Overview
Severity: MEDIUM | Affected: European Union AI Safety Office | Category: policy
The European Union's AI Safety Office has announced the 'AI Resilience and Auditing Framework' (ARAF), a new set of binding regulations for all organizations deploying 'high-risk' AI systems within the EU. Effective immediately, ARAF mandates that these systems undergo rigorous, pre-deployment security audits conducted by accredited third-party evaluators. The framework requires developers to provide evidence of robust defenses against a specific catalog of threats, including advanced prompt injection, data poisoning, and model inversion attacks. Companies must submit detailed audit reports demonstrating the effectiveness of their mitigation strategies before receiving certification to operate. This policy marks a significant shift from voluntary safety guidelines to enforceable compliance, placing a greater operational and financial burden on AI developers and aiming to establish a higher security standard for AI products available to EU citizens. Non-compliance will result in substantial fines, potentially up to 4% of a company's global annual turnover.