Module 9: Robustness & Cybersecurity Module 9 documents the AI-specific threat assessment, cybersecurity controls, ISO/IEC 27001 status, penetration testing results, adversarial testing programme, cross-regulatory mapping (CRA, NIS2, DORA; Articles 348–355), and the incident response plan. Article 15(4) requires cybersecurity solutions “appropriate to the relevant circumstances and the risks”; the measures documented in Module 9 are therefore calibrated to the system’s specific threat profile rather than applied as a uniform checklist. Key outputs

• AI threat assessment and cybersecurity controls
• Penetration and adversarial testing results
• Cross-regulatory mapping and incident response