EU AI Act Article 15 — Accuracy, Robustness, Cybersecurity
Article 15 is the EU AI Act's "the model has to actually work" article. It binds high-risk AI providers to declare accuracy metrics, defend against environmental drift, and resist adversarial attacks. Where Articles 9/10 are about process, Article 15 is about delivered performance.
What Article 15 requires
- 15(1) — High-risk AI systems shall be designed + developed to achieve an appropriate level of accuracy, robustness, and cybersecurity, and to perform consistently throughout their lifecycle.
- 15(2) — Levels of accuracy + relevant accuracy metrics shall be declared in the instructions for use accompanying the system.
- 15(3) — High-risk AI systems shall be as resilient as possible regarding errors, faults, or inconsistencies that may occur within the system or the environment in which the system operates, in particular due to interaction with natural persons or other systems.
- 15(4) — Robustness may be achieved through technical redundancy solutions (backup or fail-safe plans).
- 15(5) — Cybersecurity: high-risk AI systems shall be resilient against attempts by unauthorised third parties to alter their use, outputs, or performance by exploiting vulnerabilities. Technical solutions appropriate to relevant circumstances + risks. Includes measures against feedback loops (degenerate model behaviour), data poisoning, model poisoning, model evasion, confidentiality attacks, model flaws.
How MEOK covers Article 15
- meok-mcp-injection-scan-mcp — covers Article 15(5) cybersecurity by scanning MCP servers for known prompt-injection + tool-poisoning vectors.
- meok-governance-engine-mcp — ties accuracy + robustness + cybersecurity to ISO/IEC 42001 Annex A.5 + NIST AI RMF MEASURE 2.5/2.7/2.8.
- /audit-prep-bundle (£4,950) — Article 15 cybersecurity + accuracy declaration in 14-day signed engagement.
Frequently asked
What does Article 15 actually require?
Article 15 requires high-risk AI systems to be designed and developed to achieve an appropriate level of accuracy, robustness, and cybersecurity, and to perform consistently in those respects throughout their lifecycle. Three pillars: (1) accuracy metrics declared in instructions for use, (2) robustness against errors/faults/inconsistencies that may occur within the system or environment, (3) cybersecurity protecting against unauthorized third parties altering use, outputs, or performance.
What's the cybersecurity component about?
Article 15(5) specifically addresses 'attempts by unauthorised third parties to alter their use, outputs or performance' — this includes prompt injection, model poisoning, adversarial inputs, model exfiltration, and supply-chain attacks. The technical solutions must be appropriate to the relevant circumstances and the risks. ENISA + the EU AI Office are jointly publishing technical guidance throughout 2026.
How does this relate to NIS2 and the Cyber Resilience Act?
Article 15 is AI-system-specific cybersecurity; NIS2 is operator-of-essential-services cybersecurity; CRA is product-with-digital-elements cybersecurity. They overlap heavily for AI systems used in critical infrastructure (energy, transport, health, finance) — most providers will satisfy all three with one evidence pack.
What metrics count as 'accuracy'?
Depends on the AI system class. For classifiers: precision, recall, F1, AUC, calibration. For regression: RMSE, MAE, R². For LLMs: factuality, citation accuracy, hallucination rate. The provider declares relevant metrics in the Article 13 instructions for use; auditors check the metrics match real-world performance within tolerance.
How does MEOK help?
meok-mcp-injection-scan-mcp covers a critical Article 15(5) cybersecurity vector (prompt injection, tool-poisoning). meok-governance-engine-mcp ties accuracy + robustness + cybersecurity to ISO 42001 Annex A controls. /audit-prep-bundle wraps everything in a 14-day signed evidence pack.
Source: EU AI Act Regulation 2024/1689 Art. 15 · MEOK AI Labs · CSOAI LTD · UK Companies House 16939677