Accuracy, robustness and cybersecurity: Article 15 of the AI Act

Short answer: Article 15 of the AI Act requires providers to design and develop high-risk AI systems so that they achieve an appropriate level of accuracy, robustness and cybersecurity — and perform consistently in those respects throughout their lifetime. The system must withstand errors, faults, unexpected situations and malicious attacks that try to manipulate its operation.

Accuracy: measured and disclosed

The system must achieve an appropriate level of accuracy, and that accuracy (with the relevant metrics) must be stated in the instructions for use. "Appropriate" is context-dependent: a diagnostic decision-support system carries different thresholds than a spam filter. The provider must be able to justify the metrics used and measure performance — not estimate it.

Robustness: resilient to faults and feedback loops

Robustness means the system stays reliable in the face of errors, faults and unexpected input. That can be technical (redundancy, fail-safes) or environmental (back-up plans). Article 15 calls for particular attention to systems that keep learning after deployment: feedback loops must be set up so that biased output does not return as new input and gradually derail the system. Robustness ties to record-keeping — without a trail you cannot see drift.

Cybersecurity: AI-specific attacks too

High-risk AI must be resilient to attempts by unauthorised parties to alter its behaviour or exploit vulnerabilities. Alongside classic security, Article 15 explicitly names AI-specific threats:

• data poisoning — manipulating training data to corrupt the model;
• model poisoning — sabotaging pre-trained components;
• adversarial examples / model evasion — input crafted to mislead the model;
• confidentiality attacks — attempts to extract the model or its data.

Measures must fit the circumstances and risks, and connect to a broader AI governance framework.

What to do

• Define accuracy metrics up front and measure performance on representative data; state them in the instructions for use.
• Test for robustness with edge cases, faults and stress scenarios, not just the happy path.
• Control feedback loops so the system does not slowly derail on its own output.
• Run AI-specific threat analyses (poisoning, adversarial, evasion) on top of standard security.
• Monitor performance after deployment and feed back into risk management and record-keeping.
• Follow the timeline of obligations for when the requirement becomes binding.

These three properties together form one requirement in the overview of high-risk obligations and are checked in the conformity assessment and CE marking. Accurate on the test set is not the same as robust in practice.