Module E4 of 5 · Track 3E: Security Operations for AI

From framework requirements to evidence artifacts.

Compliance in Practice

NIST AI RMF, ISO 42001, and the EU AI Act each require different things from different organisations. This module maps each framework's requirements to the specific evidence artifacts that Mirror Security products generate, so you can answer an auditor's questions with logs, scan results, and technical documentation rather than policy documents alone.

44 min read
Track 3E
Intermediate
Compliance

Module Progress

1 2 3 4 5

Section 01

Three frameworks at a glance

Three frameworks dominate AI compliance for enterprise deployments in regulated sectors. They have different origins, different audiences, and different enforcement mechanisms. Most organisations in regulated industries need to satisfy all three simultaneously, which requires a clear mapping from framework requirements to actual technical controls and their evidence artifacts.

The practical challenge: these frameworks are written for different readers. NIST AI RMF is written for American government agencies and large enterprises building risk management programs. ISO 42001 is written for organisations seeking certification of their AI management systems. The EU AI Act is written for legislators and legal teams. None of them say "here is the specific log format you need to produce." This module does that translation.

NIST AI RMF
NIST · USA · Voluntary
Risk management framework for AI systems
Four core functions: GOVERN, MAP, MEASURE, MANAGE
Voluntary in the US but referenced by federal contracts
Aligned with ISO 42001 at the process level
Audience: US federal, financial services, healthcare
ISO 42001:2023
ISO/IEC · International · Certifiable
AI management system standard (AIMS)
Structured like ISO 27001: clauses 4 through 10
Certifiable by accredited third-party auditors
Covers governance, risk, operations, and improvement
Audience: any organisation developing or deploying AI
EU AI Act
European Union · EU/EEA · Mandatory
Regulation with fines up to 35M EUR or 7% global revenue
Risk-based: unacceptable, high-risk, limited, minimal
Applies to EU market (providers and deployers)
High-risk AI: conformity assessment before deployment
Audience: any organisation providing/using AI in the EU

The EU AI Act applies to you even if you are not based in the EU. The Act applies to providers placing AI systems on the EU market, and to deployers using AI systems that affect EU residents. A US-based healthcare AI company serving EU patients is in scope for the EU AI Act's high-risk AI obligations, just as they are in scope for GDPR.

Section 02

NIST AI RMF

The NIST AI Risk Management Framework (AI RMF 1.0, released January 2023) provides a structured approach to managing AI risk throughout the AI lifecycle. It is not a checklist. It is a process framework that organisations customise to their context, scale, and risk tolerance. The four core functions are meant to be applied iteratively and concurrently, not sequentially.

G
GOVERN
Organisational context for AI risk management
GV-1 Policies and processes for AI risk management established
GV-2 AI risk accountability roles and responsibilities defined
GV-3 Organisational risk tolerance for AI articulated
GV-4 Organisational teams work together on AI risk
GV-6 Policies for AI legal, compliance, and privacy aligned
Mirror: AgentID audit log for accountability; DiscoveR policy for risk tolerance
M
MAP
AI risk identification and context setting
MP-1 Context and purpose of AI system documented
MP-2 Identified AI risk categorised by likelihood and impact
MP-3 AI system risk impacts catalogued and reviewed
MP-5 Organisational risk tolerances applied to AI
Mirror: DiscoveR risk surface scan; Mirror Risk Assessment report
M
MEASURE
AI risk quantification and evaluation
MS-2 AI risk metrics and measurement approaches defined
MS-2.5 AI risk metrics collected and reviewed periodically
MS-2.6 Evaluations of robustness, safety, and security conducted
MS-2.7 AI system performance tracked against design objectives
MS-3 Identified AI risks prioritised for response
Mirror: DiscoveR per-category pass rates; AgentIQ inference metrics
M
MANAGE
AI risk treatment and residual risk tracking
MG-1 Risks with mitigation plans based on impact and likelihood
MG-2 Strategies to maximise AI benefits and minimise harms
MG-3 Responses to AI risks documented and monitored
MG-4 Residual risks updated and documented periodically
Mirror: E3 incident playbooks; DiscoveR remediation correlation_id

NIST AI RMF and NIST CSF are related but distinct. The Cybersecurity Framework (CSF) covers general information security for all systems. The AI RMF extends it specifically to AI risks: bias, opacity, model drift, and AI-specific attack vectors. If you already have NIST CSF compliance, AI RMF addresses the gaps that the CSF does not cover for AI workloads.

