Authors: Francesco Gualtieri, Anna Pomortseva (EOS)
The European Union has taken a historic step by adopting the Artificial Intelligence Act, the world’s first comprehensive legal framework for AI. This landmark regulation reflects the EU’s ambition to lead not only in innovation but also in setting global standards for ethical, human-centric, and secure AI.
As artificial intelligence becomes increasingly embedded in critical sectors (from healthcare and transportation to justice and public administration) it brings with it not only immense opportunities, but also significant risks related to cybersecurity. The safe and trustworthy deployment of AI systems cannot be achieved without addressing these security challenges head-on.1
AI and Cybersecurity
As AI systems become increasingly embedded in critical business functions and public services, cybersecurity is no longer optional — it is foundational. From predictive algorithms in healthcare to AI-driven decision tools in finance and public safety, any compromise in the integrity, confidentiality, or availability of these systems can lead to real-world harm and reputational damage.
The AI Act explicitly recognizes this risk. For high-risk AI applications, the regulation imposes mandatory requirements related to:
- Robust cybersecurity and resilience against attacks and data manipulation.
- Traceability and transparency to detect and respond to anomalies.
- Risk management frameworks to assess potential vulnerabilities throughout the AI system’s lifecycle.
This regulatory alignment is not just about compliance. It reflects a broader shift: AI security is becoming a key differentiator in competitive markets, especially in B2B sectors where enterprise buyers demand reliability, accountability, and strong data governance.
In this context, investing in secure-by-design AI is not a cost center — it is a strategic asset that strengthens brand trust, reduces exposure to liability, and supports scalable innovation.2
Strengthening Sectoral Cybersecurity
Among the sectors most impacted by AI regulation, healthcare stands out—not only for the sensitivity of the data involved, but also for the critical nature of decision-making powered by AI. In this environment, cybersecurity becomes a non-negotiable element of both patient safety and regulatory compliance.
To address this, the EU is reinforcing the role of ENISA, the European Union Agency for Cybersecurity, with a proposed mandate to support and safeguard the cybersecurity of AI systems in the health sector. This includes:
- Developing sector-specific guidelines for secure AI deployment in hospitals and clinical environments.
- Supporting incident response capabilities for AI-driven health platforms.
- Promoting cross-border collaboration to ensure harmonized standards and threat intelligence across Member States.
For businesses operating in the health tech ecosystem, this is a signal that cybersecurity will be closely scrutinized — and those who lead in secure innovation will be better positioned for public contracts, partnerships, and patient trust.
By integrating technical standards and cybersecurity assurance into sectoral strategies, the EU is not only mitigating risks but building a framework for sustainable growth in AI-powered healthcare.3
Trustworthy AI
Contrary to the notion that regulation slows innovation, the AI Act positions trust as a competitive advantage. By setting clear rules and accountability standards, the EU is creating a predictable legal environment where businesses can innovate with confidence.
This vision of trustworthy AI is not abstract — it is already being realized in projects like AI4CYBER, where explainability, fairness and security are built into the model development to improve the model trustworthiness.
For example, the TRUST4AI.xAI component, developed by ITTI, enhances transparency and interpretability in AI-driven cybersecurity. Addressing the “black box” challenge in AI, TRUST4AI.xAI provides a user-friendly dashboard for visualizing decisions, integrates external AI models through open protocols (REST APIs, WebSockets), and introduces novel metrics such as ARIA, HaRIA, and GeRIA to evaluate the importance and reliability of features used by AI.
Read the recent blogpost by the TRUST4AI.xAI component leader, ITTI https://ai4cyber.eu/?p=1701
Events like the AI Action Summit and strategic initiatives such as InvestAI (which aims to mobilize over €200 billion in AI-related investments) underscore the Union’s intent: to accelerate the development of AI that is not only powerful, but also safe, ethical, and aligned with European values.
This vision of trustworthy AI is built around several key pillars:
- Human oversight and auditability of AI decision-making processes
- Transparency and documentation across the AI lifecycle
- Built-in risk management and robustness against manipulation or misuse
For companies, especially SMEs and startups, this translates into a clearer path to market and stronger access to funding, procurement, and cross-border scalability.
In other words, compliance is no longer just about avoiding fines — it’s about building trust at scale, unlocking new markets, and attracting customers and partners who value security, transparency, and long-term reliability.4
Language Inclusivity and Digital Sovereignty
A truly sovereign and inclusive AI ecosystem must reflect the linguistic and cultural diversity of Europe. That’s why the EU is actively supporting projects that open Large Language Models (LLMs) to all European languages, reducing dependence on non-European platforms and promoting technological autonomy.
This isn’t just a cultural or ethical goal—it’s a strategic move. Most of today’s dominant AI models are trained primarily on English-language data and are built and hosted by non-European tech giants. This creates black box risks, from opaque decision-making to potential vulnerabilities in data handling and cybersecurity.
By investing in multilingual, transparent, and open-source AI infrastructure, Europe is:
- Enhancing access and inclusion for all citizens and businesses, regardless of language
- Reducing technological lock-in and data sovereignty risks
- Improving security, explainability, and auditability of AI systems deployed in public and private sectors
For European businesses, this push translates into greater control over data governance, compliance-ready solutions, and the ability to develop AI that is truly adapted to the regional market—both linguistically and legally.
These efforts are a cornerstone of the EU’s digital strategy: sovereign, secure, and future-ready AI.5
As the AI Act begins to take effect, aligning cybersecurity and innovation will be essential for Europe’s digital future. For business leaders and policymakers, this is a moment to act — not just to comply, but to lead in shaping a resilient, competitive, and trustworthy AI ecosystem.