Overview
Severity: MEDIUM | Affected: EU-based Organizations | Category: policy
The European Union's AI Act has officially entered its enforcement phase, with the European AI Board issuing its first binding mandate for operators of 'high-risk' AI systems. Effective March 1, 2025, organizations deploying AI in critical sectors such as healthcare, critical infrastructure, and law enforcement must report any serious security incidents or malfunctions to their national supervisory authority within 72 hours. This includes incidents involving successful adversarial attacks, significant data poisoning events, or unexpected model behavior that leads to harm. The mandate aims to create a centralized repository of AI failures to inform future policy and improve safety standards across the bloc. Non-compliance carries steep penalties, with fines up to 4% of a company's global annual turnover. This policy change places a significant operational burden on companies but is seen as a crucial step toward establishing public trust and accountability for advanced AI systems.