diff --git a/selfservice/flow/verification/hook.go b/selfservice/flow/verification/hook.go
index c556acd51f16..f22c41b6d20c 100644
--- a/selfservice/flow/verification/hook.go
+++ b/selfservice/flow/verification/hook.go
@@ -112,7 +112,7 @@ func (e *HookExecutor) PostVerificationHook(w http.ResponseWriter, r *http.Reque
 			Debug("ExecutePostVerificationHook completed successfully.")
 	}
 
-	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationSucceeded(r.Context(), i.ID, string(a.Type), a.Active.String()))
+	trace.SpanFromContext(r.Context()).AddEvent(events.NewVerificationSucceeded(r.Context(), a.ID, i.ID, string(a.Type), a.Active.String()))
 
 	e.d.Logger().
 		WithRequest(r).
diff --git a/selfservice/hook/session_issuer.go b/selfservice/hook/session_issuer.go
index 4150fdeffdec..7e6664220696 100644
--- a/selfservice/hook/session_issuer.go
+++ b/selfservice/hook/session_issuer.go
@@ -75,6 +75,7 @@ func (e *SessionIssuer) executePostRegistrationPostPersistHook(w http.ResponseWr
 		trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginSucceeded(r.Context(), &events.LoginSucceededOpts{
 			SessionID:  s.ID,
 			IdentityID: s.Identity.ID,
+			FlowID:     a.ID,
 			FlowType:   string(a.Type),
 			Method:     a.Active.String(),
 		}))
@@ -90,6 +91,7 @@ func (e *SessionIssuer) executePostRegistrationPostPersistHook(w http.ResponseWr
 	trace.SpanFromContext(r.Context()).AddEvent(events.NewLoginSucceeded(r.Context(), &events.LoginSucceededOpts{
 		SessionID:  s.ID,
 		IdentityID: s.Identity.ID,
+		FlowID:     a.ID,
 		FlowType:   string(a.Type),
 		Method:     a.Active.String(),
 	}))
diff --git a/x/events/events.go b/x/events/events.go
index 862a35a39e98..178aa7de0f67 100644
--- a/x/events/events.go
+++ b/x/events/events.go
@@ -5,6 +5,7 @@ package events
 
 import (
 	"context"
+	"errors"
 	"net/url"
 	"time"
 
@@ -12,6 +13,8 @@ import (
 	otelattr "go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
 
+	"github.com/ory/herodot"
+	"github.com/ory/kratos/schema"
 	"github.com/ory/x/otelx/semconv"
 )
 
@@ -56,6 +59,8 @@ const (
 	attributeKeyWebhookResponseStatusCode       semconv.AttributeKey = "WebhookResponseStatusCode"
 	attributeKeyWebhookAttemptNumber            semconv.AttributeKey = "WebhookAttemptNumber"
 	attributeKeyWebhookRequestID                semconv.AttributeKey = "WebhookRequestID"
+	attributeKeyReason                          semconv.AttributeKey = "Reason"
+	attributeKeyFlowID                          semconv.AttributeKey = "FlowID"
 )
 
 func attrSessionID(val uuid.UUID) otelattr.KeyValue {
@@ -118,6 +123,14 @@ func attrWebhookRequestID(id uuid.UUID) otelattr.KeyValue {
 	return otelattr.String(attributeKeyWebhookRequestID.String(), id.String())
 }
 
+func attrReason(err error) otelattr.KeyValue {
+	return otelattr.String(attributeKeyReason.String(), reasonForError(err))
+}
+
+func attrFlowID(id uuid.UUID) otelattr.KeyValue {
+	return otelattr.String(attributeKeyFlowID.String(), id.String())
+}
+
 func NewSessionIssued(ctx context.Context, aal string, sessionID, identityID uuid.UUID) (string, trace.EventOption) {
 	return SessionIssued.String(),
 		trace.WithAttributes(
@@ -155,7 +168,7 @@ func NewSessionLifespanExtended(ctx context.Context, sessionID, identityID uuid.
 }
 
 type LoginSucceededOpts struct {
-	SessionID, IdentityID                       uuid.UUID
+	SessionID, IdentityID, FlowID               uuid.UUID
 	FlowType, RequestedAAL, Method, SSOProvider string
 	IsRefresh                                   bool
 }
@@ -172,11 +185,12 @@ func NewLoginSucceeded(ctx context.Context, o *LoginSucceededOpts) (string, trac
 				attLoginRequestedPrivilegedSession(o.IsRefresh),
 				attrSelfServiceMethodUsed(o.Method),
 				attrSelfServiceSSOProviderUsed(o.SSOProvider),
+				attrFlowID(o.FlowID),
 			)...,
 		)
 }
 
