European Union: Adopted EU Parliament position AI Act including cybersecurity requirement for "high-risk AI systems"

On 14 May 2023, the European Parliament adopted its position on the Act on Harmonised Rules for Artificial Intelligence (AI Act), which includes cybersecurity requirements for so-called "high-risk AI systems" (Art.15). Specifically, high-risk AI systems must be designed in a way that achieves an appropriate level of accuracy, robustness and cybersecurity. High-risk AI systems should further be designed so that they are resilient to third-party attempts to alter their use or performance, for example through manipulation of datasets, inputs designed to trigger mistakes, or model flaws. The version adopted by the Parliament further adds the principles of security by design and default, and emphasises that security measures should guard against malicious manipulation of inputs used in learning during operations, model poisoning, and confidentiality attacks.