Section 03

NIST RMF: Mirror mapping

The most common gap in NIST AI RMF compliance for AI deployments is the MEASURE function. Organisations have GOVERN documentation in place and MAP has been completed during the system design phase. But MEASURE requires ongoing quantitative evidence of AI risk metrics, and most organisations do not have a mechanism to collect those metrics continuously. The same gap shows up in every audit.

DiscoveR directly addresses the MEASURE function: it provides continuously collected, structured, per-category risk metrics for AI model security. AgentIQ provides the runtime safety metrics. Together they fill the MEASURE function gap that policy documents alone cannot satisfy.

Section 04

ISO 42001

ISO 42001:2023 is the first international standard for AI management systems. It defines what an organisation must demonstrate to show that it systematically manages the risks and impacts of its AI systems. Unlike the NIST AI RMF (which is a voluntary framework), ISO 42001 certification is awarded by accredited third-party audit bodies and carries external credibility with customers and regulators.

The standard uses the same high-level structure as ISO 27001 (information security) and ISO 9001 (quality management), which means organisations with existing ISO management system certifications can integrate ISO 42001 into their existing system with relatively low overhead. Many of the required controls translate directly to processes that a security team already runs.

Clauses 4-6
Organisational context and leadership
Understand internal and external factors affecting AI risk. Define scope of the AI management system. Leadership must demonstrate commitment and establish AI policy. Assign roles and responsibilities for AI risk.
AgentID Delegation policy registry maps accountability
Clause 6.1
Risk and opportunity management
Identify AI risks and opportunities. Assess likelihood and impact. Determine treatment options. Plan risk treatment actions. Must be documented and reviewed.
DiscoveR Risk surface scan and treatment tracking
Clause 8.4
Operational AI system risk assessment
Document and implement risk assessment for each AI system in scope. Assess data quality, model robustness, security, and privacy. Update as system or context changes.
VectaX DiscoveR Technical controls + scan evidence
Clause 8.5
Transparency and accountability
Communicate to affected parties how AI systems make decisions. Maintain records of AI system decisions. Ensure accountability for AI outcomes is traceable to human decision-makers.
AgentIQ AgentID Output logs + delegation audit
Clause 9.1
Monitoring, measurement, analysis and evaluation
Define what to monitor and measure for AI systems. Determine when monitoring occurs. Analyse and evaluate results. Keep documented evidence of monitoring.
AgentIQ DiscoveR Scheduled metrics + scheduled scans
Clause 10
Continual improvement
React to nonconformities. Take corrective action. Continually improve the suitability, adequacy, and effectiveness of the AI management system. Document improvements.
DiscoveR Correlation_id improvement tracking

Section 05

ISO 42001: Mirror mapping

ISO 42001 certification requires documented evidence. An auditor will ask not just "do you have a process?" but "show me the records." The most common certification gaps are in clauses 8.4 (operational risk assessment with documented technical controls) and 9.1 (monitoring with documented measurement results). Both are directly addressed by DiscoveR scan results and AgentIQ event logs.

