Cybersecurity AI tools and EU AI Act compliance
What the EU AI Act says about cybersecurity AI
The EU AI Act does not treat all AI-powered cybersecurity tools the same way. Most threat detection, anomaly detection, and fraud prevention products sit outside the Annex III high-risk categories, but that does not mean they are entirely out of scope. The Act creates a layered compliance picture that depends on what the tool does, how it is deployed, and whether it uses a general-purpose AI model underneath.
The most important carve-in for cybersecurity vendors is Annex III, point 2, which lists AI systems used in the management and operation of critical infrastructure as high-risk. This covers electricity grids, water supply networks, gas distribution, heating systems, and similar essential services. If your AI product is embedded in the operational technology stack of a critical infrastructure operator, it is almost certainly a high-risk AI system under Article 6 of the Act, regardless of whether it is labelled a cybersecurity tool.
By contrast, AI used purely for enterprise IT security, threat intelligence, endpoint detection, or application-layer fraud prevention does not fall neatly into any Annex III category as the regulation stands today. Vendors in those segments are not automatically subject to the high-risk obligations, but they must still consider three other angles: general-purpose AI obligations, transparency duties under Article 50, and their customers' own compliance needs.
Who this applies to
Critical infrastructure cybersecurity vendors face the heaviest obligations. If your tool is sold to operators of power grids, water treatment facilities, transport networks, or financial market infrastructure, and your AI component monitors, detects anomalies in, or responds to threats within those systems, you are selling a high-risk AI system. You must meet all of Title III Chapter 2's requirements before placing the product on the EU market.
Vendors using large language models or other general-purpose AI models (GPAI) face a separate layer of obligations. Many modern cybersecurity products, especially those offering natural-language threat summaries, automated incident reports, or AI-powered penetration testing guidance, are built on or integrate GPAI models. If the underlying model is classified as a GPAI model under Article 3(63) of the Act, the model provider faces obligations under Title IV, and the downstream deployer needs to understand what systemic-risk obligations flow to them.
Any cybersecurity AI that interacts with humans must comply with Article 50 transparency requirements. This is broader than it sounds and catches a significant portion of the market.
Procurement teams at EU companies buying cybersecurity AI also need to understand this landscape. The Act places obligations on deployers as well as providers, so buying a non-compliant tool creates downstream risk for the organisation.
What the obligations require concretely
For high-risk systems (critical infrastructure): Before EU market placement or putting into service, vendors must conduct a conformity assessment, establish a quality management system, compile detailed technical documentation, register the system in the EU database, and ensure ongoing post-market monitoring. High-risk AI systems must be designed to allow human oversight, must be sufficiently accurate, robust, and cybersecure (yes, the Act requires the AI to be secure against adversarial attacks), and must log events automatically for auditability.
For GPAI model providers and integrators: Providers of GPAI models must publish a summary of training data, comply with EU copyright law, and provide technical documentation to downstream deployers. Providers of GPAI models with systemic risk, defined as those trained with more than 10^25 FLOPs, face additional obligations including adversarial testing and incident reporting to the European AI Office. Cybersecurity vendors integrating these models need a paper trail showing they understood and managed these upstream obligations.
For Article 50 transparency (human-interacting AI): Any AI system that interacts directly with natural persons must disclose that interaction in a clear and timely manner before the interaction begins. For cybersecurity tools, this catches AI-powered chat interfaces in security operations centres, AI assistants in incident response workflows, and any tool that presents AI-generated analysis directly to an end user as if it were human-produced output. Deepfake detection tools fall under a separate Article 50 obligation requiring labelling of AI-generated synthetic content.
For all cybersecurity AI regardless of tier: Even if your product falls outside high-risk and GPAI categories, documenting your risk assessment process is strongly advisable. The Act creates an expectation across the market that responsible providers can demonstrate they assessed scope, concluded their product was lower risk, and can explain why. Customers, especially larger enterprises with their own compliance programmes, will increasingly ask for this documentation before signing contracts.
Key deadlines
- February 2 2025 (already in force): Article 5 prohibited AI practices are banned. Includes social scoring systems and certain biometric categorisation uses. Cybersecurity tools using biometric data for access control should have reviewed these provisions already.
- August 2 2026: GPAI model obligations take full effect. Fines for non-compliant GPAI providers and deployers become enforceable, up to EUR 15 million or 3% of global annual turnover, whichever is higher. Cybersecurity vendors using LLMs or other GPAI models need to be compliant by this date.
- August 2 2026: Article 50 transparency obligations become enforceable. Any cybersecurity AI interacting with humans must be disclosing that interaction by this date.
- December 2 2027: Annex III high-risk AI obligations become fully enforceable. Critical infrastructure cybersecurity vendors have until this date for full conformity, but conformity assessments and technical documentation take significant time to prepare, so work should begin now.
What to do now
Step 1: Classify your product correctly. Does it touch critical infrastructure operations? If yes, treat it as high-risk and begin preparing your conformity assessment. If not, document why it falls outside Annex III.
Step 2: Audit your AI model stack. If you use any LLM or large generative model, identify the provider and check whether that model is classified as a GPAI model. Review what documentation the provider offers under their Title IV obligations. If they cannot provide it, this is a procurement risk you need to manage before August 2026.
Step 3: Check Article 50 exposure. Does any part of your product interact with a human user directly, whether through chat, automated reporting, or AI-generated recommendations presented in real time? If so, build in disclosure mechanisms before August 2 2026.
Step 4: Build your documentation baseline. Even for lower-risk tools, document the intended purpose, the foreseeable uses and misuses, and the basis on which you concluded the system does not fall within high-risk categories. This protects you with customers and, if the regulatory perimeter expands, gives you a starting point.
Step 5: Monitor the delegated acts. The European Commission is issuing delegated acts that can expand Annex III. Cybersecurity AI is an area where scope may broaden, particularly as the NIS2 Directive and the EU AI Act increasingly intersect. Staying current on regulatory developments is not optional for vendors in this space.
Use the free ActComply risk screener to check your obligations: https://www.getactcomply.com/check