Overview
Severity: MEDIUM | Affected: CISA and ENISA | Category: policy
In a landmark move, the United States' Cybersecurity and Infrastructure Security Agency (CISA) and the European Union Agency for Cybersecurity (ENISA) have jointly announced a new policy framework for securing AI systems deployed in critical infrastructure. The 'AI Safety & Interoperability Framework' (ASIF) establishes baseline security controls and testing requirements for any AI or ML system used in sectors like energy, finance, and healthcare. Key provisions include mandatory red-teaming exercises, standardized model cards detailing data provenance and limitations, and a shared threat intelligence repository for AI-specific attacks. The framework is designed to be voluntary initially but is expected to become a de facto requirement for government contracts and regulated industries by 2026. The policy aims to harmonize transatlantic approaches to AI safety and prevent a fractured regulatory landscape.