-func NewRegistrationSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method, provider string) (string, trace.EventOption) {
+func NewRegistrationSucceeded(ctx context.Context, flowID, identityID uuid.UUID, flowType, method, provider string) (string, trace.EventOption) {
 	return RegistrationSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
@@ -184,72 +198,84 @@ func NewRegistrationSucceeded(ctx context.Context, identityID uuid.UUID, flowTyp
 			semconv.AttrIdentityID(identityID),
 			attrSelfServiceMethodUsed(method),
 			attrSelfServiceSSOProviderUsed(provider),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewRecoverySucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewRecoverySucceeded(ctx context.Context, flowID, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return RecoverySucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			semconv.AttrIdentityID(identityID),
 			attrSelfServiceMethodUsed(method),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewSettingsSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewSettingsSucceeded(ctx context.Context, flowID, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return SettingsSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			semconv.AttrIdentityID(identityID),
 			attrSelfServiceMethodUsed(method),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewVerificationSucceeded(ctx context.Context, identityID uuid.UUID, flowType string, method string) (string, trace.EventOption) {
+func NewVerificationSucceeded(ctx context.Context, flowID, identityID uuid.UUID, flowType, method string) (string, trace.EventOption) {
 	return VerificationSucceeded.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceMethodUsed(method),
 			attrSelfServiceFlowType(flowType),
 			semconv.AttrIdentityID(identityID),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewRegistrationFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewRegistrationFailed(ctx context.Context, flowID uuid.UUID, flowType, method string, err error) (string, trace.EventOption) {
 	return RegistrationFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewRecoveryFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewRecoveryFailed(ctx context.Context, flowID uuid.UUID, flowType, method string, err error) (string, trace.EventOption) {
 	return RecoveryFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewSettingsFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewSettingsFailed(ctx context.Context, flowID uuid.UUID, flowType, method string, err error) (string, trace.EventOption) {
 	return SettingsFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
+			attrFlowID(flowID),
 		)...)
 }
 
-func NewVerificationFailed(ctx context.Context, flowType string, method string) (string, trace.EventOption) {
+func NewVerificationFailed(ctx context.Context, flowID uuid.UUID, flowType, method string, err error) (string, trace.EventOption) {
 	return VerificationFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attrSelfServiceMethodUsed(method),
+			attrReason(err),
+			attrFlowID(flowID),
 		)...)
 }
 
@@ -283,13 +309,15 @@ func NewIdentityUpdated(ctx context.Context, identityID uuid.UUID) (string, trac
 		)
 }
 
-func NewLoginFailed(ctx context.Context, flowType string, requestedAAL string, isRefresh bool) (string, trace.EventOption) {
+func NewLoginFailed(ctx context.Context, flowID uuid.UUID, flowType, requestedAAL string, isRefresh bool, err error) (string, trace.EventOption) {
 	return LoginFailed.String(),
 		trace.WithAttributes(append(
 			semconv.AttributesFromContext(ctx),
 			attrSelfServiceFlowType(flowType),
 			attLoginRequestedAAL(requestedAAL),
 			attLoginRequestedPrivilegedSession(isRefresh),
+			attrReason(err),
+			attrFlowID(flowID),
 		)...)
 }
 
@@ -356,3 +384,13 @@ func NewWebhookFailed(ctx context.Context, err error) (string, trace.EventOption
 			)...,
 		)
 }
+
+func reasonForError(err error) string {
+	if ve := new(schema.ValidationError); errors.As(err, &ve) {
+		return ve.Message
+	}
+	if r := *new(herodot.ReasonCarrier); errors.As(err, &r) {
+		return r.Reason()
+	}
+	return err.Error()
+}