Article 15 of Regulation (EU) 2024/1689 — Accuracy, robustness and cybersecurity. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 15 of Regulation (EU) 2024/1689 establishes technical requirements for accuracy, robustness, and cybersecurity that must be met by high-risk AI systems throughout their entire lifecycle. The article is structured around three interlocking obligations.
First, high-risk AI systems must be designed and developed to achieve an appropriate level of accuracy for their intended purpose. Providers are required to declare the relevant accuracy metrics in the accompanying technical documentation, enabling downstream verification and regulatory scrutiny.
Second, systems must demonstrate robustness — the capacity to handle errors, faults, and inconsistencies arising from within the system itself, from its operating environment, or from deliberate adversarial manipulation. The Regulation expressly mentions the need to address the risk of unintended feedback loops, particularly where a high-risk AI system influences its own training data or outputs.
Third, systems must incorporate cybersecurity measures proportionate to the risks they pose. These measures must protect against attempts by third parties to exploit system vulnerabilities that could cause the system to behave in harmful, biased, or otherwise non-compliant ways. The Regulation recognises that cybersecurity resilience is not a static condition but must be maintained as the threat landscape evolves.
Taken together, Article 15 operationalises the broader principle — articulated in Recitals 51 and 52 — that technical trustworthiness is a prerequisite for the deployment of AI in consequential domains.
What This Means in Practice
Article 15 creates concrete engineering and governance obligations for any organisation that places a high-risk AI system on the EU market or puts one into service.
For providers, the immediate implication is that accuracy is not merely a commercial claim but a regulatory commitment that must be documented, measured, and maintained. A medical device manufacturer integrating an AI diagnostic tool must specify whether accuracy is measured as sensitivity, specificity, AUC, or another metric — and that choice must align with the system's intended purpose and risk profile. Vague or aspirational accuracy statements will not satisfy the requirement.
Robustness testing must go beyond standard quality assurance. Providers should conduct stress-testing, out-of-distribution testing, and — where the system is exposed to user-controlled inputs — adversarial red-teaming. Where a system incorporates feedback loops (for example, a hiring algorithm that learns from recruiter decisions), providers must map and mitigate the risk that biased outputs corrupt future training cycles.
Cybersecurity obligations under Article 15 should be read in conjunction with the provider's broader information security posture. High-risk AI systems that process personal data or connect to critical infrastructure face compounded obligations under both this Regulation and the NIS 2 Directive. Practical steps include model access controls, input sanitisation, anomaly detection on inference requests, and vulnerability disclosure procedures.
For deployers, Article 15 compliance depends substantially on preserving the validated operating conditions described by the provider. Deploying a system on data distributions materially different from those used in validation — for instance, applying a credit-scoring model trained on one national market to a different jurisdiction — may undermine the accuracy and robustness properties on which the CE marking was granted.
Key Obligations
- Declare accuracy metrics: Providers must specify the relevant accuracy metrics for the high-risk AI system and include them in the technical documentation required under Article 11 and Annex IV. Metrics must be appropriate to the system's intended purpose.
- Achieve and maintain appropriate accuracy: The system must be designed and developed to achieve the declared accuracy level; accuracy must not be treated as a one-time validation result but must be monitored post-deployment through the post-market monitoring system required under Article 72.
- Ensure robustness against errors and inconsistencies: Technical and organisational measures must be in place so the system can handle errors, faults, and inconsistencies — whether arising from internal failures, environmental variability, or deliberate adversarial inputs — without causing unsafe or non-compliant outputs.
- Guard against adversarial attacks: Where the system is exposed to third-party inputs, providers must implement measures to detect and resist adversarial manipulation, including prompt injection, model inversion, or data poisoning attacks where applicable.
- Address feedback loop risks: Where a system's outputs could influence future training data or model behaviour, providers must identify this risk in the technical documentation and implement safeguards to prevent performance degradation or bias amplification over time.
- Implement proportionate cybersecurity measures: Technical solutions — including access controls, monitoring, and incident response procedures — must be proportionate to the cybersecurity risks posed by the system, taking into account its intended purpose, deployment context, and exposure to external networks or user-controlled inputs.
Relationship to Other Articles
Article 15 cannot be read in isolation. It sits at the heart of the technical requirements for high-risk AI systems and intersects with several other provisions of the Regulation.
Article 9 (risk management system) provides the overarching framework within which accuracy, robustness, and cybersecurity risks must be identified, assessed, and mitigated. The risk management system is the procedural vehicle for meeting many of the substantive requirements Article 15 imposes.
Article 10 (data and data governance) is foundational to accuracy: a system trained on low-quality, unrepresentative, or biased data cannot achieve meaningful accuracy guarantees. Data quality obligations directly enable Article 15 compliance.
Article 11 and Annex IV specify what must appear in technical documentation, including the accuracy metrics required by Article 15(1).
Article 17 (quality management system) requires providers to embed Article 15 compliance into their organisational processes, including design controls, testing protocols, and change management procedures.
Article 72 (post-market monitoring) creates the ongoing obligation to verify that accuracy and robustness levels are maintained after deployment, closing the lifecycle loop that Article 15 opens at the design stage.
For systems that are also medical devices or safety components, Article 15 must be read alongside the applicable Union harmonisation legislation listed in Annex I.
Compliance Timeline
Article 15 follows the phased application schedule established by Article 113 of Regulation (EU) 2024/1689, which entered into force on 1 August 2024.
| Date | Milestone |
|---|---|
| 1 August 2024 | Regulation enters into force. Article 15 is legally enacted but not yet applicable. |
| 2 February 2025 | Prohibited AI practices (Title II, Article 5) become applicable. Article 15 does not yet apply. |
| 2 August 2025 | GPAI model obligations (Title VIII) become applicable. Article 15 remains inapplicable. |
| 2 August 2026 | Article 15 becomes applicable to high-risk AI systems listed in Annex III (e.g. biometric identification, critical infrastructure management, employment tools, education systems, law enforcement applications). |
| 2 August 2027 | Article 15 becomes applicable to high-risk AI systems governed by Union harmonisation legislation in Annex I (e.g. medical devices, machinery, civil aviation components). |
Providers developing or placing high-risk AI systems on the market before the applicable date must nonetheless prepare documentation, testing protocols, and cybersecurity architectures in advance — regulatory readiness assessments and conformity assessments under Articles 43–47 require substantial lead time. Notified body backlogs and the complexity of adversarial testing mean that organisations targeting a 2026 launch should begin Article 15 gap assessments no later than mid-2025.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Article 15 requires that high-risk AI systems are designed and developed to achieve an appropriate level of accuracy, robustness, and cybersecurity throughout their lifecycle. Providers must specify accuracy metrics in the technical documentation and ensure systems remain resilient against errors, faults, inconsistencies, and adversarial attacks.
Article 15 primarily binds providers of high-risk AI systems as defined in Article 6 and Annex III of Regulation (EU) 2024/1689. Deployers have secondary responsibilities, particularly around maintaining the conditions under which the system was validated.
Adversarial attacks refer to deliberate attempts by third parties to manipulate or deceive an AI system by feeding it crafted inputs designed to cause incorrect outputs. Article 15 requires technical robustness measures — such as adversarial training or input validation — to mitigate this risk.
No. Article 15 sits within Title III, Chapter 2, which applies exclusively to high-risk AI systems. General-purpose AI models (GPAIs) are governed by Title VIII of the Regulation, specifically Articles 51–56, which carry distinct obligations.
Article 15 applies to high-risk AI systems falling under Annex III from 2 August 2026, and to high-risk AI systems regulated under Union harmonisation legislation listed in Annex I from 2 August 2027, subject to certain transitional provisions.
Accuracy levels must be determined based on the intended purpose of the system and specified in the technical documentation required under Article 11 and Annex IV. There is no single universal benchmark; providers must select metrics appropriate to the task domain — for example, sensitivity and specificity for medical diagnosis systems, or false positive/negative rates for biometric identification.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.