The CRA (Cyber Resilience Act) sets cybersecurity requirements for digital products, which are also crucial for high-risk AI systems.
Summary
On 1 August 2024, the AI Regulation (KI-VO) came into force, aiming to build trust in AI and mitigate associated risks to health, safety, and fundamental rights. A key focus is on high-risk AI systems used in critical infrastructures, law enforcement, or credit assessments, which can only be marketed in the EU if they meet specific cybersecurity requirements.
Additionally, the Cyber Resilience Act, effective from 10 December 2024, regulates products with digital elements, going beyond sector-specific EU cybersecurity regulations to encompass all companies. It aims to reduce cybersecurity risks in connected software and hardware products throughout their lifecycle.
The AI Regulation outlines compliance and transparency requirements for providers of high-risk AI systems, while the Cyber Resilience Act imposes cybersecurity demands and transparency obligations on manufacturers, importers, and vendors of digital products.
Key Points
- The AI Regulation comes into effect on 1 August 2024, targeting high-risk AI systems.
- The Cyber Resilience Act, beginning on 10 December 2024, imposes comprehensive security requirements across digital products.
- High-risk AI systems could also qualify as digital products under the Cyber Resilience Act.
- Compliance with both the AI Regulation and the Cyber Resilience Act is essential for market access.
- The AI Regulation’s cybersecurity requirements must be met by high-risk AI providers to pass conformity assessments.
- Companies should consider these regulations in their product development and strategy now for smooth compliance by 2026 and 2027 deadlines.
Why should I read this?
This article highlights important upcoming regulations concerning AI and cybersecurity that could affect many products and systems you may use or develop. With the potential for hefty fines and market access issues, it’s wise to get informed now to stay ahead of the game and ensure compliance in your future endeavours.