European Commission report on the cybersecurity requirement for the EU AI Act

The European Commission has released a report which aims to help those who need to address the cybersecurity requirement under the EU AI Act (the AI Act) in relation to high-risk AI systems.

It sets out 4 guiding principles:

  1. The AI act applies to AI systems which contain some components which are AI and others which are not. The security requirement applies to the system as a whole.
  2. Compliance with the security requirement will necessitate a security risk assessment “considering the internal architecture of the AI system and the intended application context” to identify and mitigate risks.
  3. “Securing AI systems involves an integrated, continuous approach”. A combination of existing security measures and AI specific controls will be needed on account of the fact the systems are made up of different components.
  4. There are limits to the state of the art for securing AI systems and not all AI applications may be appropriate for use in AI systems which are used in high-risk scenarios. It may be possible to meet the cybersecurity requirement with the holistic approach detailed above, but it may not.

The full report can be found here.


Don't just take our word for it