Article 15 imposes three intertwined requirements. Accuracy: the system must achieve appropriate levels of accuracy and the levels (and metrics) must be declared in the instructions for use. Robustness: the system must be resilient to errors, faults, inconsistencies, and feedback loops, with technical redundancy where appropriate. Cybersecurity: the system must be resilient against attempts by unauthorised third parties to alter use, outputs, or performance — including data poisoning, model poisoning, adversarial examples, and confidentiality attacks.
What you must do
- → Define and publish accuracy metrics and the conditions under which they hold.
- → Implement technical redundancy or fail-safe mechanisms proportionate to risk.
- → Specifically address ML-attack vectors: poisoning, evasion, model inversion, membership inference.
The authoritative text of Article 15 is published by the Publications Office of the European Union on EUR-Lex. We link directly to it rather than mirror it, so you always read the current consolidated version straight from the source.
Read Article 15 on EUR-LexSource: Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). The only authentic version is the one published in the Official Journal of the European Union.