AI Security Wire

Published

- 4 min read

EU AI Act: First Enforcement Actions and Security Implications

EU AI Act regulation compliance enforcement high-risk AI conformity assessment
img of EU AI Act: First Enforcement Actions and Security Implications

The European AI Office has issued its first formal enforcement notices under the EU AI Act, marking the transition from a compliance preparation period to active regulatory oversight. The notices target organisations operating AI systems assessed as using prohibited practices or deploying high-risk systems without completing conformity assessments. For security teams, the enforcement activity clarifies several previously ambiguous areas of the regulation.

What the EU AI Act Requires (Security-Relevant Summary)

The Act establishes a risk-based classification with obligations that scale with risk:

Prohibited practices (banned outright):

  • Real-time biometric identification in public spaces (with narrow exceptions)
  • Social scoring systems
  • Subliminal manipulation techniques
  • Exploitative targeting of vulnerable groups

High-risk AI systems (conformity assessment required):

  • Critical infrastructure management
  • Employment and worker management systems
  • Access to essential services
  • Law enforcement and border control applications
  • Administration of justice

General-purpose AI (GPAI) models:

  • All GPAI models above 10²³ FLOPs training compute must comply with transparency and copyright obligations
  • Models with “systemic risk” (above 10²⁵ FLOPs) face additional adversarial robustness testing requirements

First Enforcement Actions

Case 1: Biometric Categorisation in Retail

A European retail chain operating an AI system that inferred customer demographic categories from CCTV footage to personalise in-store promotions received a prohibition notice. The system was assessed as performing “biometric categorisation” — a prohibited practice under Article 5. The organisation was required to cease operation within 30 days.

The case establishes that demographic inference from physical characteristics, even when used for commercial rather than law enforcement purposes, falls within the biometric categorisation prohibition.

Case 2: Recruitment AI Without Conformity Assessment

A staffing agency operating an AI-assisted CV screening tool received notice that the system constituted a high-risk AI application under Annex III (employment decisions) and required a conformity assessment that had not been completed. The agency was required to suspend the system pending assessment.

This case is significant for any organisation using AI in hiring, performance assessment, or workforce management — all of which are classified as high-risk regardless of the scale of deployment.

Case 3: GPAI Provider Transparency Notice

A European provider of a general-purpose AI API received a formal request for documentation demonstrating compliance with Article 53 transparency requirements, including training data provenance documentation and copyright compliance procedures. This is the first formal transparency disclosure request under the GPAI provisions.

Implications for Security Teams

Adversarial Robustness as a Compliance Requirement

For organisations operating AI systems with “systemic risk” designation (large foundation model providers), Article 55 requires adversarial robustness testing. The AI Office has issued guidance indicating this includes:

  • Red team exercises before deployment
  • Ongoing monitoring for adversarial exploitation in production
  • Incident reporting within 72 hours of detected adversarial attacks

This creates a direct regulatory mandate for AI red teaming and security monitoring that parallels existing GDPR breach notification requirements.

Technical Documentation Requirements

High-risk AI systems must maintain technical documentation (Article 11) covering:

  • System architecture and training methodology
  • Training, validation, and test datasets including characteristics and preprocessing
  • Cybersecurity measures implemented
  • Logging and monitoring capabilities
  • Post-market monitoring procedures

Security teams should ensure this documentation is current and accurately reflects the deployed system — discrepancies between documentation and actual implementation have been flagged in early supervisory reviews.

AI Incident Reporting

The Act establishes incident reporting obligations for providers and deployers of high-risk AI systems. Serious incidents — defined as incidents causing or likely to cause death, serious harm, or significant disruption to critical infrastructure — must be reported to national supervisory authorities.

Organisations without existing AI incident response procedures should establish them, as the reporting timelines are short (72 hours for serious incidents).

Alignment with Existing Frameworks

The AI Office has published a crosswalk between the EU AI Act and the NIST AI RMF 2.0. Organisations already implementing the NIST framework have a structural advantage: the GOVERN, MAP, MEASURE, and MANAGE functions map broadly to the Act’s conformity assessment and post-market monitoring requirements.

Full enforcement of all provisions is phased through 2027, but the first enforcement actions confirm that the AI Office is actively pursuing non-compliance even during the transition period.