Overview
Severity: MEDIUM | Affected: U.S. Department of Commerce & European Commission | Category: policy
In a joint press conference, the U.S. Department of Commerce and the European Commission announced the new 'AI Secure Development Framework' (ASDF). This landmark policy mandates rigorous, independent third-party security audits for any 'high-risk' AI system deployed within the US or EU. The framework defines high-risk systems as those used in critical infrastructure, autonomous vehicles, financial trading, and medical diagnostics. The audits will assess resilience against a defined set of threats, including data poisoning, model evasion, and privacy-violating inference attacks. Companies failing to achieve certification will face substantial fines, up to 4% of their global annual revenue. The policy is set to take effect in Q4 2025, giving organizations a short window to adapt their development lifecycles to the new compliance requirements.