|
(78)
|
The conformity assessment procedure provided by this Regulation should apply
in relation to the essential cybersecurity requirements of a product with digital elements
covered by a regulation of the European Parliament and of the Council on horizontal
cybersecurity requirements for products with digital elements and classified as a high-risk
AI system under this Regulation. However, this rule should not result in reducing the necessary
level of assurance for critical products with digital elements covered by a regulation of
the European Parliament and of the Council on horizontal cybersecurity requirements for products
with digital elements. Therefore, by way of derogation from this rule, high-risk AI systems that
fall within the scope of this Regulation and are also qualified as important and critical
products with digital elements pursuant to a regulation of the European Parliament and of
the Council on horizontal cybersecurity requirements for products with digital elements and to
which the conformity assessment procedure based on internal control set out in an annex to this
Regulation applies, are subject to the conformity assessment provisions of a regulation of
the European Parliament and of the Council on horizontal cybersecurity requirements for products
with digital elements insofar as the essential cybersecurity requirements of that regulation are
concerned. In this case, for all the other aspects covered by this Regulation the respective
provisions on conformity assessment based on internal control set out in an annex to this
Regulation should apply. Building on the knowledge and expertise of ENISA on the cybersecurity
policy and tasks assigned to ENISA under the Regulation (EU) 2019/881 of the European Parliament
and of the Council (37),
the Commission should cooperate with ENISA on issues related to cybersecurity of AI systems.
|