It is appropriate that, without prejudice to the use of harmonised standards and common specifications, providers of a high-risk AI system that has been trained and tested on data reflecting the specific geographical, behavioural, contextual or functional setting within which the AI system is intended to be used, should be presumed to comply with the relevant measure provided for under the requirement on data governance set out in this Regulation. Without prejudice to the requirements related to robustness and accuracy set out in this Regulation, in accordance with Article 54(3) of Regulation (EU) 2019/881, high-risk AI systems that have been certified or for which a statement of conformity has been issued under a cybersecurity scheme pursuant to that Regulation and the references of which have been published in theOfficial Journal of the European Unionshould be presumed to comply with the cybersecurity requirement of this Regulation in so far as the cybersecurity certificate or statement of conformity or parts thereof cover the cybersecurity requirement of this Regulation. This remains without prejudice to the voluntary nature of that cybersecurity scheme.
AI Act Recital EN
Recital 122
Related across sources
Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement News A call to EU legislators: protect rights and reject the call to delete transparency safeguard in AI Act Guidance Guidelines 04/2021 on Codes of Conduct as tools for transfers Guidance Guidelines 02/2022 on the application of Article 60 GDPR Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 News The AI Act isn’t enough: closing the dangerous loopholes that enable rights violations