|
(77)
|
Without prejudice to the requirements related to robustness and accuracy set
out in this Regulation, high-risk AI systems which fall within the scope of a regulation of
the European Parliament and of the Council on horizontal cybersecurity requirements for products
with digital elements, in accordance with that regulation may demonstrate compliance with the
cybersecurity requirements of this Regulation by fulfilling the essential cybersecurity
requirements set out in that regulation. When high-risk AI systems fulfil the essential
requirements of a regulation of the European Parliament and of the Council on horizontal
cybersecurity requirements for products with digital elements, they should be deemed compliant
with the cybersecurity requirements set out in this Regulation in so far as the achievement of
those requirements is demonstrated in the EU declaration of conformity or parts thereof issued
under that regulation. To that end, the assessment of the cybersecurity risks, associated to
a product with digital elements classified as high-risk AI system according to this
Regulation, carried out under a regulation of the European Parliament and of the Council on
horizontal cybersecurity requirements for products with digital elements, should consider risks
to the cyber resilience of an AI system as regards attempts by unauthorised third parties to
alter its use, behaviour or performance, including AI specific vulnerabilities such as data
poisoning or adversarial attacks, as well as, as relevant, risks to fundamental rights as
required by this Regulation.
|