Overview
Severity: MEDIUM | Affected: EU AI Office | Category: policy
The European Union's AI Office has enacted a new binding regulation under the AI Act, significantly strengthening security requirements for developers of 'high-risk' AI systems. Effective immediately, companies deploying AI in critical sectors like healthcare, transportation, and finance must conduct regular, independent third-party adversarial testing (red teaming) prior to market release and on an ongoing basis. Furthermore, the regulation establishes a mandatory Coordinated Vulnerability Disclosure (CVD) framework. This requires organizations to create a public channel for security researchers to report flaws and sets strict timelines for acknowledging and remediating vulnerabilities. Non-compliance can result in fines of up to 4% of a company's global annual turnover. This policy is a landmark move to standardize AI security practices and hold developers accountable.