Cyber & IT Supervisory Forum - Additional Resources

First page Table of contents Previous page 123 Next page Last page

A multilayer framework for good cybersecurity practices for AI June 2023

Nothing was reported about specific measures for providers of services or products based on AI technologies.

(24) Have you specified/defined measurements and KPIs which the AI stakeholders can use to assess the appropriateness of the controls undertaken? If yes, please elaborate. (M)

One MS reported the regular publishing of criteria catalogues to assess cybersecurity, also for AI, in a cloud environment.

Conclusions Figure 15 illustrates that just one MS referred to criteria catalogues for AI, in the scope of the question about the specification/definition of measurements and KPIs to assess security controls for AI.

Figure 15: Overview of AI-related ‘Infrastructure’ answers

Infrastructure

5

4

3

2

1

0

23 (M)

24 (M)

Regulation One of the AI cybersecurity challenges is that a breach of integrity (e.g. poor data quality or biased input data sets) can lead to automated decision-making systems that wrongly classify individuals and exclude them from certain services or deprive them from their rights. The AI Act aims to minimise the risk of algorithmic discrimination.

(25) How do you monitor the integrity and quality of data sets used for the development of AI systems? Please elaborate.

One MS reported on a registry of AI systems, where information on the measures taken to ensure their safe operation is kept. Furthermore, they mentioned that all public sector organisations that acquire AI systems must perform algorithmic impact assessments and data protection impact assessments before the first use of the systems.

(26) Have national auditors as well as certification and accreditation bodies been established for assessing the security of the AI systems? If yes, please elaborate.

Nothing specific to AI was reported.

(27) How do you evaluate security of the AI systems (e.g. via conformity assessment, certification, standards compliance, risk assessment)? Please elaborate.

Nothing specific to AI was reported.

33

Made with FlippingBook Annual report maker