aicomply.
aicomply.
Home
Understand OverviewLearning ModulesGlobal RegulationsEU AI Act TextGlossaryFAQ
Assess Overview1. Register2. Classify3. Requirements4. Comply5. Monitor
Implement OverviewPoliciesStandardsControlsProceduresTemplates
Resources
GitHubGet Started
Understand/High-Risk AI Compliance/Chapter 7
Lesson12 minChapter 7 of 14

Accuracy, Robustness, and Cybersecurity

Article 15 technical performance requirements.

PreviousNextBack to Module

Accuracy, Robustness, and Cybersecurity (Article 15)

Learning Objectives

By the end of this chapter, you will be able to:

  • Define accuracy metrics appropriate for different AI system types
  • Design robustness strategies including redundancy and fail-safe mechanisms
  • Identify and mitigate AI-specific cybersecurity threats
  • Implement testing frameworks for ongoing performance validation
  • Document accuracy levels in compliance with disclosure requirements

Article 15 establishes the technical performance requirements that ensure high-risk AI systems operate reliably, safely, and securely throughout their lifecycle. These requirements form the technical foundation of AI Act compliance.

Understanding Article 15 Requirements

Article 15(1) states: "High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, robustness, and cybersecurity, and that they perform consistently in those respects throughout their lifecycle."

This creates a continuous obligation—performance must be maintained throughout the AI system's operational life, not just at the point of market placement.

Accuracy Requirements in Detail

What is "Appropriate Accuracy"?

The AI Act deliberately avoids prescribing specific accuracy thresholds because appropriate levels depend on:

FactorConsideration
Intended PurposeA diagnostic AI requires different accuracy than a recommendation system
Affected PersonsHigher accuracy for systems affecting fundamental rights
Risk SeverityLife-critical applications demand higher performance
State of the ArtComparison with technically achievable standards
Reasonably Foreseeable UseIncluding potential misuse scenarios

Required Accuracy Disclosures (Article 15(3))

Providers must declare in instructions for use:

Disclosure ElementDescriptionExample
Accuracy LevelOverall performance metric"95% precision on test dataset"
Accuracy MetricsSpecific measures usedPrecision, recall, F1, AUC-ROC
Conditions*Operating conditions for stated accuracy"Under standard lighting conditions"
Target Groups*Any performance variations by demographic"Accuracy may vary across age groups"
Known Limitations*Scenarios where accuracy degrades"Reduced accuracy in low-light environments"

*Note: Conditions, Target Groups, and Known Limitations are not explicitly required by Article 15(3), which mandates only accuracy levels and metrics. These additional elements derive from Article 13(3)(b)(ii) (transparency/instructions for use) and are recommended best practice.

Compliance Note

Many AI systems show significant accuracy disparities across demographic groups. Disclosure of known disparities and their implications for affected persons is best practice for Article 15 compliance and may be required under Articles 10 (data governance, bias examination) and 13 (transparency obligations).

Accuracy Metrics by AI System Type

AI ApplicationPrimary MetricsSecondary Metrics
Classification (e.g., hiring screening)Precision, Recall, F1-ScoreFalse Positive Rate, False Negative Rate
Biometric IdentificationTrue Accept Rate, False Accept RateFalse Reject Rate at threshold
Prediction (e.g., credit scoring)AUC-ROC, CalibrationBrier Score, Log Loss
DetectionMean Average PrecisionIntersection over Union
RegressionMean Absolute Error, RMSER-squared, Prediction Intervals

Robustness Requirements (Article 15(4))

The Robustness Mandate

Article 15(4): AI systems must be resilient to errors, faults, or inconsistencies that may occur within the system or its operating environment, particularly due to interaction with natural persons or other systems. Technical redundancy solutions—including backup or fail-safe plans—may be appropriate.

Types of Robustness

Robustness TypeDescriptionImplementation Examples
Input RobustnessHandles unexpected or noisy inputsInput validation, data preprocessing, anomaly detection
Distributional RobustnessPerforms on data differing from training distributionDomain adaptation, robust optimisation
Adversarial RobustnessResists deliberately manipulated inputsAdversarial training, certified defences
Operational RobustnessFunctions despite system changesVersion control, model versioning, A/B testing
Environmental RobustnessAdapts to operational environment changesSensor fusion, environmental monitoring

Designing Fail-Safe Mechanisms

Fail-Safe Hierarchy for High-Risk AI:

  1. Graceful Degradation — Reduced functionality rather than complete failure
  2. Safe State Fallback — Return to known-safe operating state
  3. Human Handover — Transfer control to human operator
  4. Emergency Shutdown — Cease operation entirely
  5. Alert Generation — Notify relevant parties of failure

Fail-Safe Implementation Checklist:

  • Define safe states for all operating modes
  • Implement continuous self-monitoring
  • Create automatic fallback triggers
  • Design manual override capabilities
  • Test fail-safe activation under realistic conditions
  • Document fail-safe procedures in instructions for use

Expert Insight

The best fail-safe systems assume failure is inevitable and design for graceful degradation. Article 15(4) explicitly contemplates "backup or fail-safe plans" as appropriate technical solutions.

Cybersecurity Requirements (Article 15(5))

AI-Specific Attack Vectors

Article 15(5) specifically identifies threats unique to AI systems:

Attack TypeDescriptionMitigation Strategies
Data PoisoningCorrupting training data to embed malicious behaviourData provenance tracking, anomaly detection, clean data validation
Model PoisoningDirectly manipulating model parametersSecure model storage, integrity verification, access controls
Adversarial ExamplesCrafted inputs causing misclassificationAdversarial training, input preprocessing, ensemble defences
Model EvasionInputs designed to bypass detectionRobust feature extraction, multiple detection methods
Confidentiality AttacksExtracting training data or model detailsDifferential privacy, membership inference defences
Model InversionReconstructing sensitive training dataOutput perturbation, query limiting
Model ExtractionStealing model architecture/weightsQuery monitoring, watermarking, rate limiting

Cybersecurity Assessment Framework

Pre-Deployment Security Testing:

Test TypePurposeFrequency
Vulnerability AssessmentIdentify known vulnerabilitiesBefore deployment, after major updates
Penetration TestingSimulate real-world attacksQuarterly or after significant changes
Adversarial TestingTest AI-specific attack resistanceBefore deployment, continuous monitoring
Red Team ExercisesComprehensive attack simulationAnnually for critical systems
Security AuditReview security controls and processesAnnually, or as required

Integration with Cyber Resilience Act

The AI Act's cybersecurity requirements align with the Cyber Resilience Act (CRA). For AI systems with digital elements:

  • CRA establishes baseline cybersecurity requirements for products
  • AI Act adds AI-specific threat coverage
  • Harmonised standards will provide implementation details
  • Conformity with CRA cybersecurity requirements contributes to AI Act compliance

Compliance Note

Article 15(1) requires appropriate levels of accuracy, robustness, and cybersecurity "throughout their lifecycle"—as applied to the cybersecurity requirements of Article 15(5), security is not a one-time assessment but an ongoing obligation.

Performance Testing and Validation

Continuous Performance Monitoring Framework

Monitoring AspectMetrics to TrackAlert Thresholds
Accuracy DriftDeviation from baseline performance>5% degradation triggers review
Data DriftInput distribution changesStatistical significance tests
Concept DriftRelationship changes between inputs and outputsPerformance on holdout sets
Prediction StabilityConsistency across similar inputsVariance monitoring
Response TimeLatency and throughputService level agreement breaches

Testing Protocol

Recommended Testing Cadence:

TestFrequencyDocumentation Required
Performance validationMonthly minimumTest results, datasets used
Robustness testingQuarterlyTest scenarios, failure modes
Security assessmentQuarterlyVulnerability scan results
Full adversarial evaluationSemi-annuallyAttack scenarios, defences tested
Third-party auditAnnuallyAudit report, remediation plan

Documentation Requirements for Article 15

Technical documentation must include:

Document ElementContentReference
Accuracy SpecificationMetrics, levels, validation methodologyAnnex IV, Section 2(g)
Robustness AnalysisFailure modes, mitigations, test resultsAnnex IV, Section 2(h)
Cybersecurity AssessmentThreat analysis, controls, test resultsAnnex IV, Section 2(i)
Validation RecordsTest data, procedures, resultsAnnex IV, Section 3
Performance MonitoringOngoing monitoring methodologyAnnex IV, Section 4

Compliance Checklist: Article 15

Accuracy:

  • Accuracy metrics defined and measured
  • Performance validated on representative data
  • Accuracy levels declared in instructions for use
  • Known limitations documented
  • Demographic performance variations analysed

Robustness:

  • Input validation implemented
  • Fail-safe mechanisms designed
  • Graceful degradation pathways defined
  • Robustness testing completed
  • Redundancy measures where appropriate

Cybersecurity:

  • AI-specific threats identified and assessed
  • Data poisoning defences implemented
  • Adversarial robustness tested
  • Security monitoring in place
  • Incident response procedures defined

What You Learned

Key concepts from this chapter

Accuracy must be appropriate to the intended purpose and declared in instructions for use

Robustness includes technical redundancy, fail-safe mechanisms, and resilience to errors

Cybersecurity requirements address AI-specific attack vectors including data poisoning and adversarial examples

Performance monitoring is a continuous lifecycle obligation, not a one-time assessment

Documentation must demonstrate ongoing compliance with all Article 15 requirements

Chapter Complete

High-Risk AI Compliance

7/14

chapters

Human OversightConformity Assessment