Overview
Severity: MEDIUM | Affected: EU AI Office | Category: policy
The European Union's AI Office, now fully operational under the AI Act, has issued its first major enforcement directive, mandating compulsory third-party audits and continuous red teaming for all systems designated as 'high-risk'. Effective immediately, developers and deployers of AI in critical sectors like healthcare, finance, and critical infrastructure must contract with accredited independent auditors to validate their systems' safety, fairness, and transparency claims before they can be placed on the market. Furthermore, these organizations must establish and maintain an ongoing internal red teaming program to proactively identify and mitigate vulnerabilities. Non-compliance will result in substantial fines, up to 6% of global annual turnover. This policy shift formalizes a proactive security posture, moving beyond self-assessment and establishing a new, rigorous standard for AI safety and accountability within the EU market.