Overview
Severity: MEDIUM | Affected: EU AI Developers | Category: policy
The European Parliament has officially passed the AI Safety and Accountability Act (ASAA), a comprehensive piece of legislation aimed at increasing the transparency and security of high-risk AI systems deployed within the EU. Effective immediately for new systems, the act mandates that developers of AI in critical sectors like healthcare, finance, and critical infrastructure must undergo regular third-party security audits. A key provision of the ASAA is the mandatory establishment of a public Vulnerability Disclosure Program (VDP) for these systems, creating a standardized channel for security researchers to report flaws. Non-compliance will result in significant fines, potentially up to 4% of a company's global annual turnover. This policy represents a major shift in AI governance, moving from voluntary guidelines to legally enforceable security standards and holding AI developers to a similar level of accountability as software providers in other regulated industries.