Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Explainer

AI in telecom: network management, fraud detection and NIS2

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

Telecom operators use AI for network optimisation and fraud detection. The AI Act mainly affects fraud detection that assesses customers, while NIS2 imposes strict requirements on the cybersecurity and incident reporting of this essential infrastructure.

Short answer: Telecom operators use AI mainly for two things: optimising networks and detecting fraud. Network-management AI is usually low-risk under the AI Act. Fraud detection can be more sensitive when it assesses or blocks customers. The heaviest regime for the sector, however, is NIS2: telecom is essential infrastructure with strict cybersecurity and reporting duties.

AI in network management

AI predicts traffic peaks, steers capacity dynamically and detects faults before customers notice them. These applications steer technology, not people, and touch no fundamental rights. In the AI Act risk pyramid they therefore usually fall under low or minimal risk.

Attention here goes mainly to reliability and security โ€” not so much to the AI Act, but to NIS2.

Fraud detection and the fundamental-rights boundary

AI that detects subscription fraud, SIM swapping or payment fraud assesses customer behaviour. As long as the system generates signals reviewed by a human, it usually stays outside the high-risk category.

It becomes more sensitive if the system independently blocks services or places customers on a list without human intervention. Then safeguards come into play: transparency, human oversight and the ability to challenge a decision. Fully automated decisions with legal effects also engage the GDPR. Watch the boundary with prohibited AI practices, such as untargeted social scoring.

NIS2: the heaviest regime for telecom

NIS2 (Directive (EU) 2022/2555) designates telecom as an essential sector. That brings obligations independent of AI but applicable to AI systems in the network:

  • Risk management: demonstrable security measures across the chain, including AI components and suppliers.
  • Incident reporting: significant incidents must be reported quickly โ€” an initial notification usually within 24 hours.
  • Management accountability: leadership is responsible and can be held personally liable.

An AI system that controls the network is itself a potential attack surface. A manipulated model or a poisoned dataset falls under the risk management NIS2 requires.

What to do

  • Classify per application: network AI is usually low-risk; fraud detection that affects customers warrants extra safeguards.
  • Keep a human in the loop for decisions that block services or flag customers.
  • Integrate AI into your NIS2 risk management: treat models and datasets as security-critical components.
  • Test for manipulation: model poisoning and adversarial attacks are real risks for network AI.
  • Document incident processes: know the reporting deadlines and management accountability under NIS2.

For telecom, cybersecurity is the sharpest edge โ€” the same NIS2 logic recurs in AI in media and journalism, where platforms and infrastructure must also be protected.

Sources

  1. https://eur-lex.europa.eu/eli/dir/2022/2555/oj
    Directive (EU) 2022/2555 (NIS2): cybersecurity and reporting duties for telecom as an essential sector.
  2. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): risk-based framework; fraud detection can affect customers.

Share on LinkedIn

Read next

A

Securing AI in critical infrastructure: where the AI Act, Cyber Resilience Act and NIS2 meet

A single AI system in a port often falls under three frameworks at once: the AI Act (Art. 15) secures the AI system itself, the Cyber Resilience Act the product, and NIS2 obliges the operator as an essential entity. This piece explains how they meet and who is responsible for what.

U

AI in energy: critical infrastructure and NIS2

AI that manages or operates energy supply can be high-risk under the AI Act (Annex III, critical infrastructure). The energy sector also falls under NIS2 for cybersecurity. Two regimes with partly overlapping demands on robustness and oversight.

W

NIS2: the guide to cybersecurity and management duties

NIS2 makes cybersecurity a board-level responsibility for essential and important entities โ€” including transport and logistics. This guide brings together who is in scope, which measures and reporting duties apply, management liability, and supply-chain obligations.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.