The providers of general-purpose AI models presenting systemic risks should be subject, in addition to the obligations provided for providers of general-purpose AI models, to obligations aimed at identifying and mitigating those risks and ensuring an adequate level of cybersecurity protection, regardless of whether it is provided as a standalone model or embedded in an AI system or a product. To achieve those objectives, this Regulation should require providers to perform the necessary model evaluations, in particular prior to its first placing on the market, including conducting and documenting adversarial testing of models, also, as appropriate, through internal or independent external testing. In addition, providers of general-purpose AI models with systemic risks should continuously assess and mitigate systemic risks, including for example by putting in place risk-management policies, such as accountability and governance processes, implementing post-market monitoring, taking appropriate measures along the entire model’s lifecycle and cooperating with relevant actors along the AI value chain.
AI Act Recital EN
Recital 114
Related across sources
Guidance Guidelines 02/2021 on virtual voice assistants Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 3/2019 on processing of personal data through video devices Guidance Guidelines 01/2021 Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020