Accuracy, Robustness, Cybersecurity – Art. 15
Requirement
High-risk AI systems must exhibit an appropriate level of accuracy, robustness and cybersecurity.
Accuracy
- Accuracy levels must be declared in the instructions for use
- Define and measure appropriate metrics for the respective intended purpose
- Accuracy levels must be appropriate for the intended purpose
Robustness
- Resilience against errors, faults and inconsistencies in the operating environment
- Technical redundancy (backup systems, fail-safe mechanisms)
- Robustness against adversarial attacks (Adversarial ML)
Cybersecurity
- Protection against unauthorised access and manipulation
- Address Model Poisoning, Data Poisoning and Adversarial Examples
- Measures to protect confidentiality, integrity and availability
CRA Synergies
The cybersecurity requirements of Art. 15 overlap considerably with the CRA requirements (Annex I Part II). The existing CRA security architecture and vulnerability management already cover the majority of these requirements. In addition, AI-specific threats (Adversarial ML, Prompt Injection, Model Extraction) must be addressed.
NIS2 Synergies
The organizational risk management framework under NIS2 (§30 BSIG) provides the foundation for AI system cybersecurity. Incident response, access control and cryptography requirements are described in the NIS2 Compliance Documentation.
BAUER GROUP Implementation
| Art. 15 Requirement | CRA Coverage | AI Act Supplement |
|---|---|---|
| Cybersecurity | ✅ CRA Art. 10–14 | + Adversarial ML, Prompt Injection |
| Accuracy | ❌ Not in CRA | Model metrics in CI/CD + documentation |
| Robustness | Partial (CRA Annex I) | + ML-specific stress tests |