RMF subcategory What is required Mirror evidence source
GV-1.1
GOVERN		 Policies and processes for AI risk management established and communicated AgentID token policy registry documents risk governance decisions per agent workflow
GV-6.1
GOVERN		 Organisational teams account for legal and privacy requirements for AI VectaX compliance artifact generation: PCI-DSS, NIST, SOC 2 audit-ready reports
MP-2.3
MAP		 AI system risk impacts catalogued and documented DiscoveR initial risk surface scan maps attack categories to impact severity
MS-2.5
MEASURE		 AI risk metrics collected and reviewed at regular intervals DiscoveR scheduled scans produce timestamped per-category pass rates as the periodic risk metric collection
MS-2.6
MEASURE		 Evaluations of trustworthiness of AI system conducted including robustness and security DiscoveR adversarial scan results including jailbreak, injection, and data extraction categories serve as the security robustness evaluation
MS-2.7
MEASURE		 AI system performance tracked over the deployment lifecycle AgentIQ refusal rate, hallucination score, and injection detection rate over time; DiscoveR baseline delta tracking
MG-3.1
MANAGE		 Responses to AI risks are documented and monitored DiscoveR correlation_id scan chain documents each remediation step; E3 incident playbooks are the response documentation
MG-4.1
MANAGE		 Residual risks after controls are periodically reviewed and documented DiscoveR post-fix scan results show residual pass rates per category; AgentIQ ongoing monitoring provides residual risk signal

Section 06

EU AI Act: risk tiers

The EU AI Act (Regulation 2024/1689) establishes a risk-based regulatory framework. The obligations that apply to an AI system depend entirely on which risk tier it falls into. The first step of EU AI Act compliance is classifying your AI system correctly. Misclassification in either direction is a compliance failure.

The Act came into force on 1 August 2024. Prohibited AI practices became enforceable in February 2025. High-risk AI obligations apply from August 2026 for new systems. Fines for prohibited practices: up to 35 million EUR or 7% of global annual turnover, whichever is higher.

Unacceptable risk
Prohibited
AI practices that are banned outright under the Act. No exemptions for research or commercial purposes. Violation is the most severe category with the highest fines.
Social scoring by public authorities Real-time biometric ID in public spaces (with narrow exceptions) Exploitation of psychological vulnerabilities Predictive policing targeting individuals Emotion recognition in workplaces and schools
High risk
Full obligations
AI systems listed in Annex III: eight categories where AI failures can cause significant harm. Must meet all obligations in Chapter III before deployment. Conformity assessment required for the most critical categories.
Critical infrastructure (energy, water, transport) Education and vocational training Employment and HR (CV screening, performance monitoring) Essential private services (credit scoring, insurance) Law enforcement AI Migration and border control Administration of justice Medical devices (Class IIa/IIb/III AI)
Limited risk
Transparency only
AI systems where the primary obligation is transparency to users. Must disclose that the user is interacting with an AI, not a human. Chatbots and AI-generated content fall primarily into this category.
Chatbots and conversational AI Deepfake content (must label) Emotion recognition systems (limited contexts) AI-generated text used to influence public opinion
Minimal risk
Voluntary codes
All other AI systems. No mandatory obligations under the Act. Providers may voluntarily adhere to codes of conduct. The vast majority of commercial AI applications fall here.
AI in video games Product recommendation systems Spam filters Search engines Most enterprise productivity AI

Section 07

High-risk obligations

High-risk AI systems must satisfy seven categories of obligation before deployment. Each category has corresponding Articles in the regulation. The practical challenge for security teams is that several of these obligations require technical artifacts that do not come standard with any LLM deployment: automated logging, robustness testing documentation, and technical human oversight mechanisms all require intentional implementation.

Section 08

General-purpose AI models

The EU AI Act introduces a separate compliance category for general-purpose AI models (GPAI): foundation models trained on large amounts of data at high compute cost that can perform a wide range of tasks. GPT-4, Claude, Gemini, and Llama are examples. The Act creates tiered obligations depending on whether a GPAI model presents systemic risk.

All GPAI models must maintain technical documentation, comply with copyright law for training data, publish a summary of training data used, and implement a policy to comply with the Act. These apply from August 2025.

GPAI models with systemic risk (those trained on compute exceeding 10^25 FLOPs, or designated by the European Commission) face additional obligations: conduct adversarial testing and red-teaming, report serious incidents to the AI Office, ensure cybersecurity protections, and report energy consumption. These are the obligations that directly map to DiscoveR's red-teaming capabilities.

If you deploy a GPAI model, you may carry provider obligations. Deployers who significantly modify a GPAI model (through fine-tuning that changes its safety properties) become providers for the purposes of the Act and inherit provider obligations. If your organisation fine-tunes a foundation model and deploys it externally, a DiscoveR scan before and after fine-tuning is required evidence of cybersecurity due diligence.

Section 09

GDPR and AI

GDPR was not written for AI, but several of its Articles have direct AI applications that enforcement actions have clarified since 2018. Three Articles are most relevant for AI deployments handling personal data of EU residents.

Art. 22
Automated individual decision-making
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significant effects. When such processing occurs, organisations must provide meaningful information about the logic involved, and the data subject must have the right to request human review.
Applies when: AI makes decisions about individuals (credit, employment, insurance, medical diagnosis) with significant effects
AgentIQ chain-of-thought classification supports the "meaningful information about logic" requirement
Art. 25
Data protection by design and by default
Controllers must implement technical and organisational measures to integrate data protection into the design of processing activities. By default, only the minimum personal data necessary for the specific purpose should be processed. This applies to the design of AI systems, not just their operation.
Applies when: designing an AI system that will process personal data of EU residents
VectaX FHE-encrypted inference is the "technical measure" that implements DPbD at the computation layer
Art. 35
Data Protection Impact Assessment (DPIA)
A DPIA is mandatory when processing is likely to result in high risk to rights and freedoms of data subjects. AI systems trigger this when they: use automated decision-making with legal effects, perform large-scale systematic monitoring, or process special categories of data. The DPIA must describe the processing, assess necessity, assess risks, and document the measures taken to address those risks.
Mandatory when: AI processes health, biometric, or financial data; AI makes significant automated decisions; AI performs systematic behavioural profiling
VectaX encrypted inference as the technical measure addressing the inference-gap risk item in the DPIA

The GDPR and EU AI Act interact. A high-risk AI system under the EU AI Act that processes personal data of EU residents will need both an EU AI Act conformity assessment and a GDPR DPIA. The DPIA's risk items related to data exposure during inference are directly addressed by VectaX encrypted inference. VectaX's compliance artifact generation can feed directly into both the DPIA documentation and the EU AI Act technical documentation.

📋 Mirror Blog · Securing the Future of Enterprise AI: MongoDB and Mirror Security VectaX

Section 10

Evidence per product

Each Mirror Security product generates specific artifacts that serve as compliance evidence across frameworks. The table below shows what each product produces and which framework requirements those artifacts address.

Mirror Security · VectaX
Encrypted inference and retrieval
📜
Compliance artifact generation: PCI-DSS, NIST, SOC 2 audit-ready reports generated automatically from encryption telemetry
📜
Retrieval audit log: every document access with timestamp, namespace, and policy result. No encrypted content exposed.
📜
Technical documentation: FHE-encrypted inference description serves as the Article 11 cybersecurity measure documentation
NIST RMF GV-6.1 ISO 42001 §8.4 EU AI Act Art. 11 GDPR Art. 25 GDPR Art. 35
Mirror Security · AgentIQ
Runtime guardrails and monitoring
📜
Per-request classification event stream: PII detected, injection detected with type, hallucination score, toxicity score, refusal classification
📜
Rolling metric aggregates: PII rate, refusal rate, injection detection rate over 7-day and 30-day windows
📜
Chain-of-thought integrity classification supporting output explainability
NIST RMF MS-2.7 ISO 42001 §9.1 EU AI Act Art. 12 EU AI Act Art. 13 GDPR Art. 22
Mirror Security · DiscoveR
Continuous adversarial testing
📜
Scan result set: per-category pass rates, timestamps, scan metadata. Serves as cybersecurity robustness documentation for Article 15 and NIST RMF MEASURE
📜
Correlation_id scan chain: links baseline, incident, post-fix scans for continual improvement evidence (ISO 42001 clause 10)
📜
Risk surface report: initial assessment of attack categories, severity ratings, and recommended treatment
NIST RMF MS-2.5 NIST RMF MS-2.6 ISO 42001 §9.1 ISO 42001 §10 EU AI Act Art. 9 EU AI Act Art. 15
Mirror Security · AgentID
Agent identity and access control
📜
Token issuance and delegation audit log: every capability token issued, with agent instance, delegated principal, policy ID, scope, and expiry
📜
Gateway enforcement log: every access decision with scope check result, constraint evaluation, and timestamp
📜
Token policy registry: documents which capabilities are permitted per agent role, serving as access governance documentation
NIST RMF GV-1.1 ISO 42001 §8.5.2 EU AI Act Art. 14 GDPR Art. 30

Section 11

Master compliance map

The table below is a single reference showing coverage across all three frameworks for each compliance area. Use this as your starting point for a compliance gap analysis: each row where your current posture differs from the Mirror coverage column is a gap to address.

ISO 42001 clause What the auditor wants to see Mirror evidence artifact
6.1.2
Risk treatment		 Documented AI risk treatment plan with selected controls and rationale DiscoveR initial scan identifies risk surface; E3 playbooks document treatment per incident type
8.4
AI system risk assessment		 Documented assessment of security and privacy risks for each AI system in scope, with technical controls described VectaX encrypted inference description; AgentID access control policy; DiscoveR adversarial scan results as security assessment evidence
8.5.1
Transparency to stakeholders		 Records of how AI systems communicate their nature and limitations to users AgentIQ chain-of-thought classification log documents model transparency; refusal records document limitation communication
8.5.2
Human review of AI decisions		 Documented process for human review of AI decisions with significant impact AgentID capability-scoped tokens as the technical human oversight mechanism; delegation chain audit log as human review record
9.1
Monitoring results		 Evidence that monitoring occurred: what was measured, when, and what results were found AgentIQ rolling metrics (PII rate, refusal rate, injection rate) as documented measurement results; DiscoveR scheduled scan results with timestamps
10.1
Continual improvement		 Evidence that the AI management system is being improved in response to nonconformities DiscoveR correlation_id scan chain shows before-and-after improvement; E3 incident PIR documents corrective action
Article Obligation Mirror evidence source
Art. 9
Risk management system		 Continuous risk management throughout the AI lifecycle. Identify and analyse known and reasonably foreseeable risks. Evaluate risks following market deployment. Adopt risk mitigation measures. DiscoveR continuous adversarial testing; E2 monitoring layer; E3 incident playbook as documented risk response
Art. 10
Data governance		 Training, validation, and testing data must meet quality criteria. Practices must address relevant biases. Data must be relevant, representative, and free from errors as far as possible. DiscoveR bias and toxicity category scan results; evaluation framework validates model output against expected standards
Art. 11
Technical documentation		 Technical documentation drawn up before the system is placed on the market. Must allow authorities to assess compliance. Includes system description, performance metrics, and security measures. DiscoveR scan history as security measure documentation; VectaX compliance artifact generation; AgentID access policy documentation
Art. 12
Record-keeping and logging		 Logging capabilities must automatically capture events during operation. Logs must be retained for the period specified by the relevant NCA (minimum national authority retention). Logs must be accessible to deployers for post-market monitoring. AgentIQ per-request classification event stream; AgentID immutable audit log with timestamps; VectaX retrieval audit log
Art. 13
Transparency to deployers		 High-risk AI systems must be sufficiently transparent to deployers to enable them to interpret outputs and use the system appropriately. Instructions for use must be provided. AgentIQ output classification scores provide output interpretability; chain-of-thought classification supports explainability
Art. 14
Human oversight		 High-risk AI systems must allow natural persons to oversee, understand, and override the system's functioning. Must be able to intervene or halt the system. Must not be subject to automation bias. AgentID capability-scoped tokens technically bound what agents can do; token revocation implements the halt function; delegation chain provides the oversight lineage
Art. 15
Accuracy, robustness, cybersecurity		 High-risk AI systems must achieve appropriate levels of accuracy. Must be resilient against attempts to alter their use or performance by third parties exploiting vulnerabilities. Cybersecurity measures must be documented. DiscoveR adversarial scan results directly evidence cybersecurity robustness; injection, jailbreak, and data extraction category pass rates are the Art. 15 evidence
Compliance area NIST AI RMF ISO 42001 EU AI Act Mirror product Coverage
Encrypted inference GV-6.1 8.4 Art. 11, Art. 15 VectaX Direct
Data protection by design GV-6.1 8.4 Art. 10 VectaX Direct
Cybersecurity robustness testing MS-2.5, MS-2.6 9.1 Art. 9, Art. 15 DiscoveR Direct
Continual improvement evidence MG-3.1, MG-4.1 10.1 Art. 9 DiscoveR Direct
Automated logging of AI events MS-2.7 9.1 Art. 12 AgentIQ AgentID Direct
Human oversight mechanism GV-2 8.5.2 Art. 14 AgentID Direct
Output explainability and transparency MS-2.7 8.5.1 Art. 13 AgentIQ Partial
Access governance documentation GV-1.1, GV-2 6.1, 8.5 Art. 14 AgentID Direct
AI system risk metrics (ongoing) MS-2.5 9.1 Art. 9 AgentIQ DiscoveR Direct
Incident response documentation MG-3.1 10.1 Art. 9 E3 playbooks Partial
Training data bias assessment MS-2.6 8.4 Art. 10 DiscoveR Partial
DPIA technical measures GV-6.1 8.4 GDPR Art. 35 VectaX Direct

Section 12

Sovereign AI compliance

Regulated sectors (healthcare, finance, government) face a compliance challenge that goes beyond the three frameworks above. They must satisfy sectoral regulations (HIPAA, PCI-DSS, financial services supervision) that were not written for AI but apply to AI systems processing regulated data. The common thread across all of them: data must not be exposed in plaintext during processing.

In February 2026, Mirror Security announced production availability of GPU-Accelerated Fully Homomorphic Encryption for regulated workloads using NVIDIA CUDA, cuBLAS, NeMo, and TensorRT-LLM. This addressed what Mirror Security CEO Pankaj Thapa described as the core problem: "Sovereignty isn't about where your data lives. It's about controlling what happens to it when your intelligence runs."

Traditional AI systems must decrypt sensitive data during inference, creating a vulnerability window that violates the letter and spirit of most sectoral regulations. Healthcare AI must not expose PHI even during computation. Financial AI must not expose transaction data to the inference infrastructure. Government AI must not expose classified or sensitive information to cloud operators.

The compliance framing for each sector differs, but the technical solution is the same: encrypted inference using FHE so the computation layer never sees plaintext data. VectaX's GDPR-compliant compliance artifact generation maps this technical control directly to GDPR Article 25 (data protection by design), HIPAA's technical safeguard requirements, and EU AI Act Article 15's cybersecurity provisions.

Sector Relevant regulation Compliance requirement VectaX addresses Healthcare HIPAA Technical safeguards: access controls, encryption, and audit controls for ePHI. Encryption of ePHI in transmission and at rest is addressable; encryption during computation was previously unaddressed. FHE-encrypted inference ensures ePHI is not exposed in plaintext during AI computation. Retrieval audit log satisfies audit control requirement. Financial services PCI-DSS, SOC 2 Cardholder data must be protected throughout processing. Render data unreadable anywhere it is stored or processed. SOC 2 Trust Service Criteria for confidentiality during processing. VectaX automated PCI-DSS compliance artifact generation. FHE ensures financial data is not exposed to inference infrastructure operators. Government NIST SP 800-53, FedRAMP SC-28 (protection of information at rest), SC-8 (transmission confidentiality), and increasingly SC-8 analogues for data in use. FedRAMP Moderate and High baselines require cryptographic protection of data in use for covered systems. FHE provides cryptographic protection of data in use at the computation layer. VectaX NIST compliance report maps to SP 800-53 controls directly. Multi-jurisdiction GDPR + EU AI Act + ISO 42001 Data protection by design (GDPR Art. 25), encrypted inference for high-risk AI (EU AI Act Art. 15), operational privacy control (ISO 42001 clause 8.4). One VectaX deployment satisfies all three simultaneously. Compliance artifacts mapped to each framework generated automatically.
📋 Mirror Blog · Mirror Security Advances Encrypted AI Inference with NVIDIA Accelerated Computing 📋 Mirror Blog · Sovereignty Without Verifiable Inference Is a Mirage

Section 13

Frequently asked questions

What are the four core functions of NIST AI RMF?

GOVERN establishes organisational context: policies, accountability structures, risk tolerance, and the roles responsible for AI risk decisions. MAP identifies AI risks and places systems into context: what the system does, who it affects, and what harms are plausible. MEASURE evaluates AI risks quantitatively and qualitatively: testing for bias, robustness, safety, and security using defined metrics. MANAGE addresses identified risks: applying controls, prioritising mitigations, tracking residual risk, and maintaining response plans. The four functions are applied iteratively, not in a one-time sequence.

What is ISO 42001 and who needs it?

ISO 42001:2023 is the international standard for AI management systems. It defines requirements for organisations that develop, provide, or use AI systems, covering governance, risk management, documentation, and continual improvement. Structured like ISO 27001, it is certifiable by accredited third-party auditors. Organisations in regulated sectors increasingly need it to demonstrate responsible AI governance. The most common certification gaps are in clause 8.4 (operational risk assessment with documented technical controls) and clause 9.1 (monitoring with documented measurement results). DiscoveR scan results and AgentIQ event logs directly address both gaps.

What are the EU AI Act risk tiers?

Unacceptable risk: prohibited practices including social scoring, real-time biometric surveillance in public spaces, and AI that exploits psychological vulnerabilities. High risk: AI in critical infrastructure, education, employment, essential services, law enforcement, migration, justice, and certain medical devices. Full obligations apply before deployment. Limited risk: transparency obligation only (disclose AI interaction). Minimal risk: no mandatory requirements. The EU AI Act applies to anyone providing or using AI systems that affect EU residents, regardless of where the provider is based.

What is a DPIA and when does it apply to AI?

A Data Protection Impact Assessment (DPIA) is mandatory under GDPR Article 35 when processing is likely to result in high risk to the rights and freedoms of natural persons. For AI systems, a DPIA is required when the system uses automated decision-making with legal or similarly significant effects, performs large-scale systematic monitoring, or processes special categories of data (health, biometric, racial or ethnic origin). The DPIA must document the technical measures taken to address identified risks. VectaX's FHE-encrypted inference directly addresses the inference-gap risk item that must appear in any DPIA for an AI system processing personal data.

How do Mirror Security products map to EU AI Act high-risk obligations?

Article 9 risk management system: DiscoveR continuous adversarial testing plus E2 monitoring. Article 10 data governance: DiscoveR bias and toxicity scan results. Article 11 technical documentation: DiscoveR scan history plus VectaX compliance artifact generation. Article 12 logging: AgentIQ per-request event stream plus AgentID audit log. Article 13 transparency: AgentIQ chain-of-thought classification. Article 14 human oversight: AgentID capability-scoped tokens as the technical human oversight mechanism, with token revocation as the halt function. Article 15 accuracy, robustness, and cybersecurity: DiscoveR adversarial scan results are the direct evidence for this Article.

Next: Module E5 of 5

AI as an Attack Tool: Adversarial AI and AI-Powered Threats

How attackers use AI to scale phishing, generate malware, automate vulnerability research, and conduct social engineering at machine speed. Defences for AI-powered threat actors and what DiscoveR red teaming reveals about your exposure.