Overview
Severity: MEDIUM | Affected: EU-based AI Developers | Category: policy
The European Commission has officially adopted the AI Safety & Security Act (ASSA), a landmark piece of legislation that imposes stringent security obligations on developers of 'high-risk' AI systems operating within the EU. A key provision of the act mandates regular, independent third-party security audits for systems used in critical infrastructure, law enforcement, and medical diagnostics. These audits must assess the AI's resilience to adversarial attacks, data poisoning, and privacy violations, with audit reports being submitted to a newly formed EU AI Supervisory Authority. Companies found to be non-compliant face severe penalties, including fines of up to 5% of their global annual turnover. The ASSA is seen as a global precedent for holding AI developers accountable for the security and robustness of their products, though industry groups have raised concerns about the potential impact on innovation and the cost of compliance for smaller enterprises.