Cybersecurity

According to the AI Standardization Request from the European Commission to CEN/CENELEC, European standards or standardisation deliverables shall provide suitable organisational and technical solutions to ensure that AI systems are resilient against attempts to alter their use, behaviour, or performance or compromise their security properties, by malicious third parties, exploiting vulnerabilities of AI systems.

Until recently, data protection relied on two pillars: protection of data at rest and in transit. However, data remained unprotected during processing, leaving it vulnerable in shared computing environments, such as cloud computing. More recently, this shortcoming was addressed by Trusted Execution Environments capable of executing arbitrary code. Today, any user can leverage the capabilities of Trusted Execution Environments to protect data in use, closing the end-to-end data protection cycle.

In essence, this is how I would describe the situation. Radio equipment placed on the EU single market must comply with the essential requirements of the Radio Equipment Directive (RED). European Commission (EC) activated Article 3.3 d, e, f essential requirements in a delegated act on 29.10.2021. Some of the essential requirements activated in the RED articles 3(3) (d/e/f) aim at the protection of personal data and privacy, the protection from fraud and ensuring compliance of reconfigurable radio systems. The standards responding to the Article 3.3 do not yet